From d6700c706e5c45a93599ddf89902c60581ff7513 Mon Sep 17 00:00:00 2001 From: Philip Molloy Date: Fri, 28 Feb 2025 17:41:34 +0100 Subject: [PATCH 001/254] README: Remove hardcoded list of architectures --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 053c3e7fb..0ecffbde0 100644 --- a/README.md +++ b/README.md @@ -180,7 +180,8 @@ The following image types are currently available via the `--type` argument: Specify the target architecture of the system on which the disk image will be installed on. By default, `bootc-image-builder` will build for the native host architecture. The target architecture must match an available architecture of the `bootc-image-builder` image you are using to build the disk image. -Currently, `amd64` and `arm64` are included in `quay.io/centos-bootc/bootc-image-builder` manifest list. +Navigate to the [centos-image-builder repository tags page](https://quay.io/repository/centos-bootc/bootc-image-builder?tab=tags) +and hover over the Tux icons to see the supported target architectures. The architecture of the bootc OCI image and the bootc-image-builder image must match. For example, when building a non-native architecture bootc OCI image, say, building for x86_64 from an arm-based Mac, it is possible to run `podman build` with the `--platform linux/amd64` flag. In this case, to then build a disk image from the same arm-based Mac, From ece784b60c5ce7a74bf7e59ce2a1288f422e64d9 Mon Sep 17 00:00:00 2001 From: Wei Shi Date: Sun, 2 Mar 2025 16:22:38 +0800 Subject: [PATCH 002/254] Drop JAVA_COMMUNITY_DEPENDENCIES Signed-off-by: Wei Shi --- .tekton/bootc-image-builder-pull-request.yaml | 3 --- .tekton/bootc-image-builder-push.yaml | 3 --- 2 files changed, 6 deletions(-) diff --git a/.tekton/bootc-image-builder-pull-request.yaml b/.tekton/bootc-image-builder-pull-request.yaml index 2ff80f863..0f31873f4 100644 --- a/.tekton/bootc-image-builder-pull-request.yaml +++ b/.tekton/bootc-image-builder-pull-request.yaml @@ -134,9 +134,6 @@ spec: - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository-amd64.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container-amd64.results.JAVA_COMMUNITY_DEPENDENCIES) tasks: - name: init params: diff --git a/.tekton/bootc-image-builder-push.yaml b/.tekton/bootc-image-builder-push.yaml index a69fcdf82..999060c6e 100644 --- a/.tekton/bootc-image-builder-push.yaml +++ b/.tekton/bootc-image-builder-push.yaml @@ -131,9 +131,6 @@ spec: - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository-amd64.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container-amd64.results.JAVA_COMMUNITY_DEPENDENCIES) tasks: - name: init params: From 55c9cc8a88dc245cd1ec51599367da82924b2a7d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Mar 2025 04:53:42 +0000 Subject: [PATCH 003/254] build(deps): bump the go-deps group across 1 directory with 2 updates Bumps the go-deps group with 2 updates in the /bib directory: [github.com/cheggaaa/pb/v3](https://github.com/cheggaaa/pb) and [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/cheggaaa/pb/v3` from 3.1.6 to 3.1.7 - [Commits](https://github.com/cheggaaa/pb/compare/v3.1.6...v3.1.7) Updates `github.com/osbuild/images` from 0.120.0 to 0.121.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.120.0...v0.121.0) --- updated-dependencies: - dependency-name: github.com/cheggaaa/pb/v3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/osbuild/images dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 4 ++-- bib/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 408e28121..2b6f9747e 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -4,10 +4,10 @@ go 1.22.8 require ( github.com/BurntSushi/toml v1.4.0 - github.com/cheggaaa/pb/v3 v3.1.6 + github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/mattn/go-isatty v0.0.20 - github.com/osbuild/images v0.120.0 + github.com/osbuild/images v0.121.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 diff --git a/bib/go.sum b/bib/go.sum index ee68d2c7b..7b091887a 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -27,8 +27,8 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cheggaaa/pb/v3 v3.1.6 h1:h0x+vd7EiUohAJ29DJtJy+SNAc55t/elW3jCD086EXk= -github.com/cheggaaa/pb/v3 v3.1.6/go.mod h1:urxmfVtaxT+9aWk92DbsvXFZtNSWQSO5TRAp+MJ3l1s= +github.com/cheggaaa/pb/v3 v3.1.7 h1:2FsIW307kt7A/rz/ZI2lvPO+v3wKazzE4K/0LtTWsOI= +github.com/cheggaaa/pb/v3 v3.1.7/go.mod h1:/Ji89zfVPeC/u5j8ukD0MBPHt2bzTYp74lQ7KlgFWTQ= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= @@ -232,8 +232,8 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/osbuild/images v0.120.0 h1:6zXCp59AG03qajZlg/GJ07Fr4E6z5qaZshOuWgAse7g= -github.com/osbuild/images v0.120.0/go.mod h1:Ag87vmyxooiPQBJEDILbypG8/SRIear75YA78NwLix0= +github.com/osbuild/images v0.121.0 h1:urGJ1/RqSmJQ7tq4YPtc3phCI3EJP/i4epHkD50LlCQ= +github.com/osbuild/images v0.121.0/go.mod h1:Ag87vmyxooiPQBJEDILbypG8/SRIear75YA78NwLix0= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 21a39d1cb6fc76b9b04465f969ee3bfd50962dbd Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 17 Feb 2025 17:21:24 +0100 Subject: [PATCH 004/254] bib: add support for file/directory customizations This commit adds support for files/directories in blueprint customizations. This needs https://github.com/osbuild/images/pull/1227 Closes: https://github.com/osbuild/bootc-image-builder/issues/834 --- bib/cmd/bootc-image-builder/image.go | 22 ++++++++++++ bib/cmd/bootc-image-builder/image_test.go | 36 +++++++++++++++++++ bib/cmd/bootc-image-builder/main_test.go | 34 +++++++++--------- test/test_manifest.py | 43 +++++++++++++++++++++++ 4 files changed, 119 insertions(+), 16 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index a6b1858a3..5c86fb5d4 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -22,6 +22,7 @@ import ( "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/pathpolicy" "github.com/osbuild/images/pkg/platform" + "github.com/osbuild/images/pkg/policies" "github.com/osbuild/images/pkg/rpmmd" "github.com/osbuild/images/pkg/runner" "github.com/sirupsen/logrus" @@ -380,6 +381,27 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest } img.PartitionTable = pt + // Check Directory/File Customizations are valid + dc := customizations.GetDirectories() + fc := customizations.GetFiles() + if err := blueprint.ValidateDirFileCustomizations(dc, fc); err != nil { + return nil, err + } + if err := blueprint.CheckDirectoryCustomizationsPolicy(dc, policies.OstreeCustomDirectoriesPolicies); err != nil { + return nil, err + } + if err := blueprint.CheckFileCustomizationsPolicy(fc, policies.OstreeCustomFilesPolicies); err != nil { + return nil, err + } + img.Files, err = blueprint.FileCustomizationsToFsNodeFiles(fc) + if err != nil { + return nil, err + } + img.Directories, err = blueprint.DirectoryCustomizationsToFsNodeDirectories(dc) + if err != nil { + return nil, err + } + // For the bootc-disk image, the filename is the basename and the extension // is added automatically for each disk format img.Filename = "disk" diff --git a/bib/cmd/bootc-image-builder/image_test.go b/bib/cmd/bootc-image-builder/image_test.go index b92255cb0..f8e189535 100644 --- a/bib/cmd/bootc-image-builder/image_test.go +++ b/bib/cmd/bootc-image-builder/image_test.go @@ -15,6 +15,7 @@ import ( "github.com/osbuild/images/pkg/runner" bib "github.com/osbuild/bootc-image-builder/bib/cmd/bootc-image-builder" + "github.com/osbuild/bootc-image-builder/bib/internal/buildconfig" "github.com/osbuild/bootc-image-builder/bib/internal/source" ) @@ -680,3 +681,38 @@ func TestGenPartitionTableDiskCustomizationSizes(t *testing.T) { }) } } + +func TestManifestFilecustomizationsSad(t *testing.T) { + config := getBaseConfig() + config.ImageTypes = []string{"qcow2"} + config.Config = &buildconfig.BuildConfig{ + Customizations: &blueprint.Customizations{ + Files: []blueprint.FileCustomization{ + { + Path: "/not/allowed", + Data: "some-data", + }, + }, + }, + } + + _, err := bib.Manifest(config) + assert.EqualError(t, err, `the following custom files are not allowed: ["/not/allowed"]`) +} + +func TestManifestDirCustomizationsSad(t *testing.T) { + config := getBaseConfig() + config.ImageTypes = []string{"qcow2"} + config.Config = &buildconfig.BuildConfig{ + Customizations: &blueprint.Customizations{ + Directories: []blueprint.DirectoryCustomization{ + { + Path: "/dir/not/allowed", + }, + }, + }, + } + + _, err := bib.Manifest(config) + assert.EqualError(t, err, `the following custom directories are not allowed: ["/dir/not/allowed"]`) +} diff --git a/bib/cmd/bootc-image-builder/main_test.go b/bib/cmd/bootc-image-builder/main_test.go index 3ff836b40..639dde392 100644 --- a/bib/cmd/bootc-image-builder/main_test.go +++ b/bib/cmd/bootc-image-builder/main_test.go @@ -196,6 +196,23 @@ func TestManifestGenerationUserConfig(t *testing.T) { } } +// Disk images require a container for the build/image pipelines +var containerSpec = container.Spec{ + Source: "test-container", + Digest: "sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd", + ImageID: "sha256:1111111111111111111111111111111111111111111111111111111111111111", +} + +// diskContainers can be passed to Serialize() to get a minimal disk image +var diskContainers = map[string][]container.Spec{ + "build": { + containerSpec, + }, + "image": { + containerSpec, + }, +} + // TODO: this tests at this layer is not ideal, it has too much knowledge // over the implementation details of the "images" library and how an // image.NewBootcDiskImage() works (i.e. what the pipeline names are and @@ -208,23 +225,8 @@ func TestManifestSerialization(t *testing.T) { // Tests that the manifest is generated without error and is serialized // with expected key stages. - // Disk images require a container for the build/image pipelines - containerSpec := container.Spec{ - Source: "test-container", - Digest: "sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd", - ImageID: "sha256:1111111111111111111111111111111111111111111111111111111111111111", - } - diskContainers := map[string][]container.Spec{ - "build": { - containerSpec, - }, - "image": { - containerSpec, - }, - } - // ISOs require a container for the bootiso-tree, build packages, and packages for the anaconda-tree (with a kernel). - isoContainers := map[string][]container.Spec{ + var isoContainers = map[string][]container.Spec{ "bootiso-tree": { containerSpec, }, diff --git a/test/test_manifest.py b/test/test_manifest.py index 32fb90ef2..57f03024f 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -779,3 +779,46 @@ def test_iso_manifest_use_librepo(build_container, use_librepo): assert "org.osbuild.librepo" in manifest["sources"] else: assert "org.osbuild.curl" in manifest["sources"] + + +def test_manifest_customization_custom_file_smoke(tmp_path, build_container): + # no need to parameterize this test, toml is the same for all containers + container_ref = "quay.io/centos-bootc/centos-bootc:stream9" + testutil.pull_container(container_ref) + + cfg = { + "blueprint": { + "customizations": { + "files": [ + { + "path": "/etc/custom_file", + "data": "hello world" + }, + ], + "directories": [ + { + "path": "/etc/custom_dir", + }, + ], + }, + }, + } + + output_path = tmp_path / "output" + output_path.mkdir(exist_ok=True) + config_json_path = output_path / "config.json" + config_json_path.write_text(json.dumps(cfg), encoding="utf-8") + + output = subprocess.check_output([ + *testutil.podman_run_common, + "-v", f"{output_path}:/output", + build_container, + "manifest", f"{container_ref}", + "--config", "/output/config.json", + ], stderr=subprocess.PIPE, encoding="utf8") + json.loads(output) + assert '"to":"tree:///etc/custom_file"' in output + assert ('{"type":"org.osbuild.mkdir","options":{"paths":' + '[{"path":"/etc/custom_dir","exist_ok":true}]},' + '"devices":{"disk":{"type":"org.osbuild.loopback"' + ',"options":{"filename":"disk.raw"') in output From e4885330d0b7c94f58746889540f0706a8fee09c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 18 Feb 2025 10:30:58 +0100 Subject: [PATCH 005/254] test: add full integration test for bp files/dirs This commit adds a full integration test for the files/dir blueprint customizations. --- test/test_build.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/test/test_build.py b/test/test_build.py index b8d367b62..f45318e07 100644 --- a/test/test_build.py +++ b/test/test_build.py @@ -358,6 +358,17 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ "kernel": { "append": kargs, }, + "files": [ + { + "path": "/etc/some-file", + "data": "some-data", + }, + ], + "directories": [ + { + "path": "/etc/some-dir", + }, + ], }, } testutil.maybe_create_filesystem_customizations(cfg, tc) @@ -529,6 +540,14 @@ def test_image_boots(image_type): else: assert_fs_customizations(image_type, test_vm) + # check file/dir customizations + exit_status, output = test_vm.run("stat /etc/some-file", user=image_type.username, password=image_type.password) + assert exit_status == 0 + assert "File: /etc/some-file" in output + _, output = test_vm.run("stat /etc/some-dir", user=image_type.username, password=image_type.password) + assert exit_status == 0 + assert "File: /etc/some-dir" in output + @pytest.mark.parametrize("image_type", gen_testcases("ami-boot"), indirect=["image_type"]) def test_ami_boots_in_aws(image_type, force_aws_upload): From 2b849c268e68dabd41d307b1ccee496053fa0c87 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sat, 1 Mar 2025 05:29:24 +0000 Subject: [PATCH 006/254] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- .tekton/bootc-image-builder-pull-request.yaml | 36 +++++++-------- .tekton/bootc-image-builder-push.yaml | 44 +++++++++---------- 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.tekton/bootc-image-builder-pull-request.yaml b/.tekton/bootc-image-builder-pull-request.yaml index 0f31873f4..8982b4a89 100644 --- a/.tekton/bootc-image-builder-pull-request.yaml +++ b/.tekton/bootc-image-builder-pull-request.yaml @@ -46,7 +46,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:8e0f8cad75e6f674d72a874385b69c4651afc0c9dcc59feffe0d85844687d852 + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1c46fdc4331ab68b925d615e9787e67382916c4ef3ec382d05bedf0cb2b2f51b - name: kind value: task resolver: bundles @@ -65,7 +65,7 @@ spec: - name: name value: summary - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:abdf426424f1331c27be80ed98a0fbcefb8422767d1724308b9d57b37f977155 + value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:716d50d6f79c119e729a41ddf4eca7ddc521dbfb32cc10c7e1ef1942da887e26 - name: kind value: task resolver: bundles @@ -154,7 +154,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:596b7c11572bb94eb67d9ffb4375068426e2a8249ff2792ce04ad2a4bc593a63 + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:6d307bd02891fea47e5b4e1a3adfaa1c9cc9760acb92c6c3be5d15992cd1fc09 - name: kind value: task resolver: bundles @@ -171,7 +171,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 - name: kind value: task resolver: bundles @@ -199,7 +199,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 - name: kind value: task resolver: bundles @@ -227,7 +227,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 - name: kind value: task resolver: bundles @@ -253,7 +253,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 - name: kind value: task resolver: bundles @@ -290,7 +290,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:6b60c1130ec0df69faa82dccbc207273936a41af5ee663c736d2977580e88626 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.4@sha256:0e022da1be692c48348e282e73f30c7e6b1f520d37fb6f985ccb2795940dbe72 - name: kind value: task resolver: bundles @@ -327,7 +327,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.2@sha256:338fd01c1b4b9aa74556718c58290e7f164730ba34e80760f1a42dc2ac771a55 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 - name: kind value: task resolver: bundles @@ -364,7 +364,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.2@sha256:338fd01c1b4b9aa74556718c58290e7f164730ba34e80760f1a42dc2ac771a55 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 - name: kind value: task resolver: bundles @@ -401,7 +401,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.2@sha256:338fd01c1b4b9aa74556718c58290e7f164730ba34e80760f1a42dc2ac771a55 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 - name: kind value: task resolver: bundles @@ -435,7 +435,7 @@ spec: - name: name value: build-image-manifest - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:399ab5004f27d7ff836f8c838b589262299e1e4bdd4670993b9d0c981b274d86 + value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:4c7ee801ca6d7dcd2f75c40dc72c2500bcb4de648d4e9f784619b12494a81b57 - name: kind value: task resolver: bundles @@ -457,7 +457,7 @@ spec: - name: name value: inspect-image - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:dd639d03487d9ee2c424bcd0118a9b07064010f40168ffb1302a54e0f584603e + value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.2@sha256:1fbf255b6303b9adf507f0c7df065c10d754a389fc587c03b414e324c10c5d8b - name: kind value: task resolver: bundles @@ -480,7 +480,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:6c389c2f670975cc0dfdd07dcb33142b1668bbfd46f6af520dd0ab736c56e7e9 + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:2ca2cb88240ae105c4404e01ba8b38cff35c0e7a83fb54c180e9fa0d222b1d49 - name: kind value: task resolver: bundles @@ -502,7 +502,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:a1bbc7354d8dc8fef41caca236bde682fc6a9230065a5537f1dc1ca4f1e39e83 + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.2@sha256:2b4000d80bf5ef8d21c708ebf2cb3182f1b91be8c463f895b13368f568383d52 - name: kind value: task resolver: bundles @@ -524,7 +524,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:91d32451e6e62d8a7b56d1ad389a1c0a45cdb7a35a4483e1f44224b0be2420df + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.3@sha256:3f2fd6bb53eb6e562ce1ee794beb081535935aa54b3c56d3ae3707ce65420923 - name: kind value: task resolver: bundles @@ -549,7 +549,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:7e99aad37178be72a799fcf1d154007346e038fcccb222f6937df4766a2810d2 + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:ed56998b7992b022c4d418d60a8e0427b50294c18c8c92776d9c1f74b1076e3d - name: kind value: task resolver: bundles @@ -571,7 +571,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:501181e78ec76a0a9083ffc275f5307ba5653a762259412bcffaeb314f13f8ec + value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:79b72c8c2a3ff3bb75e7ecaf9ed35316ec1d9ddd68568b3bf3169bee80398dc3 - name: kind value: task resolver: bundles diff --git a/.tekton/bootc-image-builder-push.yaml b/.tekton/bootc-image-builder-push.yaml index 999060c6e..b87505f59 100644 --- a/.tekton/bootc-image-builder-push.yaml +++ b/.tekton/bootc-image-builder-push.yaml @@ -43,7 +43,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:8e0f8cad75e6f674d72a874385b69c4651afc0c9dcc59feffe0d85844687d852 + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1c46fdc4331ab68b925d615e9787e67382916c4ef3ec382d05bedf0cb2b2f51b - name: kind value: task resolver: bundles @@ -62,7 +62,7 @@ spec: - name: name value: summary - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:abdf426424f1331c27be80ed98a0fbcefb8422767d1724308b9d57b37f977155 + value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:716d50d6f79c119e729a41ddf4eca7ddc521dbfb32cc10c7e1ef1942da887e26 - name: kind value: task resolver: bundles @@ -151,7 +151,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:596b7c11572bb94eb67d9ffb4375068426e2a8249ff2792ce04ad2a4bc593a63 + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:6d307bd02891fea47e5b4e1a3adfaa1c9cc9760acb92c6c3be5d15992cd1fc09 - name: kind value: task resolver: bundles @@ -168,7 +168,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 - name: kind value: task resolver: bundles @@ -196,7 +196,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 - name: kind value: task resolver: bundles @@ -224,7 +224,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 - name: kind value: task resolver: bundles @@ -250,7 +250,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 - name: kind value: task resolver: bundles @@ -275,7 +275,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:610ba9e81465fdc5456ed2846503c6cb6f38413d1211e5c63ba152fd1ff2c3ee + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:79abdddffcca0fb71374ab6118e07cc55468252bed6f38b1ae6d81eac3ef71e0 - name: kind value: task resolver: bundles @@ -298,7 +298,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:610ba9e81465fdc5456ed2846503c6cb6f38413d1211e5c63ba152fd1ff2c3ee + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:79abdddffcca0fb71374ab6118e07cc55468252bed6f38b1ae6d81eac3ef71e0 - name: kind value: task resolver: bundles @@ -321,7 +321,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:610ba9e81465fdc5456ed2846503c6cb6f38413d1211e5c63ba152fd1ff2c3ee + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:79abdddffcca0fb71374ab6118e07cc55468252bed6f38b1ae6d81eac3ef71e0 - name: kind value: task resolver: bundles @@ -344,7 +344,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:610ba9e81465fdc5456ed2846503c6cb6f38413d1211e5c63ba152fd1ff2c3ee + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:79abdddffcca0fb71374ab6118e07cc55468252bed6f38b1ae6d81eac3ef71e0 - name: kind value: task resolver: bundles @@ -379,7 +379,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:6b60c1130ec0df69faa82dccbc207273936a41af5ee663c736d2977580e88626 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.4@sha256:0e022da1be692c48348e282e73f30c7e6b1f520d37fb6f985ccb2795940dbe72 - name: kind value: task resolver: bundles @@ -416,7 +416,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.2@sha256:338fd01c1b4b9aa74556718c58290e7f164730ba34e80760f1a42dc2ac771a55 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 - name: kind value: task resolver: bundles @@ -453,7 +453,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.2@sha256:338fd01c1b4b9aa74556718c58290e7f164730ba34e80760f1a42dc2ac771a55 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 - name: kind value: task resolver: bundles @@ -490,7 +490,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.2@sha256:338fd01c1b4b9aa74556718c58290e7f164730ba34e80760f1a42dc2ac771a55 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 - name: kind value: task resolver: bundles @@ -524,7 +524,7 @@ spec: - name: name value: build-image-manifest - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:399ab5004f27d7ff836f8c838b589262299e1e4bdd4670993b9d0c981b274d86 + value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:4c7ee801ca6d7dcd2f75c40dc72c2500bcb4de648d4e9f784619b12494a81b57 - name: kind value: task resolver: bundles @@ -546,7 +546,7 @@ spec: - name: name value: inspect-image - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:dd639d03487d9ee2c424bcd0118a9b07064010f40168ffb1302a54e0f584603e + value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.2@sha256:1fbf255b6303b9adf507f0c7df065c10d754a389fc587c03b414e324c10c5d8b - name: kind value: task resolver: bundles @@ -569,7 +569,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:6c389c2f670975cc0dfdd07dcb33142b1668bbfd46f6af520dd0ab736c56e7e9 + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:2ca2cb88240ae105c4404e01ba8b38cff35c0e7a83fb54c180e9fa0d222b1d49 - name: kind value: task resolver: bundles @@ -591,7 +591,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:a1bbc7354d8dc8fef41caca236bde682fc6a9230065a5537f1dc1ca4f1e39e83 + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.2@sha256:2b4000d80bf5ef8d21c708ebf2cb3182f1b91be8c463f895b13368f568383d52 - name: kind value: task resolver: bundles @@ -613,7 +613,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:91d32451e6e62d8a7b56d1ad389a1c0a45cdb7a35a4483e1f44224b0be2420df + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.3@sha256:3f2fd6bb53eb6e562ce1ee794beb081535935aa54b3c56d3ae3707ce65420923 - name: kind value: task resolver: bundles @@ -638,7 +638,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:7e99aad37178be72a799fcf1d154007346e038fcccb222f6937df4766a2810d2 + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:ed56998b7992b022c4d418d60a8e0427b50294c18c8c92776d9c1f74b1076e3d - name: kind value: task resolver: bundles @@ -660,7 +660,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:501181e78ec76a0a9083ffc275f5307ba5653a762259412bcffaeb314f13f8ec + value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:79b72c8c2a3ff3bb75e7ecaf9ed35316ec1d9ddd68568b3bf3169bee80398dc3 - name: kind value: task resolver: bundles From e3be21865827f51c2af57c22eccfb671640426ca Mon Sep 17 00:00:00 2001 From: Liora Milbaum Date: Sun, 15 Dec 2024 07:17:02 +0200 Subject: [PATCH 007/254] Do not trigger push pipeline if only tekton files are updated --- .tekton/bootc-image-builder-push.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.tekton/bootc-image-builder-push.yaml b/.tekton/bootc-image-builder-push.yaml index b87505f59..9da0ef0a9 100644 --- a/.tekton/bootc-image-builder-push.yaml +++ b/.tekton/bootc-image-builder-push.yaml @@ -7,8 +7,7 @@ metadata: build.appstudio.redhat.com/target_branch: "{{target_branch}}" pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: - event == "push" && target_branch - == "main" + event == "push" && target_branch == "main" && files.all.exists(x,!x.startsWith(".tekton/")) creationTimestamp: null labels: appstudio.openshift.io/application: bootc-image-builder From 24ffc3a8dcd8dacf9866c5a216da884ab7cd5057 Mon Sep 17 00:00:00 2001 From: Evan Date: Sun, 13 Oct 2024 13:18:47 -0500 Subject: [PATCH 008/254] Update README.md Add clarity about how when using a kickstart customization, other customization blocks are not supported. This is discussed here: https://github.com/osbuild/bootc-image-builder/issues/528 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0ecffbde0..dde86a80d 100644 --- a/README.md +++ b/README.md @@ -443,7 +443,8 @@ The `rootfs` option (or source container config, see [Detailed description of op ### Anaconda ISO (installer) options (`installer`, mapping) -Users can include kickstart file content that will be added to an ISO build to configure the installation process. +Users can include kickstart file content that will be added to an ISO build to configure the installation process. When using custom kickstart scripts the customization needs to be done via the custom kickstart script. For example using a `[customizations.user]` block alongside a `[customizations.installer.kickstart]` block is not supported. See this issue [https://github.com/osbuild/bootc-image-builder/issues/528] for additional detail. + Since multi-line strings are difficult to write and read in json, it's easier to use the toml format when adding kickstart contents: ```toml From 84bbc0ea698d88bf3b7346c05360b278d503707e Mon Sep 17 00:00:00 2001 From: Isaac Beverly Date: Tue, 11 Mar 2025 12:39:36 -0500 Subject: [PATCH 009/254] Add Aurora Helium to definitions --- bib/data/defs/aurora-helium-10.yaml | 1 + 1 file changed, 1 insertion(+) create mode 120000 bib/data/defs/aurora-helium-10.yaml diff --git a/bib/data/defs/aurora-helium-10.yaml b/bib/data/defs/aurora-helium-10.yaml new file mode 120000 index 000000000..31ce3eb13 --- /dev/null +++ b/bib/data/defs/aurora-helium-10.yaml @@ -0,0 +1 @@ +centos-10.yaml \ No newline at end of file From 77f5e55993ada107ddeefacedbbd7652561bb8da Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 20 Mar 2025 16:14:53 +0100 Subject: [PATCH 010/254] bib: update toml lib to v1.5.0 This release includes a fix for the issue that custom unmarshaled toml was marked in the metadata as "Undecoded()" [0]. With that we can enable strict checking for blueprint configuration again. [0] https://github.com/burntSushi/toml/issues/425 --- bib/go.mod | 2 +- bib/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bib/go.mod b/bib/go.mod index 2b6f9747e..2d057a4a0 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -3,7 +3,7 @@ module github.com/osbuild/bootc-image-builder/bib go 1.22.8 require ( - github.com/BurntSushi/toml v1.4.0 + github.com/BurntSushi/toml v1.5.0 github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/mattn/go-isatty v0.0.20 diff --git a/bib/go.sum b/bib/go.sum index 7b091887a..c5d5c4930 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -8,6 +8,8 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg6 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= +github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg= From c4c3470691d84300aa5fabf948964a6f40e05eda Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 20 Mar 2025 16:13:08 +0100 Subject: [PATCH 011/254] Revert "buildconfig: disable tests for undecoded keys for now" This reverts the relevant parts of commit f2ecdecc5f303fc88f10db96d091ca93738a3567. --- bib/internal/buildconfig/config.go | 6 +++++- bib/internal/buildconfig/config_test.go | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/bib/internal/buildconfig/config.go b/bib/internal/buildconfig/config.go index 1ad3fb8de..a146bf1fb 100644 --- a/bib/internal/buildconfig/config.go +++ b/bib/internal/buildconfig/config.go @@ -59,11 +59,15 @@ func decodeTomlBuildConfig(r io.Reader, what string) (*BuildConfig, error) { dec := toml.NewDecoder(r) var conf BuildConfig - _, err := dec.Decode(&conf) + metadata, err := dec.Decode(&conf) if err != nil { return nil, fmt.Errorf("cannot decode %q: %w", what, err) } + if len(metadata.Undecoded()) > 0 { + return nil, fmt.Errorf("cannot decode %q: unknown keys found: %v", what, metadata.Undecoded()) + } + return &conf, nil } diff --git a/bib/internal/buildconfig/config_test.go b/bib/internal/buildconfig/config_test.go index aa56a6738..f720b0368 100644 --- a/bib/internal/buildconfig/config_test.go +++ b/bib/internal/buildconfig/config_test.go @@ -134,6 +134,16 @@ func TestReadLegacyJSONConfig(t *testing.T) { assert.Equal(t, expectedBuildConfig, cfg) } +func TestTomlUnknownKeysError(t *testing.T) { + fakeUserCnfPath := makeFakeConfig(t, "config.toml", ` +[[birds]] +name = "toucan" +`) + _, err := buildconfig.ReadWithFallback(fakeUserCnfPath) + + assert.ErrorContains(t, err, "unknown keys found: [birds birds.name]") +} + func TestJsonUnknownKeysError(t *testing.T) { fakeUserCnfPath := makeFakeConfig(t, "config.json", ` { From 7dd9beaaf1019b7830d530d65d6bef220624a61f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 17 Feb 2025 09:46:19 +0100 Subject: [PATCH 012/254] main: switch to librepo by default When building the anaconda-iso from centos or fedora there is a high chance to hit a bad mirror. The libcurl method is not able to fallback to different mirrors so the user experience is bad. Switch to librepo by default therefore. Closes: https://github.com/osbuild/bootc-image-builder/issues/835 --- bib/cmd/bootc-image-builder/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 6bfeaaad7..6c9e387ce 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -656,7 +656,7 @@ func buildCobraCmdline() (*cobra.Command, error) { return nil, fmt.Errorf("cannot hide 'local' :%w", err) } manifestCmd.Flags().String("rootfs", "", "Root filesystem type. If not given, the default configured in the source container image is used.") - manifestCmd.Flags().Bool("use-librepo", false, "(experimenal) switch to librepo for pkg download, needs new enough osbuild") + manifestCmd.Flags().Bool("use-librepo", true, "switch to librepo for pkg download, needs new enough osbuild") // --config is only useful for developers who run bib outside // of a container to generate a manifest. so hide it by // default from users. From f2c16ad712d6fcc38ce9e4778fb2a781b6523cea Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 28 Mar 2025 16:09:26 +0100 Subject: [PATCH 013/254] Reapply "buildconfig: disable tests for undecoded keys for now" This reverts commit c4c3470691d84300aa5fabf948964a6f40e05eda. --- bib/internal/buildconfig/config.go | 6 +----- bib/internal/buildconfig/config_test.go | 10 ---------- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/bib/internal/buildconfig/config.go b/bib/internal/buildconfig/config.go index a146bf1fb..1ad3fb8de 100644 --- a/bib/internal/buildconfig/config.go +++ b/bib/internal/buildconfig/config.go @@ -59,15 +59,11 @@ func decodeTomlBuildConfig(r io.Reader, what string) (*BuildConfig, error) { dec := toml.NewDecoder(r) var conf BuildConfig - metadata, err := dec.Decode(&conf) + _, err := dec.Decode(&conf) if err != nil { return nil, fmt.Errorf("cannot decode %q: %w", what, err) } - if len(metadata.Undecoded()) > 0 { - return nil, fmt.Errorf("cannot decode %q: unknown keys found: %v", what, metadata.Undecoded()) - } - return &conf, nil } diff --git a/bib/internal/buildconfig/config_test.go b/bib/internal/buildconfig/config_test.go index f720b0368..aa56a6738 100644 --- a/bib/internal/buildconfig/config_test.go +++ b/bib/internal/buildconfig/config_test.go @@ -134,16 +134,6 @@ func TestReadLegacyJSONConfig(t *testing.T) { assert.Equal(t, expectedBuildConfig, cfg) } -func TestTomlUnknownKeysError(t *testing.T) { - fakeUserCnfPath := makeFakeConfig(t, "config.toml", ` -[[birds]] -name = "toucan" -`) - _, err := buildconfig.ReadWithFallback(fakeUserCnfPath) - - assert.ErrorContains(t, err, "unknown keys found: [birds birds.name]") -} - func TestJsonUnknownKeysError(t *testing.T) { fakeUserCnfPath := makeFakeConfig(t, "config.json", ` { From 8bd5b3962f2dc87d7b9ce0f5625af7a88b05f925 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Wed, 26 Mar 2025 11:47:49 +0100 Subject: [PATCH 014/254] go.mod: update osbuild/images to v0.129.0 A major part of this update is the ability to use mount units instead of defining mountpoints in /etc/fstab. For bootc disk images, this is always enabled [1] and requires no further configuration. Closes #756 [1] https://github.com/osbuild/images/commit/43f1a3251aa37617334bfca7ecb742e86b821449 --- bib/go.mod | 2 +- bib/go.sum | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 2d057a4a0..56a8abd9a 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -7,7 +7,7 @@ require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/mattn/go-isatty v0.0.20 - github.com/osbuild/images v0.121.0 + github.com/osbuild/images v0.129.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 diff --git a/bib/go.sum b/bib/go.sum index c5d5c4930..8830a5938 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -6,8 +6,6 @@ github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774/go.mod h1:6/0dY github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= -github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= @@ -234,8 +232,8 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/osbuild/images v0.121.0 h1:urGJ1/RqSmJQ7tq4YPtc3phCI3EJP/i4epHkD50LlCQ= -github.com/osbuild/images v0.121.0/go.mod h1:Ag87vmyxooiPQBJEDILbypG8/SRIear75YA78NwLix0= +github.com/osbuild/images v0.129.0 h1:wh9A8BVqPUKZsocEELDnwJzc0bItDKa9MHAoOu4rnC0= +github.com/osbuild/images v0.129.0/go.mod h1:Ag87vmyxooiPQBJEDILbypG8/SRIear75YA78NwLix0= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From d096fcd4941a0a68f2f295db9c93662dcdf6c589 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Thu, 27 Mar 2025 10:35:29 +0100 Subject: [PATCH 015/254] test: import build_container_fixture as _ We need to import the fixtures and use them indirectly, which makes it appear like an unused import. Instead of disabling the linter on the line, let's suppress the warning by using _ as the import name. I find this nicer. --- test/test_manifest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_manifest.py b/test/test_manifest.py index 57f03024f..e3adbf4d6 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -9,7 +9,7 @@ import pytest import testutil -from containerbuild import build_container_fixture # pylint: disable=unused-import +from containerbuild import build_container_fixture as _ from containerbuild import make_container from testcases import gen_testcases From b3f6981a0ffbd186a3bdc089947f2bb58771f1f0 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Wed, 26 Mar 2025 17:34:42 +0100 Subject: [PATCH 016/254] test: update tests to look for mount units and not fstab Some tests rely on reading the fstab options from the manifest to verify that filesystems and swap partitions generate the right options. These have been changed to instead look for org.osbuild.systemd.unit.create stages with filenames ending in .mount and .swap. --- test/test_manifest.py | 75 ++++++++++++++++++++++++++----------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/test/test_manifest.py b/test/test_manifest.py index e3adbf4d6..9e744976a 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -405,15 +405,36 @@ def test_manifest_anaconda_module_customizations(tmpdir_factory, build_container assert "org.fedoraproject.Anaconda.Modules.Timezone" not in st["options"]["activatable-modules"] -def find_fstab_stage_from(manifest_str): +def find_fs_mount_info_from(manifest_str): manifest = json.loads(manifest_str) + mount_stages = [] + # normally there should be only one swap partition, but there's no technical reason you can't have multiple + swap_stages = [] for pipeline in manifest["pipelines"]: - # the fstab stage in cross-arch manifests is in the "ostree-deployment" pipeline + # the mount unit stages in cross-arch manifests are in the "ostree-deployment" pipeline if pipeline["name"] in ("image", "ostree-deployment"): for st in pipeline["stages"]: - if st["type"] == "org.osbuild.fstab": - return st - raise ValueError(f"cannot find fstab stage in manifest:\n{manifest_str}") + if st["type"] == "org.osbuild.systemd.unit.create": + options = st["options"] + if options["filename"].endswith(".mount"): + mount_stages.append(st) + elif options["filename"].endswith(".swap"): + swap_stages.append(st) + + if not mount_stages: + raise ValueError(f"cannot find mount unit creation stages in manifest:\n{manifest_str}") + + mounts = [] + for stage in mount_stages: + options = stage["options"]["config"] + mounts.append(options["Mount"]) + + swaps = [] + for stage in swap_stages: + options = stage["options"]["config"] + swaps.append(options["Swap"]) + + return mounts, swaps @pytest.mark.parametrize("fscustomizations,rootfs", [ @@ -480,25 +501,23 @@ def test_manifest_fs_customizations_smoke_toml(tmp_path, build_container): def assert_fs_customizations(customizations, fstype, manifest): - # use the fstab stage to get filesystem types for each mountpoint - fstab_stage = find_fstab_stage_from(manifest) - filesystems = fstab_stage["options"]["filesystems"] + mounts, _ = find_fs_mount_info_from(manifest) manifest_mountpoints = set() - for fs in filesystems: - manifest_mountpoints.add(fs["path"]) - if fs["path"] == "/boot/efi": - assert fs["vfs_type"] == "vfat" + for mount in mounts: + manifest_mountpoints.add(mount["Where"]) + if mount["Where"] == "/boot/efi": + assert mount["Type"] == "vfat" continue - if fstype == "btrfs" and fs["path"] == "/boot": + if fstype == "btrfs" and mount["Where"] == "/boot": # /boot keeps its default fstype when using btrfs - assert fs["vfs_type"] == "ext4" + assert mount["Type"] == "ext4" continue - assert fs["vfs_type"] == fstype, f"incorrect filesystem type for {fs['path']}" + assert mount["Type"] == fstype, f"incorrect filesystem type for {mount['Where']}" - # check that all fs customizations appear in fstab + # check that all fs customizations appear in the manifest for custom_mountpoint in customizations: assert custom_mountpoint in manifest_mountpoints @@ -699,14 +718,12 @@ def test_manifest_disk_customization_swap(tmp_path, build_container): mkswap_stage = find_mkswap_stage_from(output) assert mkswap_stage["options"].get("uuid") swap_uuid = mkswap_stage["options"]["uuid"] - fstab_stage = find_fstab_stage_from(output) - filesystems = fstab_stage["options"]["filesystems"] + _, swaps = find_fs_mount_info_from(output) + what_node = f"/dev/disk/by-uuid/{swap_uuid}" assert { - 'uuid': swap_uuid, - "vfs_type": "swap", - "path": "none", - "options": "defaults", - } in filesystems + "What": what_node, + "Options": "defaults", + } in swaps def test_manifest_disk_customization_lvm_swap(tmp_path, build_container): @@ -744,14 +761,12 @@ def test_manifest_disk_customization_lvm_swap(tmp_path, build_container): mkswap_stage = find_mkswap_stage_from(output) assert mkswap_stage["options"].get("uuid") swap_uuid = mkswap_stage["options"]["uuid"] - fstab_stage = find_fstab_stage_from(output) - filesystems = fstab_stage["options"]["filesystems"] + _, swaps = find_fs_mount_info_from(output) + what_node = f"/dev/disk/by-uuid/{swap_uuid}" assert { - 'uuid': swap_uuid, - "vfs_type": "swap", - "path": "none", - "options": "defaults", - } in filesystems + "What": what_node, + "Options": "defaults", + } in swaps # run osbuild schema validation, see gh#748 if not testutil.has_executable("osbuild"): pytest.skip("no osbuild executable") From e8a018da65314dbc2eddcc05d5ffeef7cffcc912 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Mon, 31 Mar 2025 21:46:45 +0200 Subject: [PATCH 017/254] imports: get from image-builder Some packages have been moved to `image-builder-cli`. Add this dependency and move the import paths over. Signed-off-by: Simon de Vlieger --- bib/cmd/bootc-image-builder/main.go | 7 +- bib/go.mod | 5 +- bib/go.sum | 2 + bib/internal/container/container.go | 2 +- bib/internal/podmanutil/podmanutils.go | 38 -- bib/internal/setup/export_test.go | 3 - bib/internal/setup/setup.go | 167 -------- bib/internal/setup/setup_test.go | 113 ------ bib/internal/util/util.go | 37 -- bib/internal/util/util_test.go | 21 - bib/pkg/progress/export_test.go | 47 --- bib/pkg/progress/progress.go | 506 ------------------------- bib/pkg/progress/progress_test.go | 265 ------------- bib/pkg/progress/syncwriter.go | 22 -- bib/pkg/progress/syncwriter_test.go | 44 --- 15 files changed, 10 insertions(+), 1269 deletions(-) delete mode 100644 bib/internal/podmanutil/podmanutils.go delete mode 100644 bib/internal/setup/export_test.go delete mode 100644 bib/internal/setup/setup.go delete mode 100644 bib/internal/setup/setup_test.go delete mode 100644 bib/internal/util/util.go delete mode 100644 bib/internal/util/util_test.go delete mode 100644 bib/pkg/progress/export_test.go delete mode 100644 bib/pkg/progress/progress.go delete mode 100644 bib/pkg/progress/progress_test.go delete mode 100644 bib/pkg/progress/syncwriter.go delete mode 100644 bib/pkg/progress/syncwriter_test.go diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 6c9e387ce..f8a02857e 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -29,10 +29,11 @@ import ( "github.com/osbuild/bootc-image-builder/bib/internal/buildconfig" podman_container "github.com/osbuild/bootc-image-builder/bib/internal/container" "github.com/osbuild/bootc-image-builder/bib/internal/imagetypes" - "github.com/osbuild/bootc-image-builder/bib/internal/setup" "github.com/osbuild/bootc-image-builder/bib/internal/source" - "github.com/osbuild/bootc-image-builder/bib/internal/util" - "github.com/osbuild/bootc-image-builder/bib/pkg/progress" + + "github.com/osbuild/image-builder-cli/pkg/progress" + "github.com/osbuild/image-builder-cli/pkg/setup" + "github.com/osbuild/image-builder-cli/pkg/util" ) const ( diff --git a/bib/go.mod b/bib/go.mod index 56a8abd9a..e0b047b06 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,14 +6,13 @@ require ( github.com/BurntSushi/toml v1.5.0 github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/mattn/go-isatty v0.0.20 + github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 github.com/osbuild/images v0.129.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 github.com/stretchr/testify v1.10.0 golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 - golang.org/x/sys v0.30.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -78,6 +77,7 @@ require ( github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.14 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mattn/go-sqlite3 v1.14.24 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect @@ -121,6 +121,7 @@ require ( golang.org/x/crypto v0.33.0 // indirect golang.org/x/net v0.35.0 // indirect golang.org/x/sync v0.11.0 // indirect + golang.org/x/sys v0.30.0 // indirect golang.org/x/term v0.29.0 // indirect golang.org/x/text v0.22.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 // indirect diff --git a/bib/go.sum b/bib/go.sum index 8830a5938..6c03a7ef4 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -232,6 +232,8 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= +github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= +github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= github.com/osbuild/images v0.129.0 h1:wh9A8BVqPUKZsocEELDnwJzc0bItDKa9MHAoOu4rnC0= github.com/osbuild/images v0.129.0/go.mod h1:Ag87vmyxooiPQBJEDILbypG8/SRIear75YA78NwLix0= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= diff --git a/bib/internal/container/container.go b/bib/internal/container/container.go index 454ec7109..bc7c86000 100644 --- a/bib/internal/container/container.go +++ b/bib/internal/container/container.go @@ -9,7 +9,7 @@ import ( "golang.org/x/exp/slices" - "github.com/osbuild/bootc-image-builder/bib/internal/util" + "github.com/osbuild/image-builder-cli/pkg/util" ) // Container is a simpler wrapper around a running podman container. diff --git a/bib/internal/podmanutil/podmanutils.go b/bib/internal/podmanutil/podmanutils.go deleted file mode 100644 index ac6c48524..000000000 --- a/bib/internal/podmanutil/podmanutils.go +++ /dev/null @@ -1,38 +0,0 @@ -package podmanutil - -import ( - "bufio" - "bytes" - "errors" - "fmt" - "io/fs" - "os" -) - -// envPath is written by podman -const envPath = "/run/.containerenv" - -// rootlessKey is set when we are rootless -const rootlessKey = "rootless=1" - -// IsRootless detects if we are running rootless in podman; -// other situations (e.g. docker) will successfuly return false. -func IsRootless() (bool, error) { - buf, err := os.ReadFile(envPath) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return false, nil - } - return false, err - } - scanner := bufio.NewScanner(bytes.NewReader(buf)) - for scanner.Scan() { - if scanner.Text() == rootlessKey { - return true, nil - } - } - if err := scanner.Err(); err != nil { - return false, fmt.Errorf("parsing %s: %w", envPath, err) - } - return false, nil -} diff --git a/bib/internal/setup/export_test.go b/bib/internal/setup/export_test.go deleted file mode 100644 index 2e5088961..000000000 --- a/bib/internal/setup/export_test.go +++ /dev/null @@ -1,3 +0,0 @@ -package setup - -var ValidateCanRunTargetArch = validateCanRunTargetArch diff --git a/bib/internal/setup/setup.go b/bib/internal/setup/setup.go deleted file mode 100644 index 27009a57d..000000000 --- a/bib/internal/setup/setup.go +++ /dev/null @@ -1,167 +0,0 @@ -package setup - -import ( - "fmt" - "os" - "os/exec" - "path/filepath" - "runtime" - "strings" - - "golang.org/x/sys/unix" - - "github.com/sirupsen/logrus" - - "github.com/osbuild/bootc-image-builder/bib/internal/podmanutil" - "github.com/osbuild/bootc-image-builder/bib/internal/util" -) - -// EnsureEnvironment mutates external filesystem state as necessary -// to run in a container environment. This function is idempotent. -func EnsureEnvironment(storePath string) error { - osbuildPath := "/usr/bin/osbuild" - if util.IsMountpoint(osbuildPath) { - return nil - } - - // Forcibly label the store to ensure we're not grabbing container labels - rootType := "system_u:object_r:root_t:s0" - // This papers over the lack of ensuring correct labels for the /ostree root - // in the existing pipeline - if err := util.RunCmdSync("chcon", rootType, storePath); err != nil { - return err - } - - // A hardcoded security label from Fedora derivatives for osbuild - // TODO: Avoid hardcoding this by using either host policy lookup - // Or eventually depend on privileged containers just having this capability. - // - // We need this in order to get `install_t` that has `CAP_MAC_ADMIN` for creating SELinux - // labels unknown to the host. - // - // Note that the transition to `install_t` must happen at this point. Osbuild stages run in `bwrap` that creates - // a nosuid, no_new_privs environment. In such an environment, we cannot transition from `unconfined_t` to `install_t`, - // because we would get more privileges. - installType := "system_u:object_r:install_exec_t:s0" - // Where we dump temporary files; this must be an overlayfs as we cannot - // write security contexts on overlayfs. - runTmp := "/run/osbuild/" - - if err := os.MkdirAll(runTmp, 0o755); err != nil { - return err - } - if !util.IsMountpoint(runTmp) { - if err := util.RunCmdSync("mount", "-t", "tmpfs", "tmpfs", runTmp); err != nil { - return err - } - } - destPath := filepath.Join(runTmp, "osbuild") - if err := util.RunCmdSync("cp", "-p", "/usr/bin/osbuild", destPath); err != nil { - return err - } - if err := util.RunCmdSync("chcon", installType, destPath); err != nil { - return err - } - - // Ensure we have devfs inside the container to get dynamic loop - // loop devices inside the container. - if err := util.RunCmdSync("mount", "-t", "devtmpfs", "devtmpfs", "/dev"); err != nil { - return err - } - - // Create a bind mount into our target location; we can't copy it because - // again we have to perserve the SELinux label. - if err := util.RunCmdSync("mount", "--bind", destPath, osbuildPath); err != nil { - return err - } - // NOTE: Don't add new code here, do it before the bind mount which acts as the final success indicator - - return nil -} - -// Validate checks that the environment is supported (e.g. caller set up the -// container correctly) -func Validate(targetArch string) error { - isRootless, err := podmanutil.IsRootless() - if err != nil { - return fmt.Errorf("checking rootless: %w", err) - } - if isRootless { - return fmt.Errorf("this command must be run in rootful (not rootless) podman") - } - - // Having /sys be writable is an easy to check proxy for privileges; more effective - // is really looking for CAP_SYS_ADMIN, but that involves more Go libraries. - var stvfsbuf unix.Statfs_t - if err := unix.Statfs("/sys", &stvfsbuf); err != nil { - return fmt.Errorf("failed to stat /sys: %w", err) - } - if (stvfsbuf.Flags & unix.ST_RDONLY) > 0 { - return fmt.Errorf("this command requires a privileged container") - } - - // Try to run the cross arch binary - if err := validateCanRunTargetArch(targetArch); err != nil { - return fmt.Errorf("cannot run binary in target arch: %w", err) - } - - return nil -} - -// ValidateHasContainerStorageMounted checks that the hostcontainer storage -// is mounted inside the container -func ValidateHasContainerStorageMounted() error { - // Just look for the overlay backend, which we expect by default. - // In theory, one could be using a different backend, but we don't - // really need to worry about this right now. If it turns out - // we do need to care, then we can probably handle this by - // just trying to query the image. - overlayPath := "/var/lib/containers/storage/overlay" - if _, err := os.Stat(overlayPath); err != nil { - if os.IsNotExist(err) { - return fmt.Errorf("cannot find %q (missing -v /var/lib/containers/storage:/var/lib/containers/storage mount?)", overlayPath) - } - return fmt.Errorf("failed to stat %q: %w", overlayPath, err) - } - return nil -} - -func validateCanRunTargetArch(targetArch string) error { - if targetArch == runtime.GOARCH || targetArch == "" { - return nil - } - - canaryCmd := fmt.Sprintf("bib-canary-%s", targetArch) - if _, err := exec.LookPath(canaryCmd); err != nil { - // we could error here but in principle with a working qemu-user - // any arch should work so let's just warn. the common case - // (arm64/amd64) is covered properly - logrus.Warningf("cannot check architecture support for %v: no canary binary found", targetArch) - return nil - } - output, err := exec.Command(canaryCmd).CombinedOutput() - if err != nil { - return fmt.Errorf("cannot run canary binary for %q, do you have 'qemu-user-static' installed?\n%s", targetArch, err) - } - if string(output) != "ok\n" { - return fmt.Errorf("internal error: unexpected output from cross-architecture canary: %q", string(output)) - } - - return nil -} - -func ValidateHasContainerTags(imgref string) error { - output, err := exec.Command("podman", "image", "inspect", imgref, "--format", "{{.Labels}}").Output() - if err != nil { - return fmt.Errorf(`failed to inspect the image: %w -bootc-image-builder no longer pulls images, make sure to pull it before running bootc-image-builder: - sudo podman pull %s`, util.OutputErr(err), imgref) - } - - tags := string(output) - if !strings.Contains(tags, "containers.bootc:1") { - return fmt.Errorf("image %s is not a bootc image", imgref) - } - - return nil -} diff --git a/bib/internal/setup/setup_test.go b/bib/internal/setup/setup_test.go deleted file mode 100644 index d8b36951d..000000000 --- a/bib/internal/setup/setup_test.go +++ /dev/null @@ -1,113 +0,0 @@ -package setup_test - -import ( - "bytes" - "fmt" - "os" - "path/filepath" - "runtime" - "testing" - - "github.com/sirupsen/logrus" - "github.com/stretchr/testify/assert" - - "github.com/osbuild/bootc-image-builder/bib/internal/setup" -) - -func TestValidateCanRunTargetArchTrivial(t *testing.T) { - for _, arch := range []string{runtime.GOARCH, ""} { - err := setup.ValidateCanRunTargetArch(arch) - assert.NoError(t, err) - } -} - -func TestValidateCanRunTargetArchUnsupportedCanary(t *testing.T) { - var logbuf bytes.Buffer - logrus.SetOutput(&logbuf) - - err := setup.ValidateCanRunTargetArch("unsupported-arch") - assert.NoError(t, err) - assert.Contains(t, logbuf.String(), `level=warning msg="cannot check architecture support for unsupported-arch: no canary binary found"`) -} - -func makeFakeBinary(t *testing.T, binary, content string) { - tmpdir := t.TempDir() - t.Setenv("PATH", tmpdir+":"+os.Getenv("PATH")) - err := os.WriteFile(filepath.Join(tmpdir, binary), []byte(content), 0o755) - assert.NoError(t, err) -} - -func makeFakeCanary(t *testing.T, content string) { - makeFakeBinary(t, "bib-canary-fakearch", content) -} - -func TestValidateCanRunTargetArchHappy(t *testing.T) { - var logbuf bytes.Buffer - logrus.SetOutput(&logbuf) - - makeFakeCanary(t, "#!/bin/sh\necho ok") - - err := setup.ValidateCanRunTargetArch("fakearch") - assert.NoError(t, err) - assert.Equal(t, "", logbuf.String()) -} - -func TestValidateCanRunTargetArchExecFormatError(t *testing.T) { - makeFakeCanary(t, "") - - err := setup.ValidateCanRunTargetArch("fakearch") - assert.ErrorContains(t, err, `cannot run canary binary for "fakearch", do you have 'qemu-user-static' installed?`) - assert.ErrorContains(t, err, `: exec format error`) -} - -func TestValidateCanRunTargetArchUnexpectedOutput(t *testing.T) { - makeFakeCanary(t, "#!/bin/sh\necho xxx") - - err := setup.ValidateCanRunTargetArch("fakearch") - assert.ErrorContains(t, err, `internal error: unexpected output`) -} - -var ( - fakePodmanOutputCentosBootc = `map[containers.bootc:1 io.buildah.version:1.29.1 org.opencontainers.image.version:stream9.20240319.0 ostree.bootable:true ostree.commit:97d619eae2a5474a9c363c78e3ad6caec14acba54a0b077c7cb69d00a4f800a5 ostree.final-diffid:sha256:12787d84fa137cd5649a9005efe98ec9d05ea46245fdc50aecb7dd007f2035b1 ostree.linux:5.14.0-430.el9.x86_64 redhat.compose-id:CentOS-Stream-9-20240304.d.0 redhat.id:centos redhat.version-id:9 rpmostree.inputhash:a5c67fd4e9465e47e01922171c6ab8edf261d2d381e590b5cd7fed81ea8d4dbe]` - - fakePodmanOutputCentos = `map[io.buildah.version:1.33.7 org.label-schema.build-date:20240618 org.label-schema.license:GPLv2 org.label-schema.name:CentOS Stream 9 Base Image org.label-schema.schema-version:1.0 org.label-schema.vendor:CentOS]` - - emptyPodmanOutput = `map[]` -) - -func TestValidateTags(t *testing.T) { - for _, tc := range []struct { - imageref string - fakeOutput string - expectedErr string - }{ - { - "quay.io/centos-bootc/centos-bootc:stream9", - fakePodmanOutputCentosBootc, - "", - }, - { - "quay.io/centos/centos:stream9", - fakePodmanOutputCentos, - "image quay.io/centos/centos:stream9 is not a bootc image", - }, - { - "fake/image", - emptyPodmanOutput, - "image fake/image is not a bootc image", - }, - } { - podmanArgsFile := filepath.Join(t.TempDir(), "args.txt") - fakePodman := fmt.Sprintf(`#!/bin/sh -e -echo "$@" > '%s' -echo '%s' -`, podmanArgsFile, tc.fakeOutput) - makeFakeBinary(t, "podman", fakePodman) - err := setup.ValidateHasContainerTags(tc.imageref) - if tc.expectedErr == "" { - assert.NoError(t, err) - } else { - assert.EqualError(t, err, tc.expectedErr) - } - } -} diff --git a/bib/internal/util/util.go b/bib/internal/util/util.go deleted file mode 100644 index 04e1c60d4..000000000 --- a/bib/internal/util/util.go +++ /dev/null @@ -1,37 +0,0 @@ -package util - -import ( - "fmt" - "os" - "os/exec" - "strings" - - "github.com/sirupsen/logrus" -) - -// IsMountpoint checks if the target path is a mount point -func IsMountpoint(path string) bool { - return exec.Command("mountpoint", path).Run() == nil -} - -// Synchronously invoke a command, propagating stdout and stderr -// to the current process's stdout and stderr -func RunCmdSync(cmdName string, args ...string) error { - logrus.Debugf("Running: %s %s", cmdName, strings.Join(args, " ")) - cmd := exec.Command(cmdName, args...) - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - if err := cmd.Run(); err != nil { - return fmt.Errorf("error running %s %s: %w", cmdName, strings.Join(args, " "), err) - } - return nil -} - -// OutputErr takes an error from exec.Command().Output() and tries -// generate an error with stderr details -func OutputErr(err error) error { - if err, ok := err.(*exec.ExitError); ok { - return fmt.Errorf("%w, stderr:\n%s", err, err.Stderr) - } - return err -} diff --git a/bib/internal/util/util_test.go b/bib/internal/util/util_test.go deleted file mode 100644 index f72c2a718..000000000 --- a/bib/internal/util/util_test.go +++ /dev/null @@ -1,21 +0,0 @@ -package util_test - -import ( - "fmt" - "os/exec" - "testing" - - "github.com/stretchr/testify/assert" - - "github.com/osbuild/bootc-image-builder/bib/internal/util" -) - -func TestOutputErrPassthrough(t *testing.T) { - err := fmt.Errorf("boom") - assert.Equal(t, util.OutputErr(err), err) -} - -func TestOutputErrExecError(t *testing.T) { - _, err := exec.Command("bash", "-c", ">&2 echo some-stderr; exit 1").Output() - assert.Equal(t, "exit status 1, stderr:\nsome-stderr\n", util.OutputErr(err).Error()) -} diff --git a/bib/pkg/progress/export_test.go b/bib/pkg/progress/export_test.go deleted file mode 100644 index 26d0c57c2..000000000 --- a/bib/pkg/progress/export_test.go +++ /dev/null @@ -1,47 +0,0 @@ -package progress - -import ( - "io" -) - -type ( - TerminalProgressBar = terminalProgressBar - DebugProgressBar = debugProgressBar - VerboseProgressBar = verboseProgressBar -) - -var ( - NewSyncedWriter = newSyncedWriter -) - -func MockOsStdout(w io.Writer) (restore func()) { - saved := osStdout - osStdout = func() io.Writer { return w } - return func() { - osStdout = saved - } -} - -func MockOsStderr(w io.Writer) (restore func()) { - saved := osStderr - osStderr = func() io.Writer { return w } - return func() { - osStderr = saved - } -} - -func MockIsattyIsTerminal(fn func(uintptr) bool) (restore func()) { - saved := isattyIsTerminal - isattyIsTerminal = fn - return func() { - isattyIsTerminal = saved - } -} - -func MockOsbuildCmd(s string) (restore func()) { - saved := osbuildCmd - osbuildCmd = s - return func() { - osbuildCmd = saved - } -} diff --git a/bib/pkg/progress/progress.go b/bib/pkg/progress/progress.go deleted file mode 100644 index 371ba3627..000000000 --- a/bib/pkg/progress/progress.go +++ /dev/null @@ -1,506 +0,0 @@ -package progress - -import ( - "bytes" - "errors" - "fmt" - "io" - "os" - "os/exec" - "strings" - "sync" - "syscall" - "time" - - "github.com/cheggaaa/pb/v3" - "github.com/mattn/go-isatty" - "github.com/sirupsen/logrus" - - "github.com/osbuild/images/pkg/osbuild" -) - -var ( - // This is only needed because pb.Pool require a real terminal. - // It sets it into "raw-mode" but there is really no need for - // this (see "func render()" below) so once this is fixed - // upstream we should remove this. - ESC = "\x1b" - ERASE_LINE = ESC + "[2K" - CURSOR_HIDE = ESC + "[?25l" - CURSOR_SHOW = ESC + "[?25h" -) - -// Used for testing, this must be a function (instead of the usual -// "var osStderr = os.Stderr" so that higher level libraries can test -// this code by replacing "os.Stderr", e.g. testutil.CaptureStdio() -var osStdout = func() io.Writer { - return os.Stdout -} -var osStderr = func() io.Writer { - return os.Stderr -} - -func cursorUp(i int) string { - return fmt.Sprintf("%s[%dA", ESC, i) -} - -// ProgressBar is an interface for progress reporting when there is -// an arbitrary amount of sub-progress information (like osbuild) -type ProgressBar interface { - // SetProgress sets the progress details at the given "level". - // Levels should start with "0" and increase as the nesting - // gets deeper. - // - // Note that reducing depth is currently not supported, once - // a sub-progress is added it cannot be removed/hidden - // (but if required it can be added, its a SMOP) - SetProgress(level int, msg string, done int, total int) error - - // The high-level message that is displayed in a spinner - // that contains the current top level step, for bib this - // is really just "Manifest generation step" and - // "Image generation step". We could map this to a three-level - // progress as well but we spend 90% of the time in the - // "Image generation step" so the UI looks a bit odd. - SetPulseMsgf(fmt string, args ...interface{}) - - // A high level message with the last operation status. - // For us this usually comes from the stages and has information - // like "Starting module org.osbuild.selinux" - SetMessagef(fmt string, args ...interface{}) - - // Start will start rendering the progress information - Start() - - // Stop will stop rendering the progress information, the - // screen is not cleared, the last few lines will be visible - Stop() -} - -var isattyIsTerminal = isatty.IsTerminal - -// New creates a new progressbar based on the requested type -func New(typ string) (ProgressBar, error) { - switch typ { - case "", "auto": - // autoselect based on if we are on an interactive - // terminal, use verbose progress for scripts - if isattyIsTerminal(os.Stdin.Fd()) { - return NewTerminalProgressBar() - } - return NewVerboseProgressBar() - case "verbose": - return NewVerboseProgressBar() - case "term": - return NewTerminalProgressBar() - case "debug": - return NewDebugProgressBar() - default: - return nil, fmt.Errorf("unknown progress type: %q", typ) - } -} - -type terminalProgressBar struct { - spinnerPb *pb.ProgressBar - msgPb *pb.ProgressBar - subLevelPbs []*pb.ProgressBar - - shutdownCh chan bool - - out io.Writer -} - -// NewTerminalProgressBar creates a new default pb3 based progressbar suitable for -// most terminals. -func NewTerminalProgressBar() (ProgressBar, error) { - b := &terminalProgressBar{ - out: osStderr(), - } - b.spinnerPb = pb.New(0) - b.spinnerPb.SetTemplate(`[{{ (cycle . "|" "/" "-" "\\") }}] {{ string . "spinnerMsg" }}`) - b.msgPb = pb.New(0) - b.msgPb.SetTemplate(`Message: {{ string . "msg" }}`) - return b, nil -} - -func (b *terminalProgressBar) SetProgress(subLevel int, msg string, done int, total int) error { - // auto-add as needed, requires sublevels to get added in order - // i.e. adding 0 and then 2 will fail - switch { - case subLevel == len(b.subLevelPbs): - apb := pb.New(0) - progressBarTmpl := `[{{ counters . }}] {{ string . "prefix" }} {{ bar .}} {{ percent . }}` - apb.SetTemplateString(progressBarTmpl) - if err := apb.Err(); err != nil { - return fmt.Errorf("error setting the progressbarTemplat: %w", err) - } - // workaround bug when running tests in tmt - if apb.Width() == 0 { - // this is pb.defaultBarWidth - apb.SetWidth(100) - } - b.subLevelPbs = append(b.subLevelPbs, apb) - case subLevel > len(b.subLevelPbs): - return fmt.Errorf("sublevel added out of order, have %v sublevels but want level %v", len(b.subLevelPbs), subLevel) - } - apb := b.subLevelPbs[subLevel] - apb.SetTotal(int64(total) + 1) - apb.SetCurrent(int64(done) + 1) - apb.Set("prefix", msg) - return nil -} - -func shorten(msg string) string { - msg = strings.Replace(msg, "\n", " ", -1) - // XXX: make this smarter - if len(msg) > 60 { - return msg[:60] + "..." - } - return msg -} - -func (b *terminalProgressBar) SetPulseMsgf(msg string, args ...interface{}) { - b.spinnerPb.Set("spinnerMsg", shorten(fmt.Sprintf(msg, args...))) -} - -func (b *terminalProgressBar) SetMessagef(msg string, args ...interface{}) { - b.msgPb.Set("msg", shorten(fmt.Sprintf(msg, args...))) -} - -func (b *terminalProgressBar) render() { - var renderedLines int - fmt.Fprintf(b.out, "%s%s\n", ERASE_LINE, b.spinnerPb.String()) - renderedLines++ - for _, prog := range b.subLevelPbs { - fmt.Fprintf(b.out, "%s%s\n", ERASE_LINE, prog.String()) - renderedLines++ - } - fmt.Fprintf(b.out, "%s%s\n", ERASE_LINE, b.msgPb.String()) - renderedLines++ - fmt.Fprint(b.out, cursorUp(renderedLines)) -} - -// Workaround for the pb.Pool requiring "raw-mode" - see here how to avoid -// it. Once fixes upstream we should remove this. -func (b *terminalProgressBar) renderLoop() { - for { - select { - case <-b.shutdownCh: - b.render() - // finally move cursor down again - fmt.Fprint(b.out, CURSOR_SHOW) - fmt.Fprint(b.out, strings.Repeat("\n", 2+len(b.subLevelPbs))) - // close last to avoid race with b.out - close(b.shutdownCh) - return - case <-time.After(200 * time.Millisecond): - // break to redraw the screen - } - b.render() - } -} - -func (b *terminalProgressBar) Start() { - // render() already running - if b.shutdownCh != nil { - return - } - fmt.Fprintf(b.out, "%s", CURSOR_HIDE) - b.shutdownCh = make(chan bool) - go b.renderLoop() -} - -func (b *terminalProgressBar) Err() error { - var errs []error - if err := b.spinnerPb.Err(); err != nil { - errs = append(errs, fmt.Errorf("error on spinner progressbar: %w", err)) - } - if err := b.msgPb.Err(); err != nil { - errs = append(errs, fmt.Errorf("error on spinner progressbar: %w", err)) - } - for _, pb := range b.subLevelPbs { - if err := pb.Err(); err != nil { - errs = append(errs, fmt.Errorf("error on spinner progressbar: %w", err)) - } - } - return errors.Join(errs...) -} - -func (b *terminalProgressBar) Stop() { - if b.shutdownCh == nil { - return - } - // request shutdown - b.shutdownCh <- true - // wait for ack - select { - case <-b.shutdownCh: - // shudown complete - case <-time.After(1 * time.Second): - // I cannot think of how this could happen, i.e. why - // closing would not work but lets be conservative - - // without a timeout we hang here forever - logrus.Warnf("no progress channel shutdown after 1sec") - } - b.shutdownCh = nil - // This should never happen but be paranoid, this should - // never happen but ensure we did not accumulate error while - // running - if err := b.Err(); err != nil { - fmt.Fprintf(b.out, "error from pb.ProgressBar: %v", err) - } -} - -type verboseProgressBar struct { - w io.Writer -} - -// NewVerboseProgressBar starts a new "verbose" progressbar that will just -// prints message but does not show any progress. -func NewVerboseProgressBar() (ProgressBar, error) { - b := &verboseProgressBar{w: osStderr()} - return b, nil -} - -func (b *verboseProgressBar) SetPulseMsgf(msg string, args ...interface{}) { - fmt.Fprintf(b.w, msg, args...) - fmt.Fprintf(b.w, "\n") -} - -func (b *verboseProgressBar) SetMessagef(msg string, args ...interface{}) { - fmt.Fprintf(b.w, msg, args...) - fmt.Fprintf(b.w, "\n") -} - -func (b *verboseProgressBar) Start() { -} - -func (b *verboseProgressBar) Stop() { -} - -func (b *verboseProgressBar) SetProgress(subLevel int, msg string, done int, total int) error { - return nil -} - -type debugProgressBar struct { - w io.Writer -} - -// NewDebugProgressBar will create a progressbar aimed to debug the -// lower level osbuild/images message. It will never clear the screen -// so "glitches/weird" messages from the lower-layers can be inspected -// easier. -func NewDebugProgressBar() (ProgressBar, error) { - b := &debugProgressBar{w: osStderr()} - return b, nil -} - -func (b *debugProgressBar) SetPulseMsgf(msg string, args ...interface{}) { - fmt.Fprintf(b.w, "pulse: ") - fmt.Fprintf(b.w, msg, args...) - fmt.Fprintf(b.w, "\n") -} - -func (b *debugProgressBar) SetMessagef(msg string, args ...interface{}) { - fmt.Fprintf(b.w, "msg: ") - fmt.Fprintf(b.w, msg, args...) - fmt.Fprintf(b.w, "\n") -} - -func (b *debugProgressBar) Start() { - fmt.Fprintf(b.w, "Start progressbar\n") -} - -func (b *debugProgressBar) Stop() { - fmt.Fprintf(b.w, "Stop progressbar\n") -} - -func (b *debugProgressBar) SetProgress(subLevel int, msg string, done int, total int) error { - fmt.Fprintf(b.w, "%s[%v / %v] %s", strings.Repeat(" ", subLevel), done, total, msg) - fmt.Fprintf(b.w, "\n") - return nil -} - -type OSBuildOptions struct { - StoreDir string - OutputDir string - ExtraEnv []string - - // BuildLog writes the osbuild output to the given writer - BuildLog io.Writer -} - -// XXX: merge variant back into images/pkg/osbuild/osbuild-exec.go -func RunOSBuild(pb ProgressBar, manifest []byte, exports []string, opts *OSBuildOptions) error { - if opts == nil { - opts = &OSBuildOptions{} - } - - // To keep maximum compatibility keep the old behavior to run osbuild - // directly and show all messages unless we have a "real" progress bar. - // - // This should ensure that e.g. "podman bootc" keeps working as it - // is currently expecting the raw osbuild output. Once we double - // checked with them we can remove the runOSBuildNoProgress() and - // just run with the new runOSBuildWithProgress() helper. - switch pb.(type) { - case *terminalProgressBar, *debugProgressBar: - return runOSBuildWithProgress(pb, manifest, exports, opts) - default: - return runOSBuildNoProgress(pb, manifest, exports, opts) - } -} - -func runOSBuildNoProgress(pb ProgressBar, manifest []byte, exports []string, opts *OSBuildOptions) error { - var stdout, stderr io.Writer - - var writeMu sync.Mutex - if opts.BuildLog == nil { - // No external build log requested and we won't need an - // internal one because all output goes directly to - // stdout/stderr. This is for maximum compatibility with - // the existing bootc-image-builder in "verbose" mode - // where stdout, stderr come directly from osbuild. - stdout = osStdout() - stderr = osStderr() - } else { - // There is a slight wrinkle here: when requesting a - // buildlog we can no longer write to separate - // stdout/stderr streams without being racy and give - // potential out-of-order output (which is very bad - // and confusing in a log). The reason is that if - // cmd.Std{out,err} are different "go" will start two - // go-routine to monitor/copy those are racy when both - // stdout,stderr output happens close together - // (TestRunOSBuildWithBuildlog demos that). We cannot - // have our cake and eat it so here we need to combine - // osbuilds stderr into our stdout. - mw := newSyncedWriter(&writeMu, io.MultiWriter(osStdout(), opts.BuildLog)) - stdout = mw - stderr = mw - } - - cmd := exec.Command( - osbuildCmd, - "--store", opts.StoreDir, - "--output-directory", opts.OutputDir, - "-", - ) - for _, export := range exports { - cmd.Args = append(cmd.Args, "--export", export) - } - - cmd.Env = append(os.Environ(), opts.ExtraEnv...) - cmd.Stdin = bytes.NewBuffer(manifest) - cmd.Stdout = stdout - cmd.Stderr = stderr - if err := cmd.Run(); err != nil { - return fmt.Errorf("error running osbuild: %w", err) - } - return nil -} - -var osbuildCmd = "osbuild" - -func runOSBuildWithProgress(pb ProgressBar, manifest []byte, exports []string, opts *OSBuildOptions) (err error) { - rp, wp, err := os.Pipe() - if err != nil { - return fmt.Errorf("cannot create pipe for osbuild: %w", err) - } - defer rp.Close() - defer wp.Close() - - cmd := exec.Command( - osbuildCmd, - "--store", opts.StoreDir, - "--output-directory", opts.OutputDir, - "--monitor=JSONSeqMonitor", - "--monitor-fd=3", - "-", - ) - for _, export := range exports { - cmd.Args = append(cmd.Args, "--export", export) - } - - var stdio bytes.Buffer - var mw, buildLog io.Writer - var writeMu sync.Mutex - if opts.BuildLog != nil { - mw = newSyncedWriter(&writeMu, io.MultiWriter(&stdio, opts.BuildLog)) - buildLog = newSyncedWriter(&writeMu, opts.BuildLog) - } else { - mw = &stdio - buildLog = io.Discard - } - - cmd.Env = append(os.Environ(), opts.ExtraEnv...) - cmd.Stdin = bytes.NewBuffer(manifest) - cmd.Stdout = mw - cmd.Stderr = mw - cmd.ExtraFiles = []*os.File{wp} - - osbuildStatus := osbuild.NewStatusScanner(rp) - if err := cmd.Start(); err != nil { - return fmt.Errorf("error starting osbuild: %v", err) - } - wp.Close() - defer func() { - // Try to stop osbuild if we exit early, we are gentle - // here to give osbuild the chance to release its - // resources (like mounts in the buildroot). This is - // best effort only (but also a pretty uncommon error - // condition). If ProcessState is set the process has - // already exited and we have nothing to do. - if err != nil && cmd.Process != nil && cmd.ProcessState == nil { - sigErr := cmd.Process.Signal(syscall.SIGINT) - err = errors.Join(err, sigErr) - } - }() - - var tracesMsgs []string - for { - st, err := osbuildStatus.Status() - if err != nil { - // This should never happen but if it does we try - // to be helpful. We need to exit here (and kill - // osbuild in the defer) or we would appear to be - // handing as cmd.Wait() would wait to finish but - // no progress or other message is reported. We - // can also not (in the general case) recover as - // the underlying osbuildStatus.scanner maybe in - // an unrecoverable state (like ErrTooBig). - return fmt.Errorf(`error parsing osbuild status, please report a bug and try with "--progress=verbose": %w`, err) - } - if st == nil { - break - } - i := 0 - for p := st.Progress; p != nil; p = p.SubProgress { - if err := pb.SetProgress(i, p.Message, p.Done, p.Total); err != nil { - logrus.Warnf("cannot set progress: %v", err) - } - i++ - } - // forward to user - if st.Message != "" { - pb.SetMessagef(st.Message) - } - - // keep internal log for error reporting, forward to - // external build log - if st.Message != "" { - tracesMsgs = append(tracesMsgs, st.Message) - fmt.Fprintln(buildLog, st.Message) - } - if st.Trace != "" { - tracesMsgs = append(tracesMsgs, st.Trace) - fmt.Fprintln(buildLog, st.Trace) - } - } - - if err := cmd.Wait(); err != nil { - return fmt.Errorf("error running osbuild: %w\nBuildLog:\n%s\nOutput:\n%s", err, strings.Join(tracesMsgs, "\n"), stdio.String()) - } - - return nil -} diff --git a/bib/pkg/progress/progress_test.go b/bib/pkg/progress/progress_test.go deleted file mode 100644 index f1621c789..000000000 --- a/bib/pkg/progress/progress_test.go +++ /dev/null @@ -1,265 +0,0 @@ -package progress_test - -import ( - "bytes" - "fmt" - "io" - "os" - "path/filepath" - "reflect" - "testing" - "time" - - "github.com/stretchr/testify/assert" - - "github.com/osbuild/bootc-image-builder/bib/pkg/progress" -) - -func TestProgressNew(t *testing.T) { - for _, tc := range []struct { - typ string - expected interface{} - expectedErr string - }{ - {"term", &progress.TerminalProgressBar{}, ""}, - {"debug", &progress.DebugProgressBar{}, ""}, - {"verbose", &progress.VerboseProgressBar{}, ""}, - // unknown progress type - {"bad", nil, `unknown progress type: "bad"`}, - } { - pb, err := progress.New(tc.typ) - if tc.expectedErr == "" { - assert.NoError(t, err) - assert.Equal(t, reflect.TypeOf(pb), reflect.TypeOf(tc.expected), fmt.Sprintf("[%v] %T not the expected %T", tc.typ, pb, tc.expected)) - } else { - assert.EqualError(t, err, tc.expectedErr) - } - } -} - -func TestVerboseProgress(t *testing.T) { - var buf bytes.Buffer - restore := progress.MockOsStderr(&buf) - defer restore() - - // verbose progress never generates progress output - pbar, err := progress.NewVerboseProgressBar() - assert.NoError(t, err) - err = pbar.SetProgress(0, "set-progress", 1, 100) - assert.NoError(t, err) - assert.Equal(t, "", buf.String()) - - // but it shows the messages - pbar.SetPulseMsgf("pulse") - assert.Equal(t, "pulse\n", buf.String()) - buf.Reset() - - pbar.SetMessagef("message") - assert.Equal(t, "message\n", buf.String()) - buf.Reset() - - pbar.Start() - assert.Equal(t, "", buf.String()) - pbar.Stop() - assert.Equal(t, "", buf.String()) -} - -func TestDebugProgress(t *testing.T) { - var buf bytes.Buffer - restore := progress.MockOsStderr(&buf) - defer restore() - - pbar, err := progress.NewDebugProgressBar() - assert.NoError(t, err) - err = pbar.SetProgress(0, "set-progress-msg", 1, 100) - assert.NoError(t, err) - assert.Equal(t, "[1 / 100] set-progress-msg\n", buf.String()) - buf.Reset() - - pbar.SetPulseMsgf("pulse-msg") - assert.Equal(t, "pulse: pulse-msg\n", buf.String()) - buf.Reset() - - pbar.SetMessagef("some-message") - assert.Equal(t, "msg: some-message\n", buf.String()) - buf.Reset() - - pbar.Start() - assert.Equal(t, "Start progressbar\n", buf.String()) - buf.Reset() - - pbar.Stop() - assert.Equal(t, "Stop progressbar\n", buf.String()) - buf.Reset() -} - -func TestTermProgress(t *testing.T) { - var buf bytes.Buffer - restore := progress.MockOsStderr(&buf) - defer restore() - - pbar, err := progress.NewTerminalProgressBar() - assert.NoError(t, err) - - pbar.Start() - pbar.SetPulseMsgf("pulse-msg") - pbar.SetMessagef("some-message") - err = pbar.SetProgress(0, "set-progress-msg", 0, 5) - assert.NoError(t, err) - pbar.Stop() - assert.NoError(t, pbar.(*progress.TerminalProgressBar).Err()) - - assert.Contains(t, buf.String(), "[1 / 6] set-progress-msg") - assert.Contains(t, buf.String(), "[|] pulse-msg\n") - assert.Contains(t, buf.String(), "Message: some-message\n") - // check shutdown - assert.Contains(t, buf.String(), progress.CURSOR_SHOW) -} - -func TestProgressNewAutoselect(t *testing.T) { - for _, tc := range []struct { - onTerm bool - expected interface{} - }{ - {false, &progress.VerboseProgressBar{}}, - {true, &progress.TerminalProgressBar{}}, - } { - restore := progress.MockIsattyIsTerminal(func(uintptr) bool { - return tc.onTerm - }) - defer restore() - - pb, err := progress.New("auto") - assert.NoError(t, err) - assert.Equal(t, reflect.TypeOf(pb), reflect.TypeOf(tc.expected), fmt.Sprintf("[%v] %T not the expected %T", tc.onTerm, pb, tc.expected)) - } -} - -func makeFakeOsbuild(t *testing.T, content string) string { - p := filepath.Join(t.TempDir(), "fake-osbuild") - err := os.WriteFile(p, []byte("#!/bin/sh\n"+content), 0755) - assert.NoError(t, err) - return p -} - -func TestRunOSBuildWithProgressErrorReporting(t *testing.T) { - restore := progress.MockOsStderr(io.Discard) - defer restore() - - restore = progress.MockOsbuildCmd(makeFakeOsbuild(t, ` ->&3 echo '{"message": "osbuild-stage-message"}' - -echo osbuild-stdout-output ->&2 echo osbuild-stderr-output -exit 112 -`)) - defer restore() - - pbar, err := progress.New("debug") - assert.NoError(t, err) - err = progress.RunOSBuild(pbar, []byte(`{"fake":"manifest"}`), nil, nil) - assert.EqualError(t, err, `error running osbuild: exit status 112 -BuildLog: -osbuild-stage-message -Output: -osbuild-stdout-output -osbuild-stderr-output -`) -} - -func TestRunOSBuildWithProgressIncorrectJSON(t *testing.T) { - signalDeliveredMarkerPath := filepath.Join(t.TempDir(), "sigint-delivered") - - restore := progress.MockOsbuildCmd(makeFakeOsbuild(t, fmt.Sprintf(` -trap 'touch "%s";exit 2' INT - ->&3 echo invalid-json - -# we cannot sleep infinity here or the shell script trap is never run -while true; do - sleep 0.1 -done -`, signalDeliveredMarkerPath))) - defer restore() - - pbar, err := progress.New("debug") - assert.NoError(t, err) - err = progress.RunOSBuild(pbar, []byte(`{"fake":"manifest"}`), nil, nil) - assert.EqualError(t, err, `error parsing osbuild status, please report a bug and try with "--progress=verbose": cannot scan line "invalid-json": invalid character 'i' looking for beginning of value`) - - // ensure the SIGINT got delivered - var pathExists = func(p string) bool { - _, err := os.Stat(p) - return err == nil - } - for i := 0; i < 20; i++ { - time.Sleep(100 * time.Millisecond) - if pathExists(signalDeliveredMarkerPath) { - break - } - } - assert.True(t, pathExists(signalDeliveredMarkerPath)) -} - -func TestRunOSBuildWithBuildlogTerm(t *testing.T) { - restore := progress.MockOsbuildCmd(makeFakeOsbuild(t, ` -echo osbuild-stdout-output ->&2 echo osbuild-stderr-output - -# without the sleep this is racy as two different go routines poll -# this does not matter (much) in practise because osbuild output and -# stage output are using the syncedMultiWriter so output is not garbled -sleep 0.1 ->&3 echo '{"message": "osbuild-stage-message"}' -`)) - defer restore() - - var fakeStdout, fakeStderr bytes.Buffer - restore = progress.MockOsStdout(&fakeStdout) - defer restore() - restore = progress.MockOsStderr(&fakeStderr) - defer restore() - - pbar, err := progress.New("term") - assert.NoError(t, err) - - var buildLog bytes.Buffer - opts := &progress.OSBuildOptions{ - BuildLog: &buildLog, - } - err = progress.RunOSBuild(pbar, []byte(`{"fake":"manifest"}`), nil, opts) - assert.NoError(t, err) - expectedOutput := `osbuild-stdout-output -osbuild-stderr-output -osbuild-stage-message -` - assert.Equal(t, expectedOutput, buildLog.String()) -} - -func TestRunOSBuildWithBuildlogVerbose(t *testing.T) { - restore := progress.MockOsbuildCmd(makeFakeOsbuild(t, ` -echo osbuild-stdout-output ->&2 echo osbuild-stderr-output -`)) - defer restore() - - var fakeStdout, fakeStderr bytes.Buffer - restore = progress.MockOsStdout(&fakeStdout) - defer restore() - restore = progress.MockOsStderr(&fakeStderr) - defer restore() - - pbar, err := progress.New("verbose") - assert.NoError(t, err) - - var buildLog bytes.Buffer - opts := &progress.OSBuildOptions{ - BuildLog: &buildLog, - } - err = progress.RunOSBuild(pbar, []byte(`{"fake":"manifest"}`), nil, opts) - assert.NoError(t, err) - expectedOutput := `osbuild-stdout-output -osbuild-stderr-output -` - assert.Equal(t, expectedOutput, buildLog.String()) -} diff --git a/bib/pkg/progress/syncwriter.go b/bib/pkg/progress/syncwriter.go deleted file mode 100644 index f9ca783a8..000000000 --- a/bib/pkg/progress/syncwriter.go +++ /dev/null @@ -1,22 +0,0 @@ -package progress - -import ( - "io" - "sync" -) - -type syncedWriter struct { - mu *sync.Mutex - w io.Writer -} - -func newSyncedWriter(mu *sync.Mutex, w io.Writer) io.Writer { - return &syncedWriter{mu: mu, w: w} -} - -func (sw *syncedWriter) Write(p []byte) (n int, err error) { - sw.mu.Lock() - defer sw.mu.Unlock() - - return sw.w.Write(p) -} diff --git a/bib/pkg/progress/syncwriter_test.go b/bib/pkg/progress/syncwriter_test.go deleted file mode 100644 index 32c37570b..000000000 --- a/bib/pkg/progress/syncwriter_test.go +++ /dev/null @@ -1,44 +0,0 @@ -package progress_test - -import ( - "bufio" - "bytes" - "fmt" - "strings" - "sync" - "testing" - "time" - - "github.com/stretchr/testify/assert" - - "github.com/osbuild/bootc-image-builder/bib/pkg/progress" -) - -func TestSyncWriter(t *testing.T) { - var mu sync.Mutex - var buf bytes.Buffer - var wg sync.WaitGroup - - for id := 0; id < 100; id++ { - wg.Add(1) - w := progress.NewSyncedWriter(&mu, &buf) - go func(id int) { - defer wg.Done() - for i := 0; i < 500; i++ { - fmt.Fprintln(w, strings.Repeat(fmt.Sprintf("%v", id%10), 60)) - time.Sleep(10 * time.Nanosecond) - } - }(id) - } - wg.Wait() - - scanner := bufio.NewScanner(&buf) - for { - if !scanner.Scan() { - break - } - line := scanner.Text() - assert.True(t, len(line) == 60, fmt.Sprintf("len %v: line: %v", len(line), line)) - } - assert.NoError(t, scanner.Err()) -} From ed98bea31986d90657996f9c51d42bdfbf320759 Mon Sep 17 00:00:00 2001 From: Philip Molloy Date: Fri, 28 Feb 2025 17:12:44 +0100 Subject: [PATCH 018/254] README: Create missing output directory in example --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index dde86a80d..0b7122737 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ The following command will create a QCOW2 disk image. First, create `./config.to ```bash # Ensure the image is fetched sudo podman pull quay.io/centos-bootc/centos-bootc:stream9 +mkdir output sudo podman run \ --rm \ -it \ From a68518a6c5fd1191b233535d930ef06a8feb91cb Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 31 Mar 2025 16:55:48 +0200 Subject: [PATCH 019/254] bib: add experimental flag `debug-qemu-user` This commit adds support for more debug for `qemu-user` options. When settings: ``` $ sudo IMAGE_BUILDER_EXPERIMENAL=debug-qemu-user bootc-image-builder ... ``` extra debug from qemu-user will be printed. This hopefully helps to track down the root cause of https://github.com/podman-desktop/extension-bootc/issues/1475 --- bib/cmd/bootc-image-builder/main.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index f8a02857e..804b44a0b 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -22,6 +22,7 @@ import ( "github.com/osbuild/images/pkg/cloud/awscloud" "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/dnfjson" + "github.com/osbuild/images/pkg/experimentalflags" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/rpmmd" @@ -462,6 +463,9 @@ func cmdBuild(cmd *cobra.Command, args []string) error { osbuildEnv = append(osbuildEnv, envVars...) } + if experimentalflags.Bool("debug-qemu-user") { + osbuildEnv = append(osbuildEnv, "OBSBUILD_EXPERIMENAL=debug-qemu-user") + } osbuildOpts := progress.OSBuildOptions{ StoreDir: osbuildStore, OutputDir: outputDir, From 1c3d2dab0dae47e2c50bba2fcfa9da9d5d592d8a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Apr 2025 05:06:45 +0000 Subject: [PATCH 020/254] build(deps): bump golangci/golangci-lint-action from 6 to 7 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ad3cbfdbf..9a4e35fd1 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -45,7 +45,7 @@ jobs: run: sudo apt install -y libgpgme-dev libbtrfs-dev libdevmapper-dev - name: Run golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@v7 with: version: ${{ env.GOLANGCI_LINT_VERSION }} args: --timeout 5m0s From 6a795b46f34f5faf26570b3f45a9aecd0528e2eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Apr 2025 05:01:22 +0000 Subject: [PATCH 021/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.129.0 to 0.130.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.129.0...v0.130.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index e0b047b06..6d4740d2c 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -7,7 +7,7 @@ require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.129.0 + github.com/osbuild/images v0.132.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 diff --git a/bib/go.sum b/bib/go.sum index 6c03a7ef4..7fe8138ad 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -234,8 +234,8 @@ github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jD github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.129.0 h1:wh9A8BVqPUKZsocEELDnwJzc0bItDKa9MHAoOu4rnC0= -github.com/osbuild/images v0.129.0/go.mod h1:Ag87vmyxooiPQBJEDILbypG8/SRIear75YA78NwLix0= +github.com/osbuild/images v0.132.0 h1:0QlLw+hymhlao8f3V2Y/Mb15dK4vKBfja0dxxT8zwqA= +github.com/osbuild/images v0.132.0/go.mod h1:Ag87vmyxooiPQBJEDILbypG8/SRIear75YA78NwLix0= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 805abea3bc03cc0db640655ac96a0e75607f2792 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Tue, 8 Apr 2025 21:18:22 +0200 Subject: [PATCH 022/254] github: bump ubuntu runners to 24.04 20.04 is EOL soon. --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9a4e35fd1..c6d4a3338 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -56,7 +56,7 @@ jobs: shellcheck: name: "🐚 Shellcheck" - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: From b75d03bff590bf9a2b22a67db740ec5f5809381b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 26 Mar 2025 11:33:48 +0100 Subject: [PATCH 023/254] bib: use the new github.com/osbuild/blueprint This commit converts bib to use the new blueprint package from github.com/osbuild/blueprint for better compatibility with composer and our documentation. It also bumps the version of the TOML library so that we get PR#440. --- bib/go.mod | 6 ++++-- bib/go.sum | 12 ++++++++---- bib/internal/buildconfig/config.go | 30 +++++++++++++++++++++--------- 3 files changed, 33 insertions(+), 15 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 6d4740d2c..dff9fe3e2 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -3,11 +3,12 @@ module github.com/osbuild/bootc-image-builder/bib go 1.22.8 require ( - github.com/BurntSushi/toml v1.5.0 + github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 + github.com/osbuild/blueprint v1.5.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.132.0 + github.com/osbuild/images v0.133.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 @@ -34,6 +35,7 @@ require ( github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.2.1 // indirect github.com/containers/storage v1.57.1 // indirect + github.com/coreos/go-semver v0.3.1 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect github.com/cyphar/filepath-securejoin v0.3.6 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect diff --git a/bib/go.sum b/bib/go.sum index 7fe8138ad..685500679 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -6,8 +6,8 @@ github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774/go.mod h1:6/0dY github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= -github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a h1:pRZNZLyCUkX30uKttIh5ihOtsqCgugM+a4WTxUULiMw= +github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg= @@ -53,6 +53,8 @@ github.com/containers/ocicrypt v1.2.1 h1:0qIOTT9DoYwcKmxSt8QJt+VzMY18onl9jUXsxpV github.com/containers/ocicrypt v1.2.1/go.mod h1:aD0AAqfMp0MtwqWgHM1bUwe1anx0VazI108CRrSKINQ= github.com/containers/storage v1.57.1 h1:hKPoFsuBcB3qTzBxa4IFpZMRzUuL5Xhv/BE44W0XHx8= github.com/containers/storage v1.57.1/go.mod h1:i/Hb4lu7YgFr9G0K6BMjqW0BLJO1sFsnWQwj2UoWCUM= +github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= +github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f h1:eHnXnuK47UlSTOQexbzxAZfekVz6i+LKRdj1CU5DPaM= github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= @@ -232,10 +234,12 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= +github.com/osbuild/blueprint v1.5.0 h1:ca3C32Ltx+2P2eEZrI1fyutAInpwojl+NdQZKOrIR+Q= +github.com/osbuild/blueprint v1.5.0/go.mod h1:0d3dlY8aSJ6jM6NHwBmJFF1VIySsp/GsDpcJQ0yrOqM= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.132.0 h1:0QlLw+hymhlao8f3V2Y/Mb15dK4vKBfja0dxxT8zwqA= -github.com/osbuild/images v0.132.0/go.mod h1:Ag87vmyxooiPQBJEDILbypG8/SRIear75YA78NwLix0= +github.com/osbuild/images v0.133.0 h1:JS23Q2OtS9ktGyLXchsT3gCcD5wXhu/JohPWYilSGTw= +github.com/osbuild/images v0.133.0/go.mod h1:Ag87vmyxooiPQBJEDILbypG8/SRIear75YA78NwLix0= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= diff --git a/bib/internal/buildconfig/config.go b/bib/internal/buildconfig/config.go index 1ad3fb8de..f4af6033c 100644 --- a/bib/internal/buildconfig/config.go +++ b/bib/internal/buildconfig/config.go @@ -11,7 +11,10 @@ import ( "github.com/BurntSushi/toml" "github.com/sirupsen/logrus" - "github.com/osbuild/images/pkg/blueprint" + // XXX: eventually there will be only be one importable blueprint, i.e. + // see https://github.com/osbuild/blueprint/issues/3 + externalBlueprint "github.com/osbuild/blueprint/pkg/blueprint" + imagesBlueprint "github.com/osbuild/images/pkg/blueprint" ) // legacyBuildConfig is the json based configuration that was used in @@ -22,12 +25,12 @@ type legacyBuildConfig struct { Blueprint *json.RawMessage `json:"blueprint"` } -type BuildConfig blueprint.Blueprint +type BuildConfig imagesBlueprint.Blueprint // configRootDir is only overriden in tests var configRootDir = "/" -func decodeJsonBuildConfig(r io.Reader, what string) (*BuildConfig, error) { +func decodeJsonBuildConfig(r io.Reader, what string) (*externalBlueprint.Blueprint, error) { content, err := io.ReadAll(r) if err != nil && err != io.EOF { return nil, fmt.Errorf("cannot read %q: %w", what, err) @@ -45,7 +48,7 @@ func decodeJsonBuildConfig(r io.Reader, what string) (*BuildConfig, error) { dec := json.NewDecoder(bytes.NewBuffer(content)) dec.DisallowUnknownFields() - var conf BuildConfig + var conf externalBlueprint.Blueprint if err := dec.Decode(&conf); err != nil { return nil, fmt.Errorf("cannot decode %q: %w", what, err) } @@ -55,10 +58,10 @@ func decodeJsonBuildConfig(r io.Reader, what string) (*BuildConfig, error) { return &conf, nil } -func decodeTomlBuildConfig(r io.Reader, what string) (*BuildConfig, error) { +func decodeTomlBuildConfig(r io.Reader, what string) (*externalBlueprint.Blueprint, error) { dec := toml.NewDecoder(r) - var conf BuildConfig + var conf externalBlueprint.Blueprint _, err := dec.Decode(&conf) if err != nil { return nil, fmt.Errorf("cannot decode %q: %w", what, err) @@ -69,7 +72,7 @@ func decodeTomlBuildConfig(r io.Reader, what string) (*BuildConfig, error) { var osStdin = os.Stdin -func loadConfig(path string) (*BuildConfig, error) { +func loadConfig(path string) (*externalBlueprint.Blueprint, error) { var fp *os.File var err error @@ -93,7 +96,7 @@ func loadConfig(path string) (*BuildConfig, error) { } } -func ReadWithFallback(userConfig string) (*BuildConfig, error) { +func readWithFallback(userConfig string) (*externalBlueprint.Blueprint, error) { // user asked for an explicit config if userConfig != "" { return loadConfig(userConfig) @@ -111,8 +114,17 @@ func ReadWithFallback(userConfig string) (*BuildConfig, error) { } } if foundConfig == "" { - return &BuildConfig{}, nil + return &externalBlueprint.Blueprint{}, nil } return loadConfig(foundConfig) } + +func ReadWithFallback(userConfig string) (*BuildConfig, error) { + externalBp, err := readWithFallback(userConfig) + if err != nil { + return nil, err + } + internalBp := BuildConfig(externalBlueprint.Convert(*externalBp)) + return &internalBp, nil +} From 462c545e3dd71996e1586e773d6ac538caae8e9f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 8 Apr 2025 12:12:53 +0200 Subject: [PATCH 024/254] Revert "Reapply "buildconfig: disable tests for undecoded keys for now"" This reverts commit f2c16ad712d6fcc38ce9e4778fb2a781b6523cea. --- bib/internal/buildconfig/config.go | 6 +++++- bib/internal/buildconfig/config_test.go | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/bib/internal/buildconfig/config.go b/bib/internal/buildconfig/config.go index f4af6033c..ba60bf096 100644 --- a/bib/internal/buildconfig/config.go +++ b/bib/internal/buildconfig/config.go @@ -62,11 +62,15 @@ func decodeTomlBuildConfig(r io.Reader, what string) (*externalBlueprint.Bluepri dec := toml.NewDecoder(r) var conf externalBlueprint.Blueprint - _, err := dec.Decode(&conf) + metadata, err := dec.Decode(&conf) if err != nil { return nil, fmt.Errorf("cannot decode %q: %w", what, err) } + if len(metadata.Undecoded()) > 0 { + return nil, fmt.Errorf("cannot decode %q: unknown keys found: %v", what, metadata.Undecoded()) + } + return &conf, nil } diff --git a/bib/internal/buildconfig/config_test.go b/bib/internal/buildconfig/config_test.go index aa56a6738..f720b0368 100644 --- a/bib/internal/buildconfig/config_test.go +++ b/bib/internal/buildconfig/config_test.go @@ -134,6 +134,16 @@ func TestReadLegacyJSONConfig(t *testing.T) { assert.Equal(t, expectedBuildConfig, cfg) } +func TestTomlUnknownKeysError(t *testing.T) { + fakeUserCnfPath := makeFakeConfig(t, "config.toml", ` +[[birds]] +name = "toucan" +`) + _, err := buildconfig.ReadWithFallback(fakeUserCnfPath) + + assert.ErrorContains(t, err, "unknown keys found: [birds birds.name]") +} + func TestJsonUnknownKeysError(t *testing.T) { fakeUserCnfPath := makeFakeConfig(t, "config.json", ` { From e8496405a08529b84124222588bd6c90fd9b5787 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 8 Apr 2025 12:21:44 +0200 Subject: [PATCH 025/254] test: convert test_manifest_disk_customization_lvm to TOML By moving the LVM disk customization test to TOML we will catch issues with our TOML parsing early, i.e. we can catch the regression we encountered when applying strict TOML parsing. This is also tested in https://github.com/osbuild/blueprint/pull/12 but having it here again for good measure is a good idea. --- test/test_manifest.py | 36 +++++++++++++----------------------- 1 file changed, 13 insertions(+), 23 deletions(-) diff --git a/test/test_manifest.py b/test/test_manifest.py index 9e744976a..4f990b837 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -608,33 +608,23 @@ def test_manifest_disk_customization_lvm(tmp_path, build_container): container_ref = "quay.io/centos-bootc/centos-bootc:stream9" testutil.pull_container(container_ref) - config = { - "customizations": { - "disk": { - "partitions": [ - { - "type": "lvm", - "minsize": "10 GiB", - "logical_volumes": [ - { - "minsize": "10 GiB", - "fs_type": "ext4", - "mountpoint": "/", - } - ] - } - ] - } - } - } - config_path = tmp_path / "config.json" - with config_path.open("w") as config_file: - json.dump(config, config_file) + config = textwrap.dedent("""\ + [[customizations.disk.partitions]] + type = "lvm" + minsize = "10 GiB" + + [[customizations.disk.partitions.logical_volumes]] + minsize = "10 GiB" + fs_type = "ext4" + mountpoint = "/" + """) + config_path = tmp_path / "config.toml" + config_path.write_text(config) testutil.pull_container(container_ref) output = subprocess.check_output([ *testutil.podman_run_common, - "-v", f"{config_path}:/config.json:ro", + "-v", f"{config_path}:/config.toml:ro", build_container, "manifest", f"{container_ref}", ]) From fc0593b78b6449a4c06d5dcfa0e95843d9737c50 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Apr 2025 04:41:12 +0000 Subject: [PATCH 026/254] build(deps): bump github.com/osbuild/blueprint Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/blueprint](https://github.com/osbuild/blueprint). Updates `github.com/osbuild/blueprint` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/osbuild/blueprint/releases) - [Commits](https://github.com/osbuild/blueprint/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/osbuild/blueprint dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index dff9fe3e2..c009e0b71 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,7 +6,7 @@ require ( github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.5.0 + github.com/osbuild/blueprint v1.6.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 github.com/osbuild/images v0.133.0 github.com/sirupsen/logrus v1.9.3 diff --git a/bib/go.sum b/bib/go.sum index 685500679..695a721ca 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -234,8 +234,8 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/osbuild/blueprint v1.5.0 h1:ca3C32Ltx+2P2eEZrI1fyutAInpwojl+NdQZKOrIR+Q= -github.com/osbuild/blueprint v1.5.0/go.mod h1:0d3dlY8aSJ6jM6NHwBmJFF1VIySsp/GsDpcJQ0yrOqM= +github.com/osbuild/blueprint v1.6.0 h1:HUV1w/dMxpgqOgVtHhfTZE3zRmWQkuW/qTfx9smKImI= +github.com/osbuild/blueprint v1.6.0/go.mod h1:0d3dlY8aSJ6jM6NHwBmJFF1VIySsp/GsDpcJQ0yrOqM= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= github.com/osbuild/images v0.133.0 h1:JS23Q2OtS9ktGyLXchsT3gCcD5wXhu/JohPWYilSGTw= From fad1e69c09cf90c67461b55f1f6908f5f9266e6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Apr 2025 04:40:26 +0000 Subject: [PATCH 027/254] build(deps): bump sclorg/testing-farm-as-github-action from 3 to 4 Bumps [sclorg/testing-farm-as-github-action](https://github.com/sclorg/testing-farm-as-github-action) from 3 to 4. - [Release notes](https://github.com/sclorg/testing-farm-as-github-action/releases) - [Commits](https://github.com/sclorg/testing-farm-as-github-action/compare/v3...v4) --- updated-dependencies: - dependency-name: sclorg/testing-farm-as-github-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/testingfarm-unit.yml | 2 +- .github/workflows/testingfarm.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/testingfarm-unit.yml b/.github/workflows/testingfarm-unit.yml index 67f900dca..ab378281e 100644 --- a/.github/workflows/testingfarm-unit.yml +++ b/.github/workflows/testingfarm-unit.yml @@ -31,7 +31,7 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} - name: Run the tests - uses: sclorg/testing-farm-as-github-action@v3 + uses: sclorg/testing-farm-as-github-action@v4 with: compose: Fedora-40 tmt_plan_regex: "/plans/unit-go" diff --git a/.github/workflows/testingfarm.yml b/.github/workflows/testingfarm.yml index 82c2c2732..2d5b39cf6 100644 --- a/.github/workflows/testingfarm.yml +++ b/.github/workflows/testingfarm.yml @@ -48,7 +48,7 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} - name: Run the tests - uses: sclorg/testing-farm-as-github-action@v3 + uses: sclorg/testing-farm-as-github-action@v4 with: compose: Fedora-40 tmt_plan_regex: "/plans/integration" From 4d57ffa832b8b6eb96515597acbcff21611431a9 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 28 Apr 2025 13:11:20 +0200 Subject: [PATCH 028/254] test: enable `osinfo_for()` centos10 This commit enables testing for centos10 based installer images. The fix https://gitlab.com/libosinfo/osinfo-db/-/commit/fc811ba5a792967e22a0108de5a245b23da3cc66 is now released. --- test/test_build.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/test/test_build.py b/test/test_build.py index f45318e07..8213c35f2 100644 --- a/test/test_build.py +++ b/test/test_build.py @@ -634,11 +634,7 @@ def osinfo_for(it: ImageBuildResult, arch: str) -> str: if it.container_ref.endswith("/centos-bootc/centos-bootc:stream9"): return f"{base} 'CentOS Stream 9 ({arch})'\n" if it.container_ref.endswith("/centos-bootc/centos-bootc:stream10"): - # XXX: uncomment once - # https://gitlab.com/libosinfo/osinfo-db/-/commit/fc811ba5a792967e22a0108de5a245b23da3cc66 - # gets released - # return f"CentOS Stream 10 ({arch})" - return "" + return f"Media is an installer for OS 'CentOS Stream 10 ({arch})'\n" if "/fedora/fedora-bootc:" in it.container_ref: ver = it.container_ref.rsplit(":", maxsplit=1)[1] return f"{base} 'Fedora Server {ver} ({arch})'\n" From c53bca99c41d6102d6f373f71519840a6361fe13 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 25 Apr 2025 18:04:40 +0200 Subject: [PATCH 029/254] source: add `OSRelease.IDLike` support Read the ID_LIKE field and expose in OSRelease. --- bib/internal/source/source.go | 7 +++++++ bib/internal/source/source_test.go | 31 ++++++++++++++++++++---------- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/bib/internal/source/source.go b/bib/internal/source/source.go index f2508e64a..f8492d81e 100644 --- a/bib/internal/source/source.go +++ b/bib/internal/source/source.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "path" + "strings" "github.com/sirupsen/logrus" @@ -16,6 +17,7 @@ type OSRelease struct { VersionID string Name string VariantID string + IDLike []string } type Info struct { @@ -69,6 +71,10 @@ func LoadInfo(root string) (*Info, error) { if err != nil { logrus.Debugf("cannot read UEFI vendor: %v, setting it to none", err) } + var idLike []string + if osrelease["ID_LIKE"] != "" { + idLike = strings.Split(osrelease["ID_LIKE"], " ") + } return &Info{ OSRelease: OSRelease{ @@ -77,6 +83,7 @@ func LoadInfo(root string) (*Info, error) { Name: osrelease["NAME"], PlatformID: osrelease["PLATFORM_ID"], VariantID: osrelease["VARIANT_ID"], + IDLike: idLike, }, UEFIVendor: vendor, diff --git a/bib/internal/source/source_test.go b/bib/internal/source/source_test.go index 8f7c7c28a..1c493626e 100644 --- a/bib/internal/source/source_test.go +++ b/bib/internal/source/source_test.go @@ -3,13 +3,14 @@ package source import ( "os" "path" + "strings" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) -func writeOSRelease(root, id, versionID, name, platformID, variantID string) error { +func writeOSRelease(root, id, versionID, name, platformID, variantID, idLike string) error { err := os.MkdirAll(path.Join(root, "etc"), 0755) if err != nil { return err @@ -31,6 +32,9 @@ func writeOSRelease(root, id, versionID, name, platformID, variantID string) err if variantID != "" { buf += "VARIANT_ID=" + variantID + "\n" } + if idLike != "" { + buf += "ID_LIKE=" + idLike + "\n" + } return os.WriteFile(path.Join(root, "etc/os-release"), []byte(buf), 0644) } @@ -52,21 +56,23 @@ func TestLoadInfo(t *testing.T) { uefiVendor string platformID string variantID string + idLike string errorStr string }{ - {"happy", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", ""}, - {"happy-no-uefi", "fedora", "40", "Fedora Linux", "", "platform:f40", "coreos", ""}, - {"happy-no-variant_id", "fedora", "40", "Fedora Linux", "", "platform:f40", "", ""}, - {"sad-no-id", "", "40", "Fedora Linux", "fedora", "platform:f40", "", "missing ID in os-release"}, - {"sad-no-id", "fedora", "", "Fedora Linux", "fedora", "platform:f40", "", "missing VERSION_ID in os-release"}, - {"sad-no-id", "fedora", "40", "", "fedora", "platform:f40", "", "missing NAME in os-release"}, - {"sad-no-id", "fedora", "40", "Fedora Linux", "fedora", "", "", "missing PLATFORM_ID in os-release"}, + {"happy", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", ""}, + {"happy-no-uefi", "fedora", "40", "Fedora Linux", "", "platform:f40", "coreos", "", ""}, + {"happy-no-variant_id", "fedora", "40", "Fedora Linux", "", "platform:f40", "", "", ""}, + {"happy-with-id-like", "centos", "9", "CentOS Stream", "", "platform:el9", "", "rhel fedora", ""}, + {"sad-no-id", "", "40", "Fedora Linux", "fedora", "platform:f40", "", "", "missing ID in os-release"}, + {"sad-no-id", "fedora", "", "Fedora Linux", "fedora", "platform:f40", "", "", "missing VERSION_ID in os-release"}, + {"sad-no-id", "fedora", "40", "", "fedora", "platform:f40", "", "", "missing NAME in os-release"}, + {"sad-no-id", "fedora", "40", "Fedora Linux", "fedora", "", "", "", "missing PLATFORM_ID in os-release"}, } for _, c := range cases { t.Run(c.desc, func(t *testing.T) { root := t.TempDir() - require.NoError(t, writeOSRelease(root, c.id, c.versionID, c.name, c.platformID, c.variantID)) + require.NoError(t, writeOSRelease(root, c.id, c.versionID, c.name, c.platformID, c.variantID, c.idLike)) if c.uefiVendor != "" { require.NoError(t, createBootupdEFI(root, c.uefiVendor)) @@ -85,7 +91,12 @@ func TestLoadInfo(t *testing.T) { assert.Equal(t, c.uefiVendor, info.UEFIVendor) assert.Equal(t, c.platformID, info.OSRelease.PlatformID) assert.Equal(t, c.variantID, info.OSRelease.VariantID) - + if c.idLike == "" { + assert.Equal(t, len(info.OSRelease.IDLike), 0) + } else { + expected := strings.Split(c.idLike, " ") + assert.Equal(t, expected, info.OSRelease.IDLike) + } }) } } From ea517bf2c59bf1925a1ee301c096dbbb7f9b6d53 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 25 Apr 2025 17:39:15 +0200 Subject: [PATCH 030/254] image: set `UseRHELLoraxTemplates` only on rhel/centos/eln This commit flips the detection if we need the rhel lorax template. It will only use it when it detect running on rhel/centos/eln. This should help with the common case of distros that need the generic lorax template but do not set the name to fedora. --- bib/cmd/bootc-image-builder/image.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 5c86fb5d4..a14385f0a 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -7,6 +7,7 @@ import ( "math" "math/big" "math/rand" + "slices" "strconv" "strings" @@ -435,6 +436,10 @@ func labelForISO(os *source.OSRelease, arch *arch.Arch) string { } } +func needsRHELLoraxTemplates(si source.OSRelease) bool { + return si.ID == "rhel" || slices.Contains(si.IDLike, "rhel") || si.VersionID == "eln" +} + func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, error) { if c.Imgref == "" { return nil, fmt.Errorf("pipeline: no base image defined") @@ -498,9 +503,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro img.Kickstart.OSTree = &kickstart.OSTree{ OSName: "default", } - // use lorax-templates-rhel if the source distro is not Fedora with the exception of Fedora ELN - img.UseRHELLoraxTemplates = - c.SourceInfo.OSRelease.ID != "fedora" || c.SourceInfo.OSRelease.VersionID == "eln" + img.UseRHELLoraxTemplates = needsRHELLoraxTemplates(c.SourceInfo.OSRelease) switch c.Architecture { case arch.ARCH_X86_64: From 84200d36fbe125a86c573fefdcdddfa60ba86df0 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 29 Apr 2025 10:30:51 +0200 Subject: [PATCH 031/254] test: split test_build.py into test_build_{disk,iso} Split this big test into smaller files because we will run the tests in parallel via a dynamic (per-file) github matrix. This will allow faster tests and easier re-runs if a single test is flaky only a small subset will have to be retriggered. --- test/{test_build.py => test_build_disk.py} | 47 ------------ test/test_build_iso.py | 85 ++++++++++++++++++++++ 2 files changed, 85 insertions(+), 47 deletions(-) rename test/{test_build.py => test_build_disk.py} (92%) create mode 100644 test/test_build_iso.py diff --git a/test/test_build.py b/test/test_build_disk.py similarity index 92% rename from test/test_build.py rename to test/test_build_disk.py index 8213c35f2..decf5c707 100644 --- a/test/test_build.py +++ b/test/test_build_disk.py @@ -610,53 +610,6 @@ def test_image_build_without_se_linux_denials(image_type): f"denials in log {image_type.journal_output}" -@pytest.mark.skipif(platform.system() != "Linux", reason="boot test only runs on linux right now") -@pytest.mark.parametrize("image_type", gen_testcases("anaconda-iso"), indirect=["image_type"]) -def test_iso_installs(image_type): - installer_iso_path = image_type.img_path - test_disk_path = installer_iso_path.with_name("test-disk.img") - with open(test_disk_path, "w", encoding="utf8") as fp: - fp.truncate(10_1000_1000_1000) - # install to test disk - with QEMU(test_disk_path, cdrom=installer_iso_path) as vm: - vm.start(wait_event="qmp:RESET", snapshot=False, use_ovmf=True) - vm.force_stop() - # boot test disk and do extremly simple check - with QEMU(test_disk_path) as vm: - vm.start(use_ovmf=True) - exit_status, _ = vm.run("true", user=image_type.username, password=image_type.password) - assert exit_status == 0 - assert_kernel_args(vm, image_type) - - -def osinfo_for(it: ImageBuildResult, arch: str) -> str: - base = "Media is an installer for OS" - if it.container_ref.endswith("/centos-bootc/centos-bootc:stream9"): - return f"{base} 'CentOS Stream 9 ({arch})'\n" - if it.container_ref.endswith("/centos-bootc/centos-bootc:stream10"): - return f"Media is an installer for OS 'CentOS Stream 10 ({arch})'\n" - if "/fedora/fedora-bootc:" in it.container_ref: - ver = it.container_ref.rsplit(":", maxsplit=1)[1] - return f"{base} 'Fedora Server {ver} ({arch})'\n" - raise ValueError(f"unknown osinfo string for '{it.container_ref}'") - - -@pytest.mark.skipif(platform.system() != "Linux", reason="osinfo detect test only runs on linux right now") -@pytest.mark.parametrize("image_type", gen_testcases("anaconda-iso"), indirect=["image_type"]) -def test_iso_os_detection(image_type): - installer_iso_path = image_type.img_path - arch = image_type.img_arch - if not arch: - arch = platform.machine() - result = subprocess.run([ - "osinfo-detect", - installer_iso_path, - ], capture_output=True, text=True, check=True) - osinfo_output = result.stdout - expected_output = f"Media is bootable.\n{osinfo_for(image_type, arch)}" - assert osinfo_output == expected_output - - @pytest.mark.skipif(platform.system() != "Linux", reason="osinfo detect test only runs on linux right now") @pytest.mark.skipif(not testutil.has_executable("unsquashfs"), reason="need unsquashfs") @pytest.mark.parametrize("image_type", gen_testcases("anaconda-iso"), indirect=["image_type"]) diff --git a/test/test_build_iso.py b/test/test_build_iso.py new file mode 100644 index 000000000..d702e74db --- /dev/null +++ b/test/test_build_iso.py @@ -0,0 +1,85 @@ +import os +import platform +import subprocess +from contextlib import ExitStack + +import pytest +# local test utils +import testutil +from containerbuild import build_container_fixture # pylint: disable=unused-import +from testcases import gen_testcases +from vm import QEMU + +from test_build_disk import ( + assert_kernel_args, + ImageBuildResult, +) +from test_build_disk import ( # pylint: disable=unused-import + gpg_conf_fixture, + image_type_fixture, + registry_conf_fixture, + shared_tmpdir_fixture, +) + + +@pytest.mark.skipif(platform.system() != "Linux", reason="boot test only runs on linux right now") +@pytest.mark.parametrize("image_type", gen_testcases("anaconda-iso"), indirect=["image_type"]) +def test_iso_installs(image_type): + installer_iso_path = image_type.img_path + test_disk_path = installer_iso_path.with_name("test-disk.img") + with open(test_disk_path, "w", encoding="utf8") as fp: + fp.truncate(10_1000_1000_1000) + # install to test disk + with QEMU(test_disk_path, cdrom=installer_iso_path) as vm: + vm.start(wait_event="qmp:RESET", snapshot=False, use_ovmf=True) + vm.force_stop() + # boot test disk and do extremly simple check + with QEMU(test_disk_path) as vm: + vm.start(use_ovmf=True) + exit_status, _ = vm.run("true", user=image_type.username, password=image_type.password) + assert exit_status == 0 + assert_kernel_args(vm, image_type) + + +def osinfo_for(it: ImageBuildResult, arch: str) -> str: + base = "Media is an installer for OS" + if it.container_ref.endswith("/centos-bootc/centos-bootc:stream9"): + return f"{base} 'CentOS Stream 9 ({arch})'\n" + if it.container_ref.endswith("/centos-bootc/centos-bootc:stream10"): + return f"Media is an installer for OS 'CentOS Stream 10 ({arch})'\n" + if "/fedora/fedora-bootc:" in it.container_ref: + ver = it.container_ref.rsplit(":", maxsplit=1)[1] + return f"{base} 'Fedora Server {ver} ({arch})'\n" + raise ValueError(f"unknown osinfo string for '{it.container_ref}'") + + +@pytest.mark.skipif(platform.system() != "Linux", reason="osinfo detect test only runs on linux right now") +@pytest.mark.parametrize("image_type", gen_testcases("anaconda-iso"), indirect=["image_type"]) +def test_iso_os_detection(image_type): + installer_iso_path = image_type.img_path + arch = image_type.img_arch + if not arch: + arch = platform.machine() + result = subprocess.run([ + "osinfo-detect", + installer_iso_path, + ], capture_output=True, text=True, check=True) + osinfo_output = result.stdout + expected_output = f"Media is bootable.\n{osinfo_for(image_type, arch)}" + assert osinfo_output == expected_output + + +@pytest.mark.skipif(platform.system() != "Linux", reason="osinfo detect test only runs on linux right now") +@pytest.mark.skipif(not testutil.has_executable("unsquashfs"), reason="need unsquashfs") +@pytest.mark.parametrize("image_type", gen_testcases("anaconda-iso"), indirect=["image_type"]) +def test_iso_install_img_is_squashfs(tmp_path, image_type): + installer_iso_path = image_type.img_path + with ExitStack() as cm: + mount_point = tmp_path / "cdrom" + mount_point.mkdir() + subprocess.check_call(["mount", installer_iso_path, os.fspath(mount_point)]) + cm.callback(subprocess.check_call, ["umount", os.fspath(mount_point)]) + # ensure install.img is the "flat" squashfs, before PR#777 the content + # was an intermediate ext4 image "squashfs-root/LiveOS/rootfs.img" + output = subprocess.check_output(["unsquashfs", "-ls", mount_point / "images/install.img"], text=True) + assert "usr/bin/bootc" in output From 63bab78b1949b8ad1ca02bd4236d78d9ee15d35c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 29 Apr 2025 09:39:57 +0200 Subject: [PATCH 032/254] workflow: run pytests via matrix to get more parallel runs This commit moves the test running into a matrix so that we get more parallel testing. It will still be (much) dominated by `test_build_iso.py` but at least this way a flaky test in e.g. `test_container` is much faster to re-run. With multiple VMs we can probably also parallize the tests because we have less images per VM to test so diskspace may be less of an issue. --- .github/workflows/tests.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c6d4a3338..c0859dbc5 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -70,10 +70,30 @@ jobs: # allow seemingly unreachable commands SHELLCHECK_OPTS: -e SC1091 -e SC2002 -e SC2317 + collect_tests: + runs-on: ubuntu-latest + outputs: + test_files: ${{ steps.collect.outputs.test_files }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Collect test files + id: collect + run: | + TEST_FILES=$(ls test/test_*.py | sort) + JSON_FILES=$(echo "${TEST_FILES}" | jq -R | jq -cs ) + echo "test_files=${JSON_FILES}" >> $GITHUB_OUTPUT + integration: # TODO: run this also via tmt/testing-farm name: "Integration" runs-on: ubuntu-24.04 + needs: collect_tests + strategy: + matrix: + test_file: ${{ fromJson(needs.collect_tests.outputs.test_files) }} steps: - uses: actions/checkout@v4 with: @@ -136,7 +156,7 @@ jobs: # podman needs (parts of) the environment but will break when # XDG_RUNTIME_DIR is set. # TODO: figure out what exactly podman needs - sudo -E XDG_RUNTIME_DIR= pytest-3 --basetemp=/mnt/var/tmp/bib-tests + sudo -E XDG_RUNTIME_DIR= pytest-3 --basetemp=/mnt/var/tmp/bib-tests ${{ matrix.test_file }} - name: Diskspace (after) if: ${{ always() }} run: | From 70d63cc3aaf57bda42db93c12a3c519982a10c2b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 29 Apr 2025 12:54:25 +0200 Subject: [PATCH 033/254] test: fix missing testutil.pull_container() in test_progress.py --- test/test_progress.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/test_progress.py b/test/test_progress.py index 3b7a7a2b8..b5621fea7 100644 --- a/test/test_progress.py +++ b/test/test_progress.py @@ -13,6 +13,9 @@ def test_progress_debug(tmp_path, build_fake_container): + container_ref = "quay.io/centos-bootc/centos-bootc:stream9" + testutil.pull_container(container_ref) + output_path = tmp_path / "output" output_path.mkdir(exist_ok=True) @@ -21,7 +24,7 @@ def test_progress_debug(tmp_path, build_fake_container): build_fake_container, "build", "--progress=debug", - "quay.io/centos-bootc/centos-bootc:stream9", + container_ref, ] res = subprocess.run(cmdline, capture_output=True, check=True, text=True) assert res.stderr.count("Start progressbar") == 1 From ecaaa374e44aa82b40adf7428df8ca47760da112 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20Sch=C3=BCller?= Date: Wed, 9 Apr 2025 10:33:19 +0200 Subject: [PATCH 034/254] github: bump golangci-lint version --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c0859dbc5..ed7167744 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,7 +15,7 @@ env: GO_VERSION: 1.22 # see https://golangci-lint.run/product/changelog # to select a version that supports the GO_VERSION given above - GOLANGCI_LINT_VERSION: v1.59.1 + GOLANGCI_LINT_VERSION: v2.0.2 concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} From 70637cffc6e5111cea68993f08606706c4792ddf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20Sch=C3=BCller?= Date: Thu, 10 Apr 2025 11:36:20 +0200 Subject: [PATCH 035/254] Makefile,github: implement `make lint` and centralize GOLANGCI_LINT_VERSION --- .github/workflows/tests.yml | 9 +++++---- Makefile | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ed7167744..947ca366f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -13,9 +13,6 @@ on: env: GO_VERSION: 1.22 - # see https://golangci-lint.run/product/changelog - # to select a version that supports the GO_VERSION given above - GOLANGCI_LINT_VERSION: v2.0.2 concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} @@ -44,10 +41,14 @@ jobs: - name: Install libgpgme devel package run: sudo apt install -y libgpgme-dev libbtrfs-dev libdevmapper-dev + - name: Extract golangci-lint version from Makefile + id: golangci_lint_version + run: echo "GOLANGCI_LINT_VERSION=$(awk -F '=' '/^GOLANGCI_LINT_VERSION *=/{print $2}' Makefile)" >> "$GITHUB_OUTPUT" + - name: Run golangci-lint uses: golangci/golangci-lint-action@v7 with: - version: ${{ env.GOLANGCI_LINT_VERSION }} + version: ${{ steps.golangci_lint_version.outputs.GOLANGCI_LINT_VERSION }} args: --timeout 5m0s working-directory: bib diff --git a/Makefile b/Makefile index e738d2302..4af70ed83 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,13 @@ .PHONY: all all: build-binary build-container +GOLANGCI_LINT_VERSION=v2.0.2 +GO_BINARY?=go + +# the fallback '|| echo "golangci-lint' really expects this file +# NOT to exist! This is just a trigger to help installing golangci-lint +GOLANGCI_LINT_BIN=$(shell which golangci-lint 2>/dev/null || echo "golangci-lint") + .PHONY: help help: @echo 'Usage:' @@ -45,3 +52,14 @@ push-check: build-binary build-container test ## run all checks and tests befor exit 1; \ fi @echo "All looks good - congratulations" + +$(GOLANGCI_LINT_BIN): + @echo "golangci-lint does not seem to be installed" + @read -p "Press to install it or -c to abort" + $(GO_BINARY) install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION) || \ + ( echo "if the go version is a problem, you can set GO_BINARY e.g. GO_BINARY=go.1.23.8 \ + after installing it e.g. go install golang.org/dl/go1.23.8@latest" ; exit 1 ) + +.PHONY: lint +lint: $(GOLANGCI_LINT_BIN) ## run the linters to check for bad code + cd bib && $(GOLANGCI_LINT_BIN) run From 349926dfa5b09b9d3ff640e774890d76ee24a0f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20Sch=C3=BCller?= Date: Thu, 10 Apr 2025 11:37:50 +0200 Subject: [PATCH 036/254] bib: fix linter problems New linter problems arose after updating golangci-lint's version. --- bib/cmd/bootc-image-builder/cloud.go | 1 + bib/cmd/bootc-image-builder/image.go | 2 +- bib/cmd/bootc-image-builder/image_test.go | 10 +++++----- bib/cmd/bootc-image-builder/main.go | 1 + bib/cmd/upload/main.go | 1 + bib/internal/buildconfig/config.go | 1 + bib/internal/buildconfig/config_test.go | 1 + 7 files changed, 11 insertions(+), 6 deletions(-) diff --git a/bib/cmd/bootc-image-builder/cloud.go b/bib/cmd/bootc-image-builder/cloud.go index 17b0ab4f5..483f4ae52 100644 --- a/bib/cmd/bootc-image-builder/cloud.go +++ b/bib/cmd/bootc-image-builder/cloud.go @@ -29,6 +29,7 @@ func upload(uploader cloud.Uploader, path string, flags *pflag.FlagSet) error { if err != nil { return fmt.Errorf("cannot upload: %v", err) } + // nolint:errcheck defer file.Close() var r io.Reader = file diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index a14385f0a..b82852f6b 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -126,7 +126,7 @@ func checkMountpoints(filesystems []blueprint.FilesystemCustomization, policy *p } } if len(errs) > 0 { - return fmt.Errorf("The following errors occurred while validating custom mountpoints:\n%w", errors.Join(errs...)) + return fmt.Errorf("the following errors occurred while validating custom mountpoints:\n%w", errors.Join(errs...)) } return nil } diff --git a/bib/cmd/bootc-image-builder/image_test.go b/bib/cmd/bootc-image-builder/image_test.go index f8e189535..c84e88832 100644 --- a/bib/cmd/bootc-image-builder/image_test.go +++ b/bib/cmd/bootc-image-builder/image_test.go @@ -108,7 +108,7 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { {Mountpoint: "/ostree"}, }, ptmode: disk.RawPartitioningMode, - expectedErr: "The following errors occurred while validating custom mountpoints:\npath \"/ostree\" is not allowed", + expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/ostree\" is not allowed", }, { fsCust: []blueprint.FilesystemCustomization{ @@ -116,7 +116,7 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { {Mountpoint: "/var"}, }, ptmode: disk.RawPartitioningMode, - expectedErr: "The following errors occurred while validating custom mountpoints:\npath \"/var\" is not allowed", + expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/var\" is not allowed", }, { fsCust: []blueprint.FilesystemCustomization{ @@ -124,7 +124,7 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { {Mountpoint: "/var/data"}, }, ptmode: disk.BtrfsPartitioningMode, - expectedErr: "The following errors occurred while validating custom mountpoints:\npath \"/var/data\" is not allowed", + expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/var/data\" is not allowed", }, { fsCust: []blueprint.FilesystemCustomization{ @@ -132,7 +132,7 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { {Mountpoint: "/boot/"}, }, ptmode: disk.BtrfsPartitioningMode, - expectedErr: "The following errors occurred while validating custom mountpoints:\npath \"/boot/\" must be canonical", + expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/boot/\" must be canonical", }, { fsCust: []blueprint.FilesystemCustomization{ @@ -141,7 +141,7 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { {Mountpoint: "/opt"}, }, ptmode: disk.BtrfsPartitioningMode, - expectedErr: "The following errors occurred while validating custom mountpoints:\npath \"/boot/\" must be canonical\npath \"/opt\" is not allowed", + expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/boot/\" must be canonical\npath \"/opt\" is not allowed", }, } { if tc.expectedErr == "" { diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 804b44a0b..1e31052c2 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -176,6 +176,7 @@ func saveManifest(ms manifest.OSBuildManifest, fpath string) error { if err != nil { return fmt.Errorf("failed to create output file %q: %s", fpath, err.Error()) } + // nolint:errcheck defer fp.Close() if _, err := fp.Write(b); err != nil { return fmt.Errorf("failed to write output file %q: %s", fpath, err.Error()) diff --git a/bib/cmd/upload/main.go b/bib/cmd/upload/main.go index 5dfcdd08b..d97d9981b 100644 --- a/bib/cmd/upload/main.go +++ b/bib/cmd/upload/main.go @@ -40,6 +40,7 @@ func uploadAMI(cmd *cobra.Command, args []string) { f, err := os.Open(filename) check(err) + // nolint:errcheck defer f.Close() check(uploader.UploadAndRegister(f, os.Stderr)) diff --git a/bib/internal/buildconfig/config.go b/bib/internal/buildconfig/config.go index ba60bf096..253c5e199 100644 --- a/bib/internal/buildconfig/config.go +++ b/bib/internal/buildconfig/config.go @@ -87,6 +87,7 @@ func loadConfig(path string) (*externalBlueprint.Blueprint, error) { if err != nil { return nil, err } + // nolint:errcheck defer fp.Close() } diff --git a/bib/internal/buildconfig/config_test.go b/bib/internal/buildconfig/config_test.go index f720b0368..63e02bff4 100644 --- a/bib/internal/buildconfig/config_test.go +++ b/bib/internal/buildconfig/config_test.go @@ -184,6 +184,7 @@ func TestReadWithFallbackFromStdin(t *testing.T) { fakeUserCnfPath := makeFakeConfig(t, "fake-stdin", fakeConfigJSON) fakeStdinFp, err := os.Open(fakeUserCnfPath) require.NoError(t, err) + // nolint:errcheck defer fakeStdinFp.Close() restore := buildconfig.MockOsStdin(fakeStdinFp) From 52627da90e0b7b432b72e817123d29c896cc070e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20Sch=C3=BCller?= Date: Thu, 10 Apr 2025 11:50:39 +0200 Subject: [PATCH 037/254] Makefile: include running go tests in `make test` --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 4af70ed83..043288e69 100644 --- a/Makefile +++ b/Makefile @@ -27,6 +27,7 @@ clean: ## clean all build and test artifacts .PHONY: test test: ## run all tests - Be aware that the tests take a really long time + cd bib && go test -race ./... @echo "Be aware that the tests take a really long time" @echo "Running tests as root" sudo -E pip install --user -r test/requirements.txt From 53d613123fb382950ee0e3582cb6b9a062949263 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20Sch=C3=BCller?= Date: Thu, 10 Apr 2025 13:31:36 +0200 Subject: [PATCH 038/254] bib/cmd/bootc-image-builder: check error of file.Close() when writing Uses the named return value `err` to return possible errors. --- bib/cmd/bootc-image-builder/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 1e31052c2..7d35a6f3f 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -2,6 +2,7 @@ package main import ( "encoding/json" + "errors" "fmt" "io" "log" @@ -166,7 +167,7 @@ func makeManifest(c *ManifestConfig, solver *dnfjson.Solver, cacheRoot string) ( return mf, depsolvedRepos, nil } -func saveManifest(ms manifest.OSBuildManifest, fpath string) error { +func saveManifest(ms manifest.OSBuildManifest, fpath string) (err error) { b, err := json.MarshalIndent(ms, "", " ") if err != nil { return fmt.Errorf("failed to marshal data for %q: %s", fpath, err.Error()) @@ -176,8 +177,7 @@ func saveManifest(ms manifest.OSBuildManifest, fpath string) error { if err != nil { return fmt.Errorf("failed to create output file %q: %s", fpath, err.Error()) } - // nolint:errcheck - defer fp.Close() + defer func() { err = errors.Join(err, fp.Close()) }() if _, err := fp.Write(b); err != nil { return fmt.Errorf("failed to write output file %q: %s", fpath, err.Error()) } From 82d716970c3381ef68266368cb0265fc0d406ab5 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 30 Apr 2025 19:22:18 +0200 Subject: [PATCH 039/254] test: update test_mount_ostree_error The previous commits changed the error message which is part of this test. Update it accordingly. --- test/test_manifest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_manifest.py b/test/test_manifest.py index 4f990b837..d10b32abb 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -304,7 +304,7 @@ def test_mount_ostree_error(tmpdir_factory, build_container): "manifest", f"{container_ref}", "--config", "/output/config.json", ], stderr=subprocess.PIPE, encoding="utf8") - assert 'The following errors occurred while validating custom mountpoints:\npath "/ostree" is not allowed' \ + assert 'the following errors occurred while validating custom mountpoints:\npath "/ostree" is not allowed' \ in exc.value.stderr From 2757f4e001f574a606ef982c8aeb44c0eef4f6a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 04:38:51 +0000 Subject: [PATCH 040/254] build(deps): bump golangci/golangci-lint-action from 7 to 8 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 7 to 8. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v7...v8) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 947ca366f..844e89eb7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -46,7 +46,7 @@ jobs: run: echo "GOLANGCI_LINT_VERSION=$(awk -F '=' '/^GOLANGCI_LINT_VERSION *=/{print $2}' Makefile)" >> "$GITHUB_OUTPUT" - name: Run golangci-lint - uses: golangci/golangci-lint-action@v7 + uses: golangci/golangci-lint-action@v8 with: version: ${{ steps.golangci_lint_version.outputs.GOLANGCI_LINT_VERSION }} args: --timeout 5m0s From 36a0f11f80ed187a3577a4c205fee3b74bb903e9 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 30 Apr 2025 11:16:49 +0200 Subject: [PATCH 041/254] test: split cross-arch test into its own file This commit moves the cross arch build into its own file so that it ran run in parallel in the GH runners. Its is a relatively expensive test (~20min on my machine, ~30min on GH) so moving it out should save quite a bit of time. --- test/test_build_cross.py | 23 +++++++++++++++++++++++ test/test_build_disk.py | 4 ++++ test/testcases.py | 19 ++++++++++--------- 3 files changed, 37 insertions(+), 9 deletions(-) create mode 100644 test/test_build_cross.py diff --git a/test/test_build_cross.py b/test/test_build_cross.py new file mode 100644 index 000000000..12b89eebd --- /dev/null +++ b/test/test_build_cross.py @@ -0,0 +1,23 @@ +import platform + +import pytest + +from testcases import gen_testcases + +from test_build_disk import ( # pylint: disable=unused-import + assert_disk_image_boots, + build_container_fixture, + gpg_conf_fixture, + image_type_fixture, + registry_conf_fixture, + shared_tmpdir_fixture, +) + + +# This testcase is not part of "test_build_disk.py:test_image_boots" +# because it takes ~30min on the GH runners so moving it into a +# separate file ensures it is run in parallel on GH. +@pytest.mark.skipif(platform.system() != "Linux", reason="boot test only runs on linux right now") +@pytest.mark.parametrize("image_type", gen_testcases("qemu-cross"), indirect=["image_type"]) +def test_image_boots_cross(image_type): + assert_disk_image_boots(image_type) diff --git a/test/test_build_disk.py b/test/test_build_disk.py index decf5c707..63699aac2 100644 --- a/test/test_build_disk.py +++ b/test/test_build_disk.py @@ -520,6 +520,10 @@ def assert_kernel_args(test_vm, image_type): @pytest.mark.skipif(platform.system() != "Linux", reason="boot test only runs on linux right now") @pytest.mark.parametrize("image_type", gen_testcases("qemu-boot"), indirect=["image_type"]) def test_image_boots(image_type): + assert_disk_image_boots(image_type) + + +def assert_disk_image_boots(image_type): with QEMU(image_type.img_path, arch=image_type.img_arch) as test_vm: # user/password login works exit_status, _ = test_vm.run("true", user=image_type.username, password=image_type.password) diff --git a/test/testcases.py b/test/testcases.py index 88ed8cd82..c246d98ee 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -100,8 +100,17 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements TestCaseC9S(image="anaconda-iso"), TestCaseC10S(image="anaconda-iso"), ] + if what == "qemu-cross": + test_cases = [] + if platform.machine() == "x86_64": + test_cases.append( + TestCaseC9S(image="raw", target_arch="arm64")) + elif platform.machine() == "arm64": + # TODO: add arm64->x86_64 cross build test too + pass + return test_cases if what == "qemu-boot": - test_cases = [ + return [ # test default partitioning TestCaseFedora(image="qcow2"), # test with custom disk configs @@ -109,14 +118,6 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements TestCaseFedora(image="raw", disk_config="btrfs"), TestCaseC9S(image="raw", disk_config="lvm"), ] - # do a cross arch test too - if platform.machine() == "x86_64": - test_cases.append( - TestCaseC9S(image="raw", target_arch="arm64")) - elif platform.machine() == "arm64": - # TODO: add arm64->x86_64 cross build test too - pass - return test_cases if what == "all": return [ klass(image=img) From 07e8bf7664635b036657fb467c5a0662192f1301 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 5 May 2025 09:29:57 +0200 Subject: [PATCH 042/254] Makefile: bump version of golang-ci to 2.1.6 We currently see errors in bib CI like: ``` Error: Failed to run: Error: requested golangci-lint version 'v2.0.2' isn't supported: we support only v2.1.0 and later versions, Error: requested golangci-lint version 'v2.0.2' isn't supported: we support only v2.1.0 and later versions ``` (c.f. https://github.com/osbuild/bootc-image-builder/actions/runs/14831005614/job/41632016536?pr=906) So bump the version to fix this. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 043288e69..aff0a97fc 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ .PHONY: all all: build-binary build-container -GOLANGCI_LINT_VERSION=v2.0.2 +GOLANGCI_LINT_VERSION=v2.1.6 GO_BINARY?=go # the fallback '|| echo "golangci-lint' really expects this file From c6b14f0f0f1c21f5c6c2bb4b25755e9f94f2b53c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 6 May 2025 12:37:30 +0200 Subject: [PATCH 043/254] source: make PLATFORM_ID in /etc/os-release optional The PLATFORM_ID got retired from fedora-43 [0] and it seems like it was always kinda optional. So lets make it optional for real to avoid failing to build fedora-43 images. [0] https://fedoraproject.org/wiki/Changes/Drop_PLATFORM_ID --- bib/internal/source/source.go | 4 ++-- bib/internal/source/source_test.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bib/internal/source/source.go b/bib/internal/source/source.go index f8492d81e..4288e2387 100644 --- a/bib/internal/source/source.go +++ b/bib/internal/source/source.go @@ -26,8 +26,8 @@ type Info struct { } func validateOSRelease(osrelease map[string]string) error { - // VARIANT_ID is optional - for _, key := range []string{"ID", "VERSION_ID", "NAME", "PLATFORM_ID"} { + // VARIANT_ID, PLATFORM_ID are optional + for _, key := range []string{"ID", "VERSION_ID", "NAME"} { if _, ok := osrelease[key]; !ok { return fmt.Errorf("missing %s in os-release", key) } diff --git a/bib/internal/source/source_test.go b/bib/internal/source/source_test.go index 1c493626e..152f941e7 100644 --- a/bib/internal/source/source_test.go +++ b/bib/internal/source/source_test.go @@ -62,11 +62,11 @@ func TestLoadInfo(t *testing.T) { {"happy", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", ""}, {"happy-no-uefi", "fedora", "40", "Fedora Linux", "", "platform:f40", "coreos", "", ""}, {"happy-no-variant_id", "fedora", "40", "Fedora Linux", "", "platform:f40", "", "", ""}, + {"happy-no-id", "fedora", "43", "Fedora Linux", "fedora", "", "", "", ""}, {"happy-with-id-like", "centos", "9", "CentOS Stream", "", "platform:el9", "", "rhel fedora", ""}, {"sad-no-id", "", "40", "Fedora Linux", "fedora", "platform:f40", "", "", "missing ID in os-release"}, {"sad-no-id", "fedora", "", "Fedora Linux", "fedora", "platform:f40", "", "", "missing VERSION_ID in os-release"}, {"sad-no-id", "fedora", "40", "", "fedora", "platform:f40", "", "", "missing NAME in os-release"}, - {"sad-no-id", "fedora", "40", "Fedora Linux", "fedora", "", "", "", "missing PLATFORM_ID in os-release"}, } for _, c := range cases { @@ -81,7 +81,7 @@ func TestLoadInfo(t *testing.T) { info, err := LoadInfo(root) if c.errorStr != "" { - require.Equal(t, c.errorStr, err.Error()) + require.EqualError(t, err, c.errorStr) return } require.NoError(t, err) From ccac1182a6a8482c6da4d36568e308f9b7237bbe Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 6 May 2025 12:56:14 +0200 Subject: [PATCH 044/254] test: update testcases for fedora42/fedora43 With fedora-42 release we move our testing to that. It also adds fedora-43 to the disk image tests. This is a bit of an experiment, if its too fragile we need to disable it again. But with a test like this we would have found https://github.com/osbuild/bootc-image-builder/issues/868 earlier. --- test/testcases.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/test/testcases.py b/test/testcases.py index c246d98ee..1921e5f65 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -45,14 +45,14 @@ def __str__(self): @dataclasses.dataclass class TestCaseFedora(TestCase): - container_ref: str = "quay.io/fedora/fedora-bootc:40" + container_ref: str = "quay.io/fedora/fedora-bootc:42" rootfs: str = "btrfs" use_librepo: bool = True @dataclasses.dataclass -class TestCaseFedora42(TestCase): - container_ref: str = "quay.io/fedora/fedora-bootc:42" +class TestCaseFedora43(TestCase): + container_ref: str = "quay.io/fedora/fedora-bootc:43" rootfs: str = "btrfs" use_librepo: bool = True @@ -115,7 +115,7 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements TestCaseFedora(image="qcow2"), # test with custom disk configs TestCaseC9S(image="qcow2", disk_config="swap"), - TestCaseFedora(image="raw", disk_config="btrfs"), + TestCaseFedora43(image="raw", disk_config="btrfs"), TestCaseC9S(image="raw", disk_config="lvm"), ] if what == "all": @@ -136,8 +136,7 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements if what == "target-arch-smoke": return [ TestCaseC9S(target_arch="arm64"), - # TODO: merge with TestCaseFedora once the arches are build there - TestCaseFedora42(target_arch="ppc64le"), - TestCaseFedora42(target_arch="s390x"), + TestCaseFedora(target_arch="ppc64le"), + TestCaseFedora(target_arch="s390x"), ] raise ValueError(f"unknown test-case type {what}") From c8315dcb743ce143101d65a3b85c614dd373c9b8 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Wed, 7 May 2025 12:26:39 +0200 Subject: [PATCH 045/254] main: drop rootfs cross-arch disable All platforms where `bootc-image-builder` runs that have `qemu-user` available have upgrade to a version >= 9.1.0. Signed-off-by: Simon de Vlieger --- bib/cmd/bootc-image-builder/main.go | 12 ------------ test/test_manifest.py | 3 +-- 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 7d35a6f3f..c5d734bca 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -278,18 +278,6 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress return nil, nil, fmt.Errorf(`no default root filesystem type specified in container, please use "--rootfs" to set manually`) } } - - // TODO: on a cross arch build we need to be conservative, i.e. we can - // only use the default ext4 because if xfs is select we run into the - // issue that mkfs.xfs calls "ioctl(BLKBSZSET)" which is missing in - // qemu-user. - // The fix has been merged upstream https://www.mail-archive.com/qemu-devel@nongnu.org/msg1037409.html - // and is expected to be included in v9.1.0 https://github.com/qemu/qemu/commit/e6e903db6a5e960e595f9f1fd034adb942dd9508 - // Remove the following condition once we update to qemu-user v9.1.0. - if cntArch != arch.Current() && rootfsType != "ext4" { - logrus.Warningf("container preferred root filesystem %q cannot be used during cross arch build", rootfsType) - rootfsType = "ext4" - } } // Gather some data from the containers distro sourceinfo, err := source.LoadInfo(container.Root()) diff --git a/test/test_manifest.py b/test/test_manifest.py index d10b32abb..2b1493698 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -556,8 +556,7 @@ def test_manifest_fs_customizations_xarch(tmp_path, build_container, fscustomiza "manifest", f"{container_ref}", ]) - # cross-arch builds only support ext4 (for now) - assert_fs_customizations(fscustomizations, "ext4", output) + assert_fs_customizations(fscustomizations, rootfs, output) def find_grub2_iso_stage_from(manifest_str): From 94fb1c52ca46b77cf6a1d14c62a4f3a3a25e8c65 Mon Sep 17 00:00:00 2001 From: Takuya Wakazono Date: Sat, 10 May 2025 02:09:03 +0900 Subject: [PATCH 046/254] image: set ISOBoot to Grub2ISOBoot for x86_64 github.com/osbuild/images v0.124.0 introduced `img.ISOBoot`. This field must be set to either `SyslinuxISOBoot` or `Grub2ISOBoot` for the ISO to boot on BIOS systems. See: https://github.com/osbuild/images/pull/1289 Closes: https://github.com/osbuild/bootc-image-builder/issues/912 --- bib/cmd/bootc-image-builder/image.go | 1 + 1 file changed, 1 insertion(+) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index b82852f6b..278147785 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -514,6 +514,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro BIOS: true, UEFIVendor: c.SourceInfo.UEFIVendor, } + img.ISOBoot = manifest.Grub2ISOBoot case arch.ARCH_AARCH64: // aarch64 always uses UEFI, so let's enforce the vendor if c.SourceInfo.UEFIVendor == "" { From 4a9c1653a73505344b36a433a154b39629749d28 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Wed, 14 May 2025 18:07:54 +0200 Subject: [PATCH 047/254] go.mod: update osbuild/images to v0.145.0 --- bib/go.mod | 6 +++--- bib/go.sum | 15 ++++++++------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index c009e0b71..a46c42e7b 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.6.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.133.0 + github.com/osbuild/images v0.145.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 @@ -24,7 +24,7 @@ require ( github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go v1.55.6 // indirect + github.com/aws/aws-sdk-go v1.55.7 // indirect github.com/containerd/cgroups/v3 v3.0.3 // indirect github.com/containerd/errdefs v0.3.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect @@ -93,7 +93,7 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0 // indirect + github.com/opencontainers/image-spec v1.1.1 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/opencontainers/selinux v1.11.1 // indirect github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f // indirect diff --git a/bib/go.sum b/bib/go.sum index 695a721ca..819deff24 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -18,8 +18,8 @@ github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpH github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk= -github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE= +github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= @@ -143,8 +143,9 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo= github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8= github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM= @@ -228,8 +229,8 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= -github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= +github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= @@ -238,8 +239,8 @@ github.com/osbuild/blueprint v1.6.0 h1:HUV1w/dMxpgqOgVtHhfTZE3zRmWQkuW/qTfx9smKI github.com/osbuild/blueprint v1.6.0/go.mod h1:0d3dlY8aSJ6jM6NHwBmJFF1VIySsp/GsDpcJQ0yrOqM= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.133.0 h1:JS23Q2OtS9ktGyLXchsT3gCcD5wXhu/JohPWYilSGTw= -github.com/osbuild/images v0.133.0/go.mod h1:Ag87vmyxooiPQBJEDILbypG8/SRIear75YA78NwLix0= +github.com/osbuild/images v0.145.0 h1:ZbY13lP02dJ090TTKq8UrPjuDrijPWKUMZQEG0zVRpA= +github.com/osbuild/images v0.145.0/go.mod h1:jY21PhkxIozII4M0xCqZL7poLtFwDJlEGj88pb3lalQ= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 9fb07fe541fb84beb492adab3c323cbed44d6cc0 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Thu, 15 May 2025 16:12:54 +0200 Subject: [PATCH 048/254] bib/data/defs: add prefixdevname to Anaconda package list The package is required by the dracut module when building ISOs. See https://github.com/osbuild/images/commit/b8425025520a57ce65d9cc506f0045cd2885fd6f --- bib/data/defs/centos-10.yaml | 1 + bib/data/defs/centos-9.yaml | 1 + bib/data/defs/fedora-40.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/bib/data/defs/centos-10.yaml b/bib/data/defs/centos-10.yaml index d5956e3e8..dcf78f042 100644 --- a/bib/data/defs/centos-10.yaml +++ b/bib/data/defs/centos-10.yaml @@ -65,6 +65,7 @@ anaconda-iso: - perl-interpreter - pigz - plymouth + - prefixdevname - python3-pyatspi - rdma-core - rng-tools diff --git a/bib/data/defs/centos-9.yaml b/bib/data/defs/centos-9.yaml index f202cb580..431642ca7 100644 --- a/bib/data/defs/centos-9.yaml +++ b/bib/data/defs/centos-9.yaml @@ -73,6 +73,7 @@ anaconda-iso: - perl-interpreter - pigz - plymouth + - prefixdevname - python3-pyatspi - rdma-core - rng-tools diff --git a/bib/data/defs/fedora-40.yaml b/bib/data/defs/fedora-40.yaml index efd64d8b1..c1431a18a 100644 --- a/bib/data/defs/fedora-40.yaml +++ b/bib/data/defs/fedora-40.yaml @@ -75,6 +75,7 @@ anaconda-iso: - perl-interpreter - pigz - plymouth + - prefixdevname - python3-pyatspi - rdma-core - realtek-firmware From 6b606d204af38623cdf6f98c3a967884f3298f82 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 7 May 2025 20:58:30 +0200 Subject: [PATCH 049/254] test: set the cache-ttl to 1h in our tests The current caching of the test containers can lead to unexpected results when e.g. the upstream osbuild repo gets updated but podman caches the relevant line in the Containerfile because the install of osbuild has not changed. To counter this the container building sets an agressive TTL of 1h for the cache. This fixes the issues locally. --- test/containerbuild.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/containerbuild.py b/test/containerbuild.py index b762a8d94..76fda8ba3 100644 --- a/test/containerbuild.py +++ b/test/containerbuild.py @@ -25,6 +25,7 @@ def make_container(container_path, arch=None): subprocess.check_call([ "podman", "build", + "--cache-ttl=1h", "-t", container_tag, "--arch", arch, container_path], encoding="utf8") @@ -41,6 +42,7 @@ def build_container_fixture(): container_tag = "bootc-image-builder-test" subprocess.check_call([ "podman", "build", + "--cache-ttl=1h", "-f", "Containerfile", "-t", container_tag, ]) From e0348c11e682d8bc35444d867695f77be7fa2391 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Wed, 7 May 2025 12:29:25 +0200 Subject: [PATCH 050/254] container: fedora 42 Let's base our upstream container on Fedora 42 now that it is GA. Signed-off-by: Simon de Vlieger --- Containerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containerfile b/Containerfile index 26bd03fd7..b8c806c07 100644 --- a/Containerfile +++ b/Containerfile @@ -1,4 +1,4 @@ -FROM registry.fedoraproject.org/fedora:41 AS builder +FROM registry.fedoraproject.org/fedora:42 AS builder RUN dnf install -y git-core golang gpgme-devel libassuan-devel && mkdir -p /build/bib COPY bib/go.mod bib/go.sum /build/bib/ ARG GOPROXY=https://proxy.golang.org,direct @@ -10,7 +10,7 @@ COPY . /build WORKDIR /build RUN ./build.sh -FROM registry.fedoraproject.org/fedora:41 +FROM registry.fedoraproject.org/fedora:42 # Fast-track osbuild so we don't depend on the "slow" Fedora release process to implement new features in bib COPY ./group_osbuild-osbuild-fedora.repo /etc/yum.repos.d/ COPY ./package-requires.txt . From 66049b592e1e1b8ecbce4d0b06fd6dbb2fead663 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Thu, 8 May 2025 07:50:54 +0200 Subject: [PATCH 051/254] many: update container to 42 Update test and devel containers to 42 as well. Signed-off-by: Simon de Vlieger --- devel/Containerfile | 6 +++--- plans/integration.fmf | 2 +- plans/unit-go.fmf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/devel/Containerfile b/devel/Containerfile index 044213934..2254010ee 100644 --- a/devel/Containerfile +++ b/devel/Containerfile @@ -1,4 +1,4 @@ -FROM registry.fedoraproject.org/fedora:40 AS osbuild-builder +FROM registry.fedoraproject.org/fedora:42 AS osbuild-builder # build osbuild RPMs RUN dnf install -y rpm-build dnf-plugins-core git-core COPY --from=osbuild . /build @@ -8,7 +8,7 @@ RUN git config --global --add safe.directory /build RUN make rpm -FROM registry.fedoraproject.org/fedora:40 AS bib-builder +FROM registry.fedoraproject.org/fedora:42 AS bib-builder # replace osbuild/images dependency and build bib RUN dnf install -y git-core golang gpgme-devel libassuan-devel COPY --from=images . /build/images @@ -22,7 +22,7 @@ WORKDIR /build RUN ./build.sh -FROM registry.fedoraproject.org/fedora:40 +FROM registry.fedoraproject.org/fedora:42 COPY --from=osbuild-builder /build/rpmbuild/RPMS/noarch/*.rpm /rpms/ COPY ./package-requires.txt . RUN grep -vE '^#' package-requires.txt | xargs dnf install -y && rm -f package-requires.txt && dnf install -y /rpms/*.rpm && dnf clean all diff --git a/plans/integration.fmf b/plans/integration.fmf index c43795dfa..2b1d01c51 100644 --- a/plans/integration.fmf +++ b/plans/integration.fmf @@ -1,7 +1,7 @@ summary: Run all tests inside a VM environment provision: how: virtual - image: fedora:40 + image: fedora:42 hardware: virtualization: is-supported: true diff --git a/plans/unit-go.fmf b/plans/unit-go.fmf index f0f075cc5..ee79d0b26 100644 --- a/plans/unit-go.fmf +++ b/plans/unit-go.fmf @@ -1,7 +1,7 @@ summary: Run all tests inside a VM environment provision: how: virtual - image: fedora:40 + image: fedora:42 prepare: how: install package: From d2fa38531ac32e821e375cf77b6b3bcd1498081a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 21 May 2025 16:57:51 +0200 Subject: [PATCH 052/254] test: disable `fedora-43` bootc test for now This commit disabled the `TestCaseFedora43` fow now because it fails in CI with: ``` ... org.osbuild.bootc.install-to-filesystem: 19bb778fae4541936924e98952fc101eabf7f1782856dd0447ae1fef4ad3ac61 { "kernel-args": [ "rw", "console=tty0", "console=ttyS0", "systemd.journald.forward_to_console=1" ], "target-imgref": "quay.io/fedora/fedora-bootc:43" } device/disk (org.osbuild.loopback): loop0 acquired (locked: False) mount/- (org.osbuild.btrfs): mounting /dev/loop0p4 -> /store/tmp/buildroot-tmp-e004ml_u/mounts/ mount/boot (org.osbuild.xfs): mounting /dev/loop0p3 -> /store/tmp/buildroot-tmp-e004ml_u/mounts/boot mount/boot-efi (org.osbuild.fat): mounting /dev/loop0p2 -> /store/tmp/buildroot-tmp-e004ml_u/mounts/boot/efi Mount transient overlayfs for /etc/containers Creating bind mount for run/osbuild/containers Installing image: docker://quay.io/fedora/fedora-bootc:43 Initializing ostree layout ERROR Installing to filesystem: Creating ostree deployment: invalid reference format ``` Until this is resolved this test (against the current in development fedora) is not useful and blocks our CI. --- test/testcases.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/testcases.py b/test/testcases.py index 1921e5f65..44d540430 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -115,7 +115,9 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements TestCaseFedora(image="qcow2"), # test with custom disk configs TestCaseC9S(image="qcow2", disk_config="swap"), - TestCaseFedora43(image="raw", disk_config="btrfs"), + # mvo: disabled 2025-05-21 because: + # "ERROR Installing to filesystem: Creating ostree deployment: invalid reference format" + # TestCaseFedora43(image="raw", disk_config="btrfs"), TestCaseC9S(image="raw", disk_config="lvm"), ] if what == "all": From 7014b1085c7ab2f303ed38f042fa45502aee3ba8 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Tue, 20 May 2025 12:10:24 +0200 Subject: [PATCH 053/254] buildconfig: Export LoadConfig() helper This lets you load a config from a specific file (only). This will be needed to load embedded customization files. --- bib/internal/buildconfig/config.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bib/internal/buildconfig/config.go b/bib/internal/buildconfig/config.go index 253c5e199..599e2ebbf 100644 --- a/bib/internal/buildconfig/config.go +++ b/bib/internal/buildconfig/config.go @@ -101,6 +101,16 @@ func loadConfig(path string) (*externalBlueprint.Blueprint, error) { } } +func LoadConfig(path string) (*imagesBlueprint.Blueprint, error) { + externalBp, err := loadConfig(path) + if err != nil { + return nil, err + } + + bp := externalBlueprint.Convert(*externalBp) + return &bp, nil +} + func readWithFallback(userConfig string) (*externalBlueprint.Blueprint, error) { // user asked for an explicit config if userConfig != "" { From 1617d1f1a0ab07e00f94804669bf800713a65f4c Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Tue, 20 May 2025 12:11:22 +0200 Subject: [PATCH 054/254] source: Support loading embedded customization file This loads a blueprint from /usr/lib/bootc-image-builder/ called either config.json or config.toml. It is in a standard blueprint format, but we only extract the "Customization" part of it. --- bib/internal/source/source.go | 38 ++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/bib/internal/source/source.go b/bib/internal/source/source.go index 4288e2387..059bfcccc 100644 --- a/bib/internal/source/source.go +++ b/bib/internal/source/source.go @@ -8,9 +8,13 @@ import ( "github.com/sirupsen/logrus" + "github.com/osbuild/bootc-image-builder/bib/internal/buildconfig" + "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/distro" ) +const bibPathPrefix = "usr/lib/bootc-image-builder" + type OSRelease struct { PlatformID string ID string @@ -21,8 +25,9 @@ type OSRelease struct { } type Info struct { - OSRelease OSRelease - UEFIVendor string + OSRelease OSRelease + UEFIVendor string + ImageCustomization *blueprint.Customizations } func validateOSRelease(osrelease map[string]string) error { @@ -58,6 +63,26 @@ func uefiVendor(root string) (string, error) { return "", fmt.Errorf("cannot find UEFI vendor in %s", bootupdEfiDir) } +func readImageCustomization(root string) (*blueprint.Customizations, error) { + prefix := path.Join(root, bibPathPrefix) + config, err := buildconfig.LoadConfig(path.Join(prefix, "config.json")) + if err != nil && !os.IsNotExist(err) { + return nil, err + } + if config == nil { + config, err = buildconfig.LoadConfig(path.Join(prefix, "config.toml")) + if err != nil && !os.IsNotExist(err) { + return nil, err + } + } + // no config found in either toml/json + if config == nil { + return nil, nil + } + + return config.Customizations, nil +} + func LoadInfo(root string) (*Info, error) { osrelease, err := distro.ReadOSReleaseFromTree(root) if err != nil { @@ -71,6 +96,12 @@ func LoadInfo(root string) (*Info, error) { if err != nil { logrus.Debugf("cannot read UEFI vendor: %v, setting it to none", err) } + + customization, err := readImageCustomization(root) + if err != nil { + return nil, err + } + var idLike []string if osrelease["ID_LIKE"] != "" { idLike = strings.Split(osrelease["ID_LIKE"], " ") @@ -86,6 +117,7 @@ func LoadInfo(root string) (*Info, error) { IDLike: idLike, }, - UEFIVendor: vendor, + UEFIVendor: vendor, + ImageCustomization: customization, }, nil } From 2443a17498ac729795907637ba2e691f8a09b308 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 21 May 2025 10:33:37 +0200 Subject: [PATCH 055/254] source: Add unit test for loading embedded customizations --- bib/internal/source/source_test.go | 86 ++++++++++++++++++++++++++---- 1 file changed, 77 insertions(+), 9 deletions(-) diff --git a/bib/internal/source/source_test.go b/bib/internal/source/source_test.go index 152f941e7..7060cb29a 100644 --- a/bib/internal/source/source_test.go +++ b/bib/internal/source/source_test.go @@ -1,6 +1,7 @@ package source import ( + "fmt" "os" "path" "strings" @@ -47,6 +48,52 @@ func createBootupdEFI(root, uefiVendor string) error { return os.Mkdir(path.Join(root, "usr/lib/bootupd/updates/EFI", uefiVendor), 0755) } +func createImageCustomization(root, custType string) error { + bibDir := path.Join(root, "usr/lib/bootc-image-builder/") + err := os.MkdirAll(bibDir, 0755) + if err != nil { + return err + } + + var buf string + var filename string + switch custType { + case "json": + buf = `{ + "customizations": { + "disk": { + "partitions": [ + { + "label": "var", + "mountpoint": "/var", + "fs_type": "ext4", + "minsize": "3 GiB", + "part_type": "01234567-89ab-cdef-0123-456789abcdef" + } + ] + } + } + }` + filename = "config.json" + case "toml": + buf = `[[customizations.disk.partitions]] +label = "var" +mountpoint = "/var" +fs_type = "ext4" +minsize = "3 GiB" +part_type = "01234567-89ab-cdef-0123-456789abcdef" +` + filename = "config.toml" + case "broken": + buf = "{" + filename = "config.json" + default: + return fmt.Errorf("unsupported customization type %s", custType) + } + + return os.WriteFile(path.Join(bibDir, filename), []byte(buf), 0644) +} + func TestLoadInfo(t *testing.T) { cases := []struct { desc string @@ -57,16 +104,20 @@ func TestLoadInfo(t *testing.T) { platformID string variantID string idLike string + custType string errorStr string }{ - {"happy", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", ""}, - {"happy-no-uefi", "fedora", "40", "Fedora Linux", "", "platform:f40", "coreos", "", ""}, - {"happy-no-variant_id", "fedora", "40", "Fedora Linux", "", "platform:f40", "", "", ""}, - {"happy-no-id", "fedora", "43", "Fedora Linux", "fedora", "", "", "", ""}, - {"happy-with-id-like", "centos", "9", "CentOS Stream", "", "platform:el9", "", "rhel fedora", ""}, - {"sad-no-id", "", "40", "Fedora Linux", "fedora", "platform:f40", "", "", "missing ID in os-release"}, - {"sad-no-id", "fedora", "", "Fedora Linux", "fedora", "platform:f40", "", "", "missing VERSION_ID in os-release"}, - {"sad-no-id", "fedora", "40", "", "fedora", "platform:f40", "", "", "missing NAME in os-release"}, + {"happy", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", "json", ""}, + {"happy-no-uefi", "fedora", "40", "Fedora Linux", "", "platform:f40", "coreos", "", "json", ""}, + {"happy-no-variant_id", "fedora", "40", "Fedora Linux", "", "platform:f40", "", "", "json", ""}, + {"happy-no-id", "fedora", "43", "Fedora Linux", "fedora", "", "", "", "json", ""}, + {"happy-with-id-like", "centos", "9", "CentOS Stream", "", "platform:el9", "", "rhel fedora", "json", ""}, + {"happy-no-cust", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", "", ""}, + {"happy-toml", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", "toml", ""}, + {"sad-no-id", "", "40", "Fedora Linux", "fedora", "platform:f40", "", "", "json", "missing ID in os-release"}, + {"sad-no-id", "fedora", "", "Fedora Linux", "fedora", "platform:f40", "", "", "json", "missing VERSION_ID in os-release"}, + {"sad-no-id", "fedora", "40", "", "fedora", "platform:f40", "", "", "json", "missing NAME in os-release"}, + {"sad-broken-json", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", "broken", "cannot decode \"$ROOT/usr/lib/bootc-image-builder/config.json\": unexpected EOF"}, } for _, c := range cases { @@ -76,12 +127,16 @@ func TestLoadInfo(t *testing.T) { if c.uefiVendor != "" { require.NoError(t, createBootupdEFI(root, c.uefiVendor)) + } + if c.custType != "" { + require.NoError(t, createImageCustomization(root, c.custType)) + } info, err := LoadInfo(root) if c.errorStr != "" { - require.EqualError(t, err, c.errorStr) + require.EqualError(t, err, strings.ReplaceAll(c.errorStr, "$ROOT", root)) return } require.NoError(t, err) @@ -91,6 +146,19 @@ func TestLoadInfo(t *testing.T) { assert.Equal(t, c.uefiVendor, info.UEFIVendor) assert.Equal(t, c.platformID, info.OSRelease.PlatformID) assert.Equal(t, c.variantID, info.OSRelease.VariantID) + if c.custType != "" { + assert.NotNil(t, info.ImageCustomization) + assert.NotNil(t, info.ImageCustomization.Disk) + assert.NotEmpty(t, info.ImageCustomization.Disk.Partitions) + part := info.ImageCustomization.Disk.Partitions[0] + assert.Equal(t, part.Label, "var") + assert.Equal(t, part.MinSize, uint64(3*1024*1024*1024)) + assert.Equal(t, part.FSType, "ext4") + assert.Equal(t, part.Mountpoint, "/var") + // TODO: Validate part.PartType when it is fixed + } else { + assert.Nil(t, info.ImageCustomization) + } if c.idLike == "" { assert.Equal(t, len(info.OSRelease.IDLike), 0) } else { From 6dafa01ebfb06de697ac1483ccdd4f276df9bd3c Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Tue, 20 May 2025 12:12:51 +0200 Subject: [PATCH 056/254] image: Apply disk or filesystem customization from embedded image customization This allows bootc images to specify more detailed requirements for the partitioning, which is useful to either add extra partitions (like a separate /var), or to override details of the normal partitions (like uuids, labels, etc). This is discussed in https://github.com/bootc-dev/bootc/issues/926 --- bib/cmd/bootc-image-builder/image.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 278147785..a041ce3c3 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -209,6 +209,18 @@ func genPartitionTable(c *ManifestConfig, customizations *blueprint.Customizatio if err != nil { return nil, fmt.Errorf("error reading disk customizations: %w", err) } + + // Embedded disk customization applies if there was no local customization + if fsCust == nil && diskCust == nil && c.SourceInfo != nil && c.SourceInfo.ImageCustomization != nil { + imageCustomizations := c.SourceInfo.ImageCustomization + + fsCust = imageCustomizations.GetFilesystems() + diskCust, err = imageCustomizations.GetPartitioning() + if err != nil { + return nil, fmt.Errorf("error reading disk customizations: %w", err) + } + } + switch { // XXX: move into images library case fsCust != nil && diskCust != nil: From bb7951f16ae134be5ee7eacb94353447bb62391a Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Tue, 20 May 2025 17:30:34 +0200 Subject: [PATCH 057/254] test_manifest: Add test for embedded disk and filesystem customization --- README.md | 1 - test/test_manifest.py | 98 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0b7122737..03495b163 100644 --- a/README.md +++ b/README.md @@ -534,7 +534,6 @@ By default, the following modules are enabled for all Anaconda ISOs: The `disable` list is processed after the `enable` list and therefore takes priority. In other words, adding the same module in both `enable` and `disable` will result in the module being **disabled**. Furthermore, adding a module that is enabled by default to `disable` will result in the module being **disabled**. - ## Building To build the container locally you can run diff --git a/test/test_manifest.py b/test/test_manifest.py index 2b1493698..90ed1c699 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -826,3 +826,101 @@ def test_manifest_customization_custom_file_smoke(tmp_path, build_container): '[{"path":"/etc/custom_dir","exist_ok":true}]},' '"devices":{"disk":{"type":"org.osbuild.loopback"' ',"options":{"filename":"disk.raw"') in output + + +def find_sfdisk_stage_from(manifest_str): + manifest = json.loads(manifest_str) + for pipl in manifest["pipelines"]: + if pipl["name"] == "image": + for st in pipl["stages"]: + if st["type"] == "org.osbuild.sfdisk": + return st["options"] + raise ValueError(f"cannot find sfdisk stage manifest:\n{manifest_str}") + + +def test_manifest_image_customize_filesystem(tmp_path, build_container): + # no need to parameterize this test, overrides behaves same for all containers + container_ref = "quay.io/centos-bootc/centos-bootc:stream9" + testutil.pull_container(container_ref) + + cfg = { + "blueprint": { + "customizations": { + "filesystem": [ + { + "mountpoint": "/boot", + "minsize": "3GiB" + } + ] + }, + }, + } + + config_json_path = tmp_path / "config.json" + config_json_path.write_text(json.dumps(cfg), encoding="utf-8") + + # create derrived container with filesystem customization + cntf_path = tmp_path / "Containerfile" + cntf_path.write_text(textwrap.dedent(f"""\n + FROM {container_ref} + RUN mkdir -p -m 0755 /usr/lib/bootc-image-builder + COPY config.json /usr/lib/bootc-image-builder/ + """), encoding="utf8") + + print(f"building filesystem customize container from {container_ref}") + with make_container(tmp_path) as container_tag: + print(f"using {container_tag}") + manifest_str = subprocess.check_output([ + *testutil.podman_run_common, + build_container, + "manifest", + f"localhost/{container_tag}", + ], encoding="utf8") + sfdisk_options = find_sfdisk_stage_from(manifest_str) + assert sfdisk_options["partitions"][2]["size"] == 3 * 1024 * 1024 * 1024 / 512 + + +def test_manifest_image_customize_disk(tmp_path, build_container): + # no need to parameterize this test, overrides behaves same for all containers + container_ref = "quay.io/centos-bootc/centos-bootc:stream9" + testutil.pull_container(container_ref) + + cfg = { + "blueprint": { + "customizations": { + "disk": { + "partitions": [ + { + "label": "var", + "mountpoint": "/var", + "fs_type": "ext4", + "minsize": "3 GiB", + }, + ], + }, + }, + }, + } + + config_json_path = tmp_path / "config.json" + config_json_path.write_text(json.dumps(cfg), encoding="utf-8") + + # create derrived container with disk customization + cntf_path = tmp_path / "Containerfile" + cntf_path.write_text(textwrap.dedent(f"""\n + FROM {container_ref} + RUN mkdir -p -m 0755 /usr/lib/bootc-image-builder + COPY config.json /usr/lib/bootc-image-builder/ + """), encoding="utf8") + + print(f"building filesystem customize container from {container_ref}") + with make_container(tmp_path) as container_tag: + print(f"using {container_tag}") + manifest_str = subprocess.check_output([ + *testutil.podman_run_common, + build_container, + "manifest", + f"localhost/{container_tag}", + ], encoding="utf8") + sfdisk_options = find_sfdisk_stage_from(manifest_str) + assert sfdisk_options["partitions"][2]["size"] == 3 * 1024 * 1024 * 1024 / 512 From e6b89b40346fa2d9020080013b9d3d01feb67c55 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 21 May 2025 11:07:26 +0200 Subject: [PATCH 058/254] README: Mention the ability to embed disk customizations --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 03495b163..cd5d9c323 100644 --- a/README.md +++ b/README.md @@ -349,6 +349,12 @@ sudo podman run \ The configuration can also be passed in via stdin when `--config -` is used. Only JSON configuration is supported in this mode. +Additionally, images can embed a build config file, either as +`config.json` or `config.toml` in the `/usr/lib/bootc-image-builder` +directory. If this exist, and contains filesystem or disk +customizations, then these are used by default if no such +customization are specified in the regular build config. + ### Users (`user`, array) Possible fields: From ec71131077dcd21ee1d02da849665b51c660d10f Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 21 May 2025 15:05:21 +0200 Subject: [PATCH 059/254] tests: Avoid running into docker.io rate limits We use a custom copy (ghcr.io/osbuild/bootc-image-builder/registry) of the docker registy image to avoid running into pull rate limits. --- test/test_build_disk.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/test_build_disk.py b/test/test_build_disk.py index 63699aac2..d2467aaa0 100644 --- a/test/test_build_disk.py +++ b/test/test_build_disk.py @@ -137,7 +137,8 @@ def registry_conf_fixture(shared_tmpdir, request): "-p", f"{registry_port}:5000", "--restart", "always", "--name", registry_container_name, - "registry:2" + # We use a copy of docker.io registry to avoid running into docker.io pull rate limits + "ghcr.io/osbuild/bootc-image-builder/registry:2" ], check=True) registry_container_state = subprocess.run([ From 3bd606d0bc99d47859192214c3da6ffdd5b4ab4c Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 21 May 2025 11:37:21 +0200 Subject: [PATCH 060/254] imports: Bump osbuild/images to 0.147 and osbuild/blueprint to 1.7.0 --- bib/go.mod | 4 ++-- bib/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index a46c42e7b..7b80f40da 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,9 +6,9 @@ require ( github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.6.0 + github.com/osbuild/blueprint v1.7.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.145.0 + github.com/osbuild/images v0.147.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 diff --git a/bib/go.sum b/bib/go.sum index 819deff24..8a5dfe670 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -235,12 +235,12 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/osbuild/blueprint v1.6.0 h1:HUV1w/dMxpgqOgVtHhfTZE3zRmWQkuW/qTfx9smKImI= -github.com/osbuild/blueprint v1.6.0/go.mod h1:0d3dlY8aSJ6jM6NHwBmJFF1VIySsp/GsDpcJQ0yrOqM= +github.com/osbuild/blueprint v1.7.0 h1:SpuoFtTc0pofX89EcMrxPCVSPcN4rFGAe/H/brEEBjs= +github.com/osbuild/blueprint v1.7.0/go.mod h1:LfxBgOupiH6h6dfFHAkHK9Kpj9Yd7cSHnQd6zIiuKlc= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.145.0 h1:ZbY13lP02dJ090TTKq8UrPjuDrijPWKUMZQEG0zVRpA= -github.com/osbuild/images v0.145.0/go.mod h1:jY21PhkxIozII4M0xCqZL7poLtFwDJlEGj88pb3lalQ= +github.com/osbuild/images v0.147.0 h1:vLl8xbbY4sUHHToFkC4MimWTrYWAgaHu5ea9JGRsQmU= +github.com/osbuild/images v0.147.0/go.mod h1:jY21PhkxIozII4M0xCqZL7poLtFwDJlEGj88pb3lalQ= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From c89561a65d68ca4b2178d879915ea8329c385081 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 15 May 2025 13:06:32 +0200 Subject: [PATCH 061/254] bib: Update to new osbuild-image arch.FromString() API arch.FromString can now return an error --- bib/cmd/bootc-image-builder/image_test.go | 12 +++++++---- bib/cmd/bootc-image-builder/main.go | 26 ++++++++++++++--------- 2 files changed, 24 insertions(+), 14 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image_test.go b/bib/cmd/bootc-image-builder/image_test.go index c84e88832..487ae7d92 100644 --- a/bib/cmd/bootc-image-builder/image_test.go +++ b/bib/cmd/bootc-image-builder/image_test.go @@ -375,8 +375,9 @@ func findMountableSizeableFor(pt *disk.PartitionTable, needle string) (disk.Moun func TestGenPartitionTableSetsRootfsForAllFilesystemsXFS(t *testing.T) { rng := bib.CreateRand() + a, _ := arch.FromString("amd64") cnf := &bib.ManifestConfig{ - Architecture: arch.FromString("amd64"), + Architecture: a, RootFSType: "xfs", } cus := &blueprint.Customizations{ @@ -406,8 +407,9 @@ func TestGenPartitionTableSetsRootfsForAllFilesystemsXFS(t *testing.T) { func TestGenPartitionTableSetsRootfsForAllFilesystemsBtrfs(t *testing.T) { rng := bib.CreateRand() + a, _ := arch.FromString("amd64") cnf := &bib.ManifestConfig{ - Architecture: arch.FromString("amd64"), + Architecture: a, RootFSType: "btrfs", } cus := &blueprint.Customizations{} @@ -429,8 +431,9 @@ func TestGenPartitionTableSetsRootfsForAllFilesystemsBtrfs(t *testing.T) { func TestGenPartitionTableDiskCustomizationRunsValidateLayoutConstraints(t *testing.T) { rng := bib.CreateRand() + a, _ := arch.FromString("amd64") cnf := &bib.ManifestConfig{ - Architecture: arch.FromString("amd64"), + Architecture: a, RootFSType: "xfs", } cus := &blueprint.Customizations{ @@ -650,8 +653,9 @@ func TestGenPartitionTableDiskCustomizationSizes(t *testing.T) { }, } { t.Run(tc.name, func(t *testing.T) { + a, _ := arch.FromString("amd64") cnf := &bib.ManifestConfig{ - Architecture: arch.FromString("amd64"), + Architecture: a, RootFSType: "xfs", RootfsMinsize: tc.rootfsMinSize, } diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index c5d734bca..b0903691a 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -216,17 +216,23 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress } } - if targetArch != "" && arch.FromString(targetArch) != arch.Current() { - // TODO: detect if binfmt_misc for target arch is - // available, e.g. by mounting the binfmt_misc fs into - // the container and inspects the files or by - // including tiny statically linked target-arch - // binaries inside our bib container - fmt.Fprintf(os.Stderr, "WARNING: target-arch is experimental and needs an installed 'qemu-user' package\n") - if slices.Contains(imgTypes, "iso") { - return nil, nil, fmt.Errorf("cannot build iso for different target arches yet") + if targetArch != "" { + target, err := arch.FromString(targetArch) + if err != nil { + return nil, nil, err + } + if target != arch.Current() { + // TODO: detect if binfmt_misc for target arch is + // available, e.g. by mounting the binfmt_misc fs into + // the container and inspects the files or by + // including tiny statically linked target-arch + // binaries inside our bib container + fmt.Fprintf(os.Stderr, "WARNING: target-arch is experimental and needs an installed 'qemu-user' package\n") + if slices.Contains(imgTypes, "iso") { + return nil, nil, fmt.Errorf("cannot build iso for different target arches yet") + } + cntArch = target } - cntArch = arch.FromString(targetArch) } // TODO: add "target-variant", see https://github.com/osbuild/bootc-image-builder/pull/139/files#r1467591868 From ba98e1b2a623c1cfbcf8b54f456a6de3ae09740a Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 8 May 2025 17:55:24 +0200 Subject: [PATCH 062/254] bib: Extract what SELinux policy to us from container Currently we are always hardcoding "targeted", which is not working for the centos automotive sig that use a custom policy. --- bib/cmd/bootc-image-builder/image.go | 3 +- bib/internal/source/source.go | 42 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index a041ce3c3..651b62362 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -344,8 +344,7 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest img := image.NewBootcDiskImage(containerSource) img.Users = users.UsersFromBP(customizations.GetUsers()) img.Groups = users.GroupsFromBP(customizations.GetGroups()) - // TODO: get from the bootc container instead of hardcoding it - img.SELinux = "targeted" + img.SELinux = c.SourceInfo.SELinuxPolicy img.KernelOptionsAppend = []string{ "rw", diff --git a/bib/internal/source/source.go b/bib/internal/source/source.go index 059bfcccc..cbc345fb5 100644 --- a/bib/internal/source/source.go +++ b/bib/internal/source/source.go @@ -1,6 +1,8 @@ package source import ( + "bufio" + "errors" "fmt" "os" "path" @@ -27,6 +29,7 @@ type OSRelease struct { type Info struct { OSRelease OSRelease UEFIVendor string + SELinuxPolicy string ImageCustomization *blueprint.Customizations } @@ -63,6 +66,39 @@ func uefiVendor(root string) (string, error) { return "", fmt.Errorf("cannot find UEFI vendor in %s", bootupdEfiDir) } +func readSelinuxPolicy(root string) (string, error) { + configPath := "etc/selinux/config" + f, err := os.Open(path.Join(root, configPath)) + if err != nil { + return "", fmt.Errorf("cannot read selinux config %s: %w", configPath, err) + } + // nolint:errcheck + defer f.Close() + + policy := "" + scanner := bufio.NewScanner(f) + for scanner.Scan() { + line := strings.TrimSpace(scanner.Text()) + if len(line) == 0 { + continue + } + if strings.HasPrefix(line, "#") { + continue + } + + parts := strings.SplitN(line, "=", 2) + if len(parts) != 2 { + return "", errors.New("selinux config: invalid input") + } + key := strings.TrimSpace(parts[0]) + if key == "SELINUXTYPE" { + policy = strings.TrimSpace(parts[1]) + } + } + + return policy, nil +} + func readImageCustomization(root string) (*blueprint.Customizations, error) { prefix := path.Join(root, bibPathPrefix) config, err := buildconfig.LoadConfig(path.Join(prefix, "config.json")) @@ -102,6 +138,11 @@ func LoadInfo(root string) (*Info, error) { return nil, err } + selinuxPolicy, err := readSelinuxPolicy(root) + if err != nil { + logrus.Debugf("cannot read selinux policy: %v, setting it to none", err) + } + var idLike []string if osrelease["ID_LIKE"] != "" { idLike = strings.Split(osrelease["ID_LIKE"], " ") @@ -118,6 +159,7 @@ func LoadInfo(root string) (*Info, error) { }, UEFIVendor: vendor, + SELinuxPolicy: selinuxPolicy, ImageCustomization: customization, }, nil } From 5bae3b6d452b6e869ee5da9776b97fe35c0e3a97 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Fri, 9 May 2025 11:03:20 +0200 Subject: [PATCH 063/254] bib: Add --build-container to run the build in a custom container The automotive project wants to build minimal bootc images which will not contain tools like dnf, mkfs.ext, etc. We support this by allowing the container used in the build pipeline to come from another (but related) container image. This depends on https://github.com/osbuild/images/pull/1507 --- bib/cmd/bootc-image-builder/image.go | 21 ++++++++--- bib/cmd/bootc-image-builder/main.go | 53 ++++++++++++++++++++++------ 2 files changed, 59 insertions(+), 15 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 651b62362..e4d6e0cac 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -39,7 +39,8 @@ const DEFAULT_SIZE = uint64(10 * GibiByte) type ManifestConfig struct { // OCI image path (without the transport, that is always docker://) - Imgref string + Imgref string + BuildImgref string ImageTypes imagetypes.ImageTypes @@ -57,7 +58,8 @@ type ManifestConfig struct { DistroDefPaths []string // Extracted information about the source container image - SourceInfo *source.Info + SourceInfo *source.Info + BuildSourceInfo *source.Info // RootFSType specifies the filesystem type for the root partition RootFSType string @@ -335,16 +337,25 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest Name: c.Imgref, Local: true, } + buildContainerSource := container.SourceSpec{ + Source: c.BuildImgref, + Name: c.BuildImgref, + Local: true, + } var customizations *blueprint.Customizations if c.Config != nil { customizations = c.Config.Customizations } - img := image.NewBootcDiskImage(containerSource) + img := image.NewBootcDiskImage(containerSource, buildContainerSource) img.Users = users.UsersFromBP(customizations.GetUsers()) img.Groups = users.GroupsFromBP(customizations.GetGroups()) img.SELinux = c.SourceInfo.SELinuxPolicy + img.BuildSELinux = img.SELinux + if c.BuildSourceInfo != nil { + img.BuildSELinux = c.BuildSourceInfo.SELinuxPolicy + } img.KernelOptionsAppend = []string{ "rw", @@ -422,7 +433,9 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest mf.Distro = manifest.DISTRO_FEDORA runner := &runner.Linux{} - if err := img.InstantiateManifestFromContainers(&mf, []container.SourceSpec{containerSource}, runner, rng); err != nil { + if err := img.InstantiateManifestFromContainers(&mf, + []container.SourceSpec{containerSource}, + []container.SourceSpec{buildContainerSource}, runner, rng); err != nil { return nil, err } diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index b0903691a..996d43043 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -203,6 +203,7 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress rpmCacheRoot, _ := cmd.Flags().GetString("rpmmd") targetArch, _ := cmd.Flags().GetString("target-arch") rootFs, _ := cmd.Flags().GetString("rootfs") + buildImgref, _ := cmd.Flags().GetString("build-container") useLibrepo, _ := cmd.Flags().GetBool("use-librepo") // If --local was given, warn in the case of --local or --local=true (true is the default), error in the case of --local=false @@ -291,26 +292,55 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress return nil, nil, err } + buildContainer := container + buildSourceinfo := sourceinfo + startedBuildContainer := false + defer func() { + if startedBuildContainer { + if err := buildContainer.Stop(); err != nil { + logrus.Warnf("error stopping container: %v", err) + } + } + }() + + if buildImgref != "" { + buildContainer, err = podman_container.New(buildImgref) + if err != nil { + return nil, nil, err + } + startedBuildContainer = true + + // Gather some data from the containers distro + buildSourceinfo, err = source.LoadInfo(buildContainer.Root()) + if err != nil { + return nil, nil, err + } + } else { + buildImgref = imgref + } + // This is needed just for RHEL and RHSM in most cases, but let's run it every time in case // the image has some non-standard dnf plugins. - if err := container.InitDNF(); err != nil { + if err := buildContainer.InitDNF(); err != nil { return nil, nil, err } - solver, err := container.NewContainerSolver(rpmCacheRoot, cntArch, sourceinfo) + solver, err := buildContainer.NewContainerSolver(rpmCacheRoot, cntArch, sourceinfo) if err != nil { return nil, nil, err } manifestConfig := &ManifestConfig{ - Architecture: cntArch, - Config: config, - ImageTypes: imageTypes, - Imgref: imgref, - RootfsMinsize: cntSize * containerSizeToDiskSizeMultiplier, - DistroDefPaths: distroDefPaths, - SourceInfo: sourceinfo, - RootFSType: rootfsType, - UseLibrepo: useLibrepo, + Architecture: cntArch, + Config: config, + ImageTypes: imageTypes, + Imgref: imgref, + BuildImgref: buildImgref, + RootfsMinsize: cntSize * containerSizeToDiskSizeMultiplier, + DistroDefPaths: distroDefPaths, + SourceInfo: sourceinfo, + BuildSourceInfo: buildSourceinfo, + RootFSType: rootfsType, + UseLibrepo: useLibrepo, } manifest, repos, err := makeManifest(manifestConfig, solver, rpmCacheRoot) @@ -650,6 +680,7 @@ func buildCobraCmdline() (*cobra.Command, error) { } manifestCmd.Flags().String("rpmmd", "/rpmmd", "rpm metadata cache directory") manifestCmd.Flags().String("target-arch", "", "build for the given target architecture (experimental)") + manifestCmd.Flags().String("build-container", "", "Use a custom container for the image build") manifestCmd.Flags().StringArray("type", []string{"qcow2"}, fmt.Sprintf("image types to build [%s]", imagetypes.Available())) manifestCmd.Flags().Bool("local", true, "DEPRECATED: --local is now the default behavior, make sure to pull the container image before running bootc-image-builder") if err := manifestCmd.Flags().MarkHidden("local"); err != nil { From 44e794a0647b5d0c4e78df75883280636a373730 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 14 May 2025 14:08:57 +0200 Subject: [PATCH 064/254] image: Always enable verity on the rootfs partition This rewrites the partition table after creation so that it works both with filesystem and disk customizations. --- bib/cmd/bootc-image-builder/image.go | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index e4d6e0cac..09d43a477 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -223,15 +223,35 @@ func genPartitionTable(c *ManifestConfig, customizations *blueprint.Customizatio } } + var partitionTable *disk.PartitionTable switch { // XXX: move into images library case fsCust != nil && diskCust != nil: return nil, fmt.Errorf("cannot combine disk and filesystem customizations") case diskCust != nil: - return genPartitionTableDiskCust(c, diskCust, rng) + partitionTable, err = genPartitionTableDiskCust(c, diskCust, rng) + if err != nil { + return nil, err + } default: - return genPartitionTableFsCust(c, fsCust, rng) + partitionTable, err = genPartitionTableFsCust(c, fsCust, rng) + if err != nil { + return nil, err + } } + + // Ensure ext4 rootfs has fs-verity enabled + rootfs := partitionTable.FindMountable("/") + if rootfs != nil { + switch elem := rootfs.(type) { + case *disk.Filesystem: + if elem.Type == "ext4" { + elem.MkfsOptions = append(elem.MkfsOptions, []disk.MkfsOption{disk.MkfsVerity}...) + } + } + } + + return partitionTable, nil } // calcRequiredDirectorySizes will calculate the minimum sizes for / @@ -433,9 +453,7 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest mf.Distro = manifest.DISTRO_FEDORA runner := &runner.Linux{} - if err := img.InstantiateManifestFromContainers(&mf, - []container.SourceSpec{containerSource}, - []container.SourceSpec{buildContainerSource}, runner, rng); err != nil { + if err := img.InstantiateManifestFromContainers(&mf, []container.SourceSpec{containerSource}, runner, rng); err != nil { return nil, err } From e13139a7f35c9fb353c5fdee4705f983febccdb3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 May 2025 05:00:08 +0000 Subject: [PATCH 065/254] build(deps): bump the go-deps group in /bib with 2 updates Bumps the go-deps group in /bib with 2 updates: [github.com/osbuild/blueprint](https://github.com/osbuild/blueprint) and [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/blueprint` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/osbuild/blueprint/releases) - [Commits](https://github.com/osbuild/blueprint/compare/v1.7.0...v1.8.0) Updates `github.com/osbuild/images` from 0.147.0 to 0.148.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.147.0...v0.148.0) --- updated-dependencies: - dependency-name: github.com/osbuild/blueprint dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/osbuild/images dependency-version: 0.148.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 4 ++-- bib/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 7b80f40da..571d0ac11 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,9 +6,9 @@ require ( github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.7.0 + github.com/osbuild/blueprint v1.8.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.147.0 + github.com/osbuild/images v0.148.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 diff --git a/bib/go.sum b/bib/go.sum index 8a5dfe670..24f787120 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -235,12 +235,12 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/osbuild/blueprint v1.7.0 h1:SpuoFtTc0pofX89EcMrxPCVSPcN4rFGAe/H/brEEBjs= -github.com/osbuild/blueprint v1.7.0/go.mod h1:LfxBgOupiH6h6dfFHAkHK9Kpj9Yd7cSHnQd6zIiuKlc= +github.com/osbuild/blueprint v1.8.0 h1:RO8kG4FMdBt5xg7ANgwybq4DNPCxzvP0v589Jew2Axk= +github.com/osbuild/blueprint v1.8.0/go.mod h1:LfxBgOupiH6h6dfFHAkHK9Kpj9Yd7cSHnQd6zIiuKlc= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.147.0 h1:vLl8xbbY4sUHHToFkC4MimWTrYWAgaHu5ea9JGRsQmU= -github.com/osbuild/images v0.147.0/go.mod h1:jY21PhkxIozII4M0xCqZL7poLtFwDJlEGj88pb3lalQ= +github.com/osbuild/images v0.148.0 h1:jRLpl/z50FF7Vylio7oD7GddKftiqf2RZZV1h5U8XhI= +github.com/osbuild/images v0.148.0/go.mod h1:jY21PhkxIozII4M0xCqZL7poLtFwDJlEGj88pb3lalQ= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 06843e232c9c4734efba4245143df01d80c93640 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 May 2025 04:27:41 +0000 Subject: [PATCH 066/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.148.0 to 0.149.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.148.0...v0.149.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.149.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 8 ++++---- bib/go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 571d0ac11..2428db5c1 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.8.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.148.0 + github.com/osbuild/images v0.149.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 @@ -30,11 +30,11 @@ require ( github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect - github.com/containers/common v0.62.0 // indirect - github.com/containers/image/v5 v5.34.0 // indirect + github.com/containers/common v0.62.3 // indirect + github.com/containers/image/v5 v5.34.3 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.2.1 // indirect - github.com/containers/storage v1.57.1 // indirect + github.com/containers/storage v1.57.2 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect github.com/cyphar/filepath-securejoin v0.3.6 // indirect diff --git a/bib/go.sum b/bib/go.sum index 24f787120..7e59b282b 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -43,16 +43,16 @@ github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRcc github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= -github.com/containers/common v0.62.0 h1:Sl9WE5h7Y/F3bejrMAA4teP1EcY9ygqJmW4iwSloZ10= -github.com/containers/common v0.62.0/go.mod h1:Yec+z8mrSq4rydHofrnDCBqAcNA/BGrSg1kfFUL6F6s= -github.com/containers/image/v5 v5.34.0 h1:HPqQaDUsox/3mC1pbOyLAIQEp0JhQqiUZ+6JiFIZLDI= -github.com/containers/image/v5 v5.34.0/go.mod h1:/WnvUSEfdqC/ahMRd4YJDBLrpYWkGl018rB77iB3FDo= +github.com/containers/common v0.62.3 h1:aOGryqXfW6aKBbHbqOveH7zB+ihavUN03X/2pUSvWFI= +github.com/containers/common v0.62.3/go.mod h1:3R8kDox2prC9uj/a2hmXj/YjZz5sBEUNrcDiw51S0Lo= +github.com/containers/image/v5 v5.34.3 h1:/cMgfyA4Y7ILH7nzWP/kqpkE5Df35Ek4bp5ZPvJOVmI= +github.com/containers/image/v5 v5.34.3/go.mod h1:MG++slvQSZVq5ejAcLdu4APGsKGMb0YHHnAo7X28fdE= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.2.1 h1:0qIOTT9DoYwcKmxSt8QJt+VzMY18onl9jUXsxpVhSmM= github.com/containers/ocicrypt v1.2.1/go.mod h1:aD0AAqfMp0MtwqWgHM1bUwe1anx0VazI108CRrSKINQ= -github.com/containers/storage v1.57.1 h1:hKPoFsuBcB3qTzBxa4IFpZMRzUuL5Xhv/BE44W0XHx8= -github.com/containers/storage v1.57.1/go.mod h1:i/Hb4lu7YgFr9G0K6BMjqW0BLJO1sFsnWQwj2UoWCUM= +github.com/containers/storage v1.57.2 h1:2roCtTyE9pzIaBDHibK72DTnYkPmwWaq5uXxZdaWK4U= +github.com/containers/storage v1.57.2/go.mod h1:i/Hb4lu7YgFr9G0K6BMjqW0BLJO1sFsnWQwj2UoWCUM= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= @@ -239,8 +239,8 @@ github.com/osbuild/blueprint v1.8.0 h1:RO8kG4FMdBt5xg7ANgwybq4DNPCxzvP0v589Jew2A github.com/osbuild/blueprint v1.8.0/go.mod h1:LfxBgOupiH6h6dfFHAkHK9Kpj9Yd7cSHnQd6zIiuKlc= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.148.0 h1:jRLpl/z50FF7Vylio7oD7GddKftiqf2RZZV1h5U8XhI= -github.com/osbuild/images v0.148.0/go.mod h1:jY21PhkxIozII4M0xCqZL7poLtFwDJlEGj88pb3lalQ= +github.com/osbuild/images v0.149.0 h1:gAmgwbsSer16vX8tkOcXM2TFqzQ2tQUApSOwutt8Q5Q= +github.com/osbuild/images v0.149.0/go.mod h1:ZiEO1WWKuRvPSaiXsmqn+7krAIZ+qXiiOfBQed0H7lY= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From f41cfaff63ecaa8a9df5a4e924199e95fe4369d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Jun 2025 04:37:35 +0000 Subject: [PATCH 067/254] build(deps): bump the go-deps group in /bib with 2 updates Bumps the go-deps group in /bib with 2 updates: [github.com/osbuild/blueprint](https://github.com/osbuild/blueprint) and [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/blueprint` from 1.8.0 to 1.9.0 - [Release notes](https://github.com/osbuild/blueprint/releases) - [Commits](https://github.com/osbuild/blueprint/compare/v1.8.0...v1.9.0) Updates `github.com/osbuild/images` from 0.149.0 to 0.150.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.149.0...v0.150.0) --- updated-dependencies: - dependency-name: github.com/osbuild/blueprint dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/osbuild/images dependency-version: 0.150.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 4 ++-- bib/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 2428db5c1..2d5215c1a 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,9 +6,9 @@ require ( github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.8.0 + github.com/osbuild/blueprint v1.9.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.149.0 + github.com/osbuild/images v0.150.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 diff --git a/bib/go.sum b/bib/go.sum index 7e59b282b..7e920feec 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -235,12 +235,12 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/osbuild/blueprint v1.8.0 h1:RO8kG4FMdBt5xg7ANgwybq4DNPCxzvP0v589Jew2Axk= -github.com/osbuild/blueprint v1.8.0/go.mod h1:LfxBgOupiH6h6dfFHAkHK9Kpj9Yd7cSHnQd6zIiuKlc= +github.com/osbuild/blueprint v1.9.0 h1:YFFtaxYWrcjgNZ9yeb4AxiPv6zk+ywQwbA671A0glXM= +github.com/osbuild/blueprint v1.9.0/go.mod h1:LfxBgOupiH6h6dfFHAkHK9Kpj9Yd7cSHnQd6zIiuKlc= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.149.0 h1:gAmgwbsSer16vX8tkOcXM2TFqzQ2tQUApSOwutt8Q5Q= -github.com/osbuild/images v0.149.0/go.mod h1:ZiEO1WWKuRvPSaiXsmqn+7krAIZ+qXiiOfBQed0H7lY= +github.com/osbuild/images v0.150.0 h1:gkP7jxVlshQYQPvI6lJnr9FKxWIPuvwbxYlgv9V8v2c= +github.com/osbuild/images v0.150.0/go.mod h1:ZiEO1WWKuRvPSaiXsmqn+7krAIZ+qXiiOfBQed0H7lY= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 06c0fd4afeb785a853364c291907d3b603cf432a Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 27 May 2025 14:47:39 -0400 Subject: [PATCH 068/254] Clarify we build disk images I almost always stop people who say "image" without qualification because disk images are very different from container images. There's a lingering confusion that bootc-image-builder builds bootc images, which is not true... Signed-off-by: Colin Walters --- bib/cmd/bootc-image-builder/main.go | 2 +- test/test_progress.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 996d43043..ec2ef56a3 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -468,7 +468,7 @@ func cmdBuild(cmd *cobra.Command, args []string) error { return fmt.Errorf("cannot save manifest: %w", err) } - pbar.SetPulseMsgf("Image building step") + pbar.SetPulseMsgf("Disk image building step") pbar.SetMessagef("Building %s", manifest_fname) var osbuildEnv []string diff --git a/test/test_progress.py b/test/test_progress.py index b5621fea7..678685d17 100644 --- a/test/test_progress.py +++ b/test/test_progress.py @@ -29,7 +29,7 @@ def test_progress_debug(tmp_path, build_fake_container): res = subprocess.run(cmdline, capture_output=True, check=True, text=True) assert res.stderr.count("Start progressbar") == 1 assert res.stderr.count("Manifest generation step") == 1 - assert res.stderr.count("Image building step") == 1 + assert res.stderr.count("Disk image building step") == 1 assert res.stderr.count("Build complete") == 1 assert res.stderr.count("Stop progressbar") == 1 assert res.stdout.strip() == "" From a2d5162b5a18534acd24d8112771323594b025c6 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 5 Jun 2025 13:14:38 +0200 Subject: [PATCH 069/254] bib: tweak architecture setting in tests Tiny tweak for how we set the architecture in ManifestConfig, not really necessary but avoids a extra/call an extra line. --- bib/cmd/bootc-image-builder/image_test.go | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image_test.go b/bib/cmd/bootc-image-builder/image_test.go index 487ae7d92..b513abc19 100644 --- a/bib/cmd/bootc-image-builder/image_test.go +++ b/bib/cmd/bootc-image-builder/image_test.go @@ -375,9 +375,8 @@ func findMountableSizeableFor(pt *disk.PartitionTable, needle string) (disk.Moun func TestGenPartitionTableSetsRootfsForAllFilesystemsXFS(t *testing.T) { rng := bib.CreateRand() - a, _ := arch.FromString("amd64") cnf := &bib.ManifestConfig{ - Architecture: a, + Architecture: arch.ARCH_X86_64, RootFSType: "xfs", } cus := &blueprint.Customizations{ @@ -407,9 +406,8 @@ func TestGenPartitionTableSetsRootfsForAllFilesystemsXFS(t *testing.T) { func TestGenPartitionTableSetsRootfsForAllFilesystemsBtrfs(t *testing.T) { rng := bib.CreateRand() - a, _ := arch.FromString("amd64") cnf := &bib.ManifestConfig{ - Architecture: a, + Architecture: arch.ARCH_X86_64, RootFSType: "btrfs", } cus := &blueprint.Customizations{} @@ -431,9 +429,8 @@ func TestGenPartitionTableSetsRootfsForAllFilesystemsBtrfs(t *testing.T) { func TestGenPartitionTableDiskCustomizationRunsValidateLayoutConstraints(t *testing.T) { rng := bib.CreateRand() - a, _ := arch.FromString("amd64") cnf := &bib.ManifestConfig{ - Architecture: a, + Architecture: arch.ARCH_X86_64, RootFSType: "xfs", } cus := &blueprint.Customizations{ @@ -653,9 +650,8 @@ func TestGenPartitionTableDiskCustomizationSizes(t *testing.T) { }, } { t.Run(tc.name, func(t *testing.T) { - a, _ := arch.FromString("amd64") cnf := &bib.ManifestConfig{ - Architecture: a, + Architecture: arch.ARCH_X86_64, RootFSType: "xfs", RootfsMinsize: tc.rootfsMinSize, } From 8a77db186c2f2387dd6109b1fd823ee364754a53 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 3 Jun 2025 09:26:42 +0200 Subject: [PATCH 070/254] test: re-enable Fedora43 test The bootc fedora43 install was failing but with: https://github.com/bootc-dev/bootc/pull/1337 this should now be fixed (thanks Colin!). --- test/testcases.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/testcases.py b/test/testcases.py index 44d540430..1921e5f65 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -115,9 +115,7 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements TestCaseFedora(image="qcow2"), # test with custom disk configs TestCaseC9S(image="qcow2", disk_config="swap"), - # mvo: disabled 2025-05-21 because: - # "ERROR Installing to filesystem: Creating ostree deployment: invalid reference format" - # TestCaseFedora43(image="raw", disk_config="btrfs"), + TestCaseFedora43(image="raw", disk_config="btrfs"), TestCaseC9S(image="raw", disk_config="lvm"), ] if what == "all": From e5f4fb56e6d43232232e6f7375d0900c29a92716 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Jun 2025 05:00:07 +0000 Subject: [PATCH 071/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.150.0 to 0.151.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.150.0...v0.151.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.151.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 2d5215c1a..6df634874 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.9.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.150.0 + github.com/osbuild/images v0.151.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 diff --git a/bib/go.sum b/bib/go.sum index 7e920feec..43e9f701d 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -239,8 +239,8 @@ github.com/osbuild/blueprint v1.9.0 h1:YFFtaxYWrcjgNZ9yeb4AxiPv6zk+ywQwbA671A0gl github.com/osbuild/blueprint v1.9.0/go.mod h1:LfxBgOupiH6h6dfFHAkHK9Kpj9Yd7cSHnQd6zIiuKlc= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.150.0 h1:gkP7jxVlshQYQPvI6lJnr9FKxWIPuvwbxYlgv9V8v2c= -github.com/osbuild/images v0.150.0/go.mod h1:ZiEO1WWKuRvPSaiXsmqn+7krAIZ+qXiiOfBQed0H7lY= +github.com/osbuild/images v0.151.0 h1:r+8xbz0FGyUskl996eObrgymEqgLWwhtVa23Pj0Zp8U= +github.com/osbuild/images v0.151.0/go.mod h1:ZiEO1WWKuRvPSaiXsmqn+7krAIZ+qXiiOfBQed0H7lY= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 01e9edc974672fd4028512effe88168bc5b2380f Mon Sep 17 00:00:00 2001 From: Christian Glombek Date: Tue, 10 Jun 2025 21:04:35 +0200 Subject: [PATCH 072/254] Add Universal Blue distribution definitions - create `{aurora,bazzite,bluefin}-40.yaml` symlinks to `fedora-40.yaml` --- aurora-40.yaml | 1 + bazzite-40.yaml | 1 + bluefin-40.yaml | 1 + 3 files changed, 3 insertions(+) create mode 120000 aurora-40.yaml create mode 120000 bazzite-40.yaml create mode 120000 bluefin-40.yaml diff --git a/aurora-40.yaml b/aurora-40.yaml new file mode 120000 index 000000000..b77da5759 --- /dev/null +++ b/aurora-40.yaml @@ -0,0 +1 @@ +fedora-40.yaml \ No newline at end of file diff --git a/bazzite-40.yaml b/bazzite-40.yaml new file mode 120000 index 000000000..b77da5759 --- /dev/null +++ b/bazzite-40.yaml @@ -0,0 +1 @@ +fedora-40.yaml \ No newline at end of file diff --git a/bluefin-40.yaml b/bluefin-40.yaml new file mode 120000 index 000000000..b77da5759 --- /dev/null +++ b/bluefin-40.yaml @@ -0,0 +1 @@ +fedora-40.yaml \ No newline at end of file From fbb197299d8448ec7b47b800b9de443dcff7dff0 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Sat, 14 Jun 2025 13:37:43 +0200 Subject: [PATCH 073/254] defs: move definitions Some definitions erroneously ended up in the wrong place, let's move them to the correct data dir. Signed-off-by: Simon de Vlieger --- aurora-40.yaml => bib/data/defs/aurora-40.yaml | 0 bazzite-40.yaml => bib/data/defs/bazzite-40.yaml | 0 bluefin-40.yaml => bib/data/defs/bluefin-40.yaml | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename aurora-40.yaml => bib/data/defs/aurora-40.yaml (100%) rename bazzite-40.yaml => bib/data/defs/bazzite-40.yaml (100%) rename bluefin-40.yaml => bib/data/defs/bluefin-40.yaml (100%) diff --git a/aurora-40.yaml b/bib/data/defs/aurora-40.yaml similarity index 100% rename from aurora-40.yaml rename to bib/data/defs/aurora-40.yaml diff --git a/bazzite-40.yaml b/bib/data/defs/bazzite-40.yaml similarity index 100% rename from bazzite-40.yaml rename to bib/data/defs/bazzite-40.yaml diff --git a/bluefin-40.yaml b/bib/data/defs/bluefin-40.yaml similarity index 100% rename from bluefin-40.yaml rename to bib/data/defs/bluefin-40.yaml From 4297b22a6024ce908eb146e03ad17b587e7295b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Wed, 18 Jun 2025 10:29:39 +0200 Subject: [PATCH 074/254] GHA: enable the stale action to delete its saved state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It turns out that the stale action is not able to delete its saved state due to missing permissions. As a result, it was not processing issues and PRs, that have been processed once, for almost a month. The error in the job log was: ``` Warning: Error delete _state: [403] Resource not accessible by integration ``` The fix is to add `actions: write` to the action permissions Signed-off-by: Tomáš Hozza --- .github/workflows/stale-cleanup.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/stale-cleanup.yml b/.github/workflows/stale-cleanup.yml index e647e3184..3fa81bd5c 100644 --- a/.github/workflows/stale-cleanup.yml +++ b/.github/workflows/stale-cleanup.yml @@ -8,6 +8,7 @@ jobs: stale: runs-on: ubuntu-latest permissions: + actions: write # needed to clean up the saved action state issues: write pull-requests: write steps: From 44b3666c7742301c9cf54f107aa41bda42d1f5f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Mon, 2 Jun 2025 12:28:49 +0200 Subject: [PATCH 075/254] README: Add containers-storage volume mount to examples --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index cd5d9c323..31676869a 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,7 @@ Usage: --pull=newer \ --security-opt label=type:unconfined_t \ -v ./output:/output \ + -v /var/lib/containers/storage:/var/lib/containers/storage \ quay.io/centos-bootc/bootc-image-builder:latest \ @@ -256,6 +257,7 @@ For example: --pull=newer \ --security-opt label=type:unconfined_t \ -v $HOME/.aws:/root/.aws:ro \ + -v /var/lib/containers/storage:/var/lib/containers/storage \ --env AWS_PROFILE=default \ quay.io/centos-bootc/bootc-image-builder:latest \ --type ami \ @@ -295,6 +297,7 @@ $ sudo podman run \ --privileged \ --pull=newer \ --security-opt label=type:unconfined_t \ + -v /var/lib/containers/storage:/var/lib/containers/storage \ --env-file=aws.secrets \ quay.io/centos-bootc/bootc-image-builder:latest \ --type ami \ @@ -341,6 +344,7 @@ sudo podman run \ --security-opt label=type:unconfined_t \ -v ./config.toml:/config.toml:ro \ -v ./output:/output \ + -v /var/lib/containers/storage:/var/lib/containers/storage \ quay.io/centos-bootc/bootc-image-builder:latest \ --type qcow2 \ quay.io/centos-bootc/centos-bootc:stream9 From 1ba7d4337a5c4fef09b32f7c17ca0d09cdb3891c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Mon, 2 Jun 2025 12:29:03 +0200 Subject: [PATCH 076/254] README: Misc whitespace fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 31676869a..a0dd65271 100644 --- a/README.md +++ b/README.md @@ -250,7 +250,7 @@ directory to the container For example: ```bash - $ sudo podman run \ +$ sudo podman run \ --rm \ -it \ --privileged \ From ed787403d22ad79a6fdc31d9927ae1f51243cf49 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 17 Jun 2025 16:28:07 +0200 Subject: [PATCH 077/254] bib: fix `TestManifestSerialization` tests With https://github.com/osbuild/images/pull/1571 merged we now potentially have an extra `target` build pipeline that needs container specs. Sadly a misconfiguration in the branch protection for "main" merged images v0.151 with the now broken unit tests in https://github.com/osbuild/bootc-image-builder/pull/955 (the branch protection is now fixed). This commit now also fixes the test by adding a mock container spec for the "target" pipeline. --- bib/cmd/bootc-image-builder/main_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bib/cmd/bootc-image-builder/main_test.go b/bib/cmd/bootc-image-builder/main_test.go index 639dde392..2beba7506 100644 --- a/bib/cmd/bootc-image-builder/main_test.go +++ b/bib/cmd/bootc-image-builder/main_test.go @@ -211,6 +211,9 @@ var diskContainers = map[string][]container.Spec{ "image": { containerSpec, }, + "target": { + containerSpec, + }, } // TODO: this tests at this layer is not ideal, it has too much knowledge From e37bb8350b98900b2c2682319544eeeee7e00ecf Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 23 Jun 2025 18:01:40 +0200 Subject: [PATCH 078/254] test: disable anaconda-iso C10S test for now We need to disable the C10S test for now, there is bug in the C10S kernel that prevents the iso to mount its squashfs. See also: - https://github.com/osbuild/bootc-image-builder/issues/965 - https://issues.redhat.com/browse/RHEL-97547 - https://issues.redhat.com/browse/RHEL-97487 --- test/testcases.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/testcases.py b/test/testcases.py index 1921e5f65..2df3e446d 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -98,7 +98,9 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements # a bit more stable # TestCaseFedora(image="anaconda-iso", sign=True), TestCaseC9S(image="anaconda-iso"), - TestCaseC10S(image="anaconda-iso"), + # 2025-06-23: disable because of: + # https://github.com/osbuild/bootc-image-builder/issues/965 + # TestCaseC10S(image="anaconda-iso"), ] if what == "qemu-cross": test_cases = [] From 1cb887dc1d0d09dfafddebeb130dfa17dd49d9fe Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Mon, 26 May 2025 15:53:57 +0200 Subject: [PATCH 079/254] test: Add test of --build-container This just tries to build a cs9 image using a cs10 build container. --- test/test_build_disk.py | 18 ++++++++++++++++-- test/testcases.py | 6 ++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/test/test_build_disk.py b/test/test_build_disk.py index d2467aaa0..9bacdaf2e 100644 --- a/test/test_build_disk.py +++ b/test/test_build_disk.py @@ -35,6 +35,7 @@ class ImageBuildResult(NamedTuple): img_path: str img_arch: str container_ref: str + build_container_ref: str rootfs: str disk_config: str username: str @@ -314,7 +315,7 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ bib_output = bib_output_path.read_text(encoding="utf8") results.append(ImageBuildResult( image_type, generated_img, tc.target_arch, - container_ref, tc.rootfs, tc.disk_config, + container_ref, tc.build_container_ref, tc.rootfs, tc.disk_config, username, password, ssh_keyfile_private_path, kargs, bib_output, journal_output)) @@ -384,6 +385,7 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ upload_args = [] creds_args = [] target_arch_args = [] + build_container_args = [] if tc.target_arch: target_arch_args = ["--target-arch", tc.target_arch] @@ -433,10 +435,16 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ # Pull the signed image testutil.pull_container(container_ref, tls_verify=False) + if tc.build_container_ref: + build_container_args = [ + "--build-container", tc.build_container_ref, + ] + cmd.extend([ *creds_args, build_container, container_ref, + *build_container_args, *types_arg, *upload_args, *target_arch_args, @@ -476,7 +484,7 @@ def del_ami(): for image_type in image_types: results.append(ImageBuildResult( image_type, artifact[image_type], tc.target_arch, - container_ref, tc.rootfs, tc.disk_config, + container_ref, tc.build_container_ref, tc.rootfs, tc.disk_config, username, password, ssh_keyfile_private_path, kargs, bib_output, journal_output, metadata)) yield results @@ -510,6 +518,12 @@ def test_image_is_generated(image_type): f"content: {os.listdir(os.fspath(image_type.img_path))}" +@pytest.mark.parametrize("image_type", gen_testcases("build-container"), indirect=["image_type"]) +def test_build_container_works(image_type): + assert image_type.img_path.exists(), "output file missing, dir "\ + f"content: {os.listdir(os.fspath(image_type.img_path))}" + + def assert_kernel_args(test_vm, image_type): exit_status, kcmdline = test_vm.run("cat /proc/cmdline", user=image_type.username, password=image_type.password) assert exit_status == 0 diff --git a/test/testcases.py b/test/testcases.py index 2df3e446d..323af4944 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -14,6 +14,8 @@ class TestCase: # container_ref to the bootc image, e.g. quay.io/fedora/fedora-bootc:40 container_ref: str = "" + # optional build_container_ref to the bootc image, e.g. quay.io/fedora/fedora-bootc:40 + build_container_ref: str = "" # image is the image type, e.g. "ami" image: str = "" # target_arch is the target archicture, empty means current arch @@ -141,4 +143,8 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements TestCaseFedora(target_arch="ppc64le"), TestCaseFedora(target_arch="s390x"), ] + if what == "build-container": + return [ + TestCaseC9S(build_container_ref="quay.io/centos-bootc/centos-bootc:stream10", image="qcow2"), + ] raise ValueError(f"unknown test-case type {what}") From a37c5c36a91809c01c6e9324c6dc6252bc1ff2f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Jun 2025 05:22:32 +0000 Subject: [PATCH 080/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.151.0 to 0.152.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.151.0...v0.152.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.152.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 6df634874..10b67ba3c 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.9.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.151.0 + github.com/osbuild/images v0.153.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 diff --git a/bib/go.sum b/bib/go.sum index 43e9f701d..1d2874604 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -239,8 +239,8 @@ github.com/osbuild/blueprint v1.9.0 h1:YFFtaxYWrcjgNZ9yeb4AxiPv6zk+ywQwbA671A0gl github.com/osbuild/blueprint v1.9.0/go.mod h1:LfxBgOupiH6h6dfFHAkHK9Kpj9Yd7cSHnQd6zIiuKlc= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.151.0 h1:r+8xbz0FGyUskl996eObrgymEqgLWwhtVa23Pj0Zp8U= -github.com/osbuild/images v0.151.0/go.mod h1:ZiEO1WWKuRvPSaiXsmqn+7krAIZ+qXiiOfBQed0H7lY= +github.com/osbuild/images v0.153.0 h1:NPPhtq/WWE5DK7psKFZ/cO4OSaRd+FYsYqPG48WBgzk= +github.com/osbuild/images v0.153.0/go.mod h1:ZiEO1WWKuRvPSaiXsmqn+7krAIZ+qXiiOfBQed0H7lY= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 53fee534ef638514b47e3f1b34938f6d1508f67a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 24 Jun 2025 17:35:25 +0200 Subject: [PATCH 081/254] Revert "test: disable anaconda-iso C10S test for now" This reverts commit e37bb8350b98900b2c2682319544eeeee7e00ecf. --- test/testcases.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/testcases.py b/test/testcases.py index 323af4944..3f1062295 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -100,9 +100,7 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements # a bit more stable # TestCaseFedora(image="anaconda-iso", sign=True), TestCaseC9S(image="anaconda-iso"), - # 2025-06-23: disable because of: - # https://github.com/osbuild/bootc-image-builder/issues/965 - # TestCaseC10S(image="anaconda-iso"), + TestCaseC10S(image="anaconda-iso"), ] if what == "qemu-cross": test_cases = [] From e7188229e445ec3e0c696a5c65207ecf1f4ec55a Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sun, 13 Apr 2025 06:24:07 +0000 Subject: [PATCH 082/254] chore(deps): update go-openapi packages Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 8 ++++---- bib/go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 10b67ba3c..2286b7664 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -51,14 +51,14 @@ require ( github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.23.0 // indirect - github.com/go-openapi/errors v0.22.0 // indirect - github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/errors v0.22.1 // indirect + github.com/go-openapi/jsonpointer v0.21.1 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/loads v0.22.0 // indirect github.com/go-openapi/runtime v0.28.0 // indirect github.com/go-openapi/spec v0.21.0 // indirect github.com/go-openapi/strfmt v0.23.0 // indirect - github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/swag v0.23.1 // indirect github.com/go-openapi/validate v0.24.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -77,7 +77,7 @@ require ( github.com/klauspost/compress v1.17.11 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect - github.com/mailru/easyjson v0.7.7 // indirect + github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect diff --git a/bib/go.sum b/bib/go.sum index 1d2874604..e4d887229 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -97,10 +97,10 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= -github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w= -github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE= -github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= -github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/errors v0.22.1 h1:kslMRRnK7NCb/CvR1q1VWuEQCEIsBGn5GgKD9e+HYhU= +github.com/go-openapi/errors v0.22.1/go.mod h1:+n/5UdIqdVnLIJ6Q9Se8HNGUXYaY6CN8ImWzfi/Gzp0= +github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic= +github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= @@ -111,8 +111,8 @@ github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9Z github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= -github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= -github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= +github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= @@ -190,8 +190,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= +github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= From 9d96f48222d7a5f851e3cf37ef08114996386197 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sun, 15 Jun 2025 10:35:32 +0000 Subject: [PATCH 083/254] chore(deps): update module github.com/go-logr/logr to v1.4.3 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 2286b7664..3ff72e836 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -48,7 +48,7 @@ require ( github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect - github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.23.0 // indirect github.com/go-openapi/errors v0.22.1 // indirect diff --git a/bib/go.sum b/bib/go.sum index e4d887229..c4d708311 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -91,8 +91,8 @@ github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= From 838e1ff37cee339ac88e3f210f2f9039d0aca4dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Jun 2025 05:03:38 +0000 Subject: [PATCH 084/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.153.0 to 0.154.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.153.0...v0.154.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.154.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 18 +++++++++--------- bib/go.sum | 40 ++++++++++++++++++++-------------------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 3ff72e836..9e2c422ea 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -1,6 +1,6 @@ module github.com/osbuild/bootc-image-builder/bib -go 1.22.8 +go 1.23.9 require ( github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.9.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.153.0 + github.com/osbuild/images v0.154.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 @@ -47,7 +47,7 @@ require ( github.com/docker/go-units v0.5.0 // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-jose/go-jose/v4 v4.0.4 // indirect + github.com/go-jose/go-jose/v4 v4.0.5 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.23.0 // indirect @@ -120,12 +120,12 @@ require ( go.opentelemetry.io/otel v1.34.0 // indirect go.opentelemetry.io/otel/metric v1.34.0 // indirect go.opentelemetry.io/otel/trace v1.34.0 // indirect - golang.org/x/crypto v0.33.0 // indirect - golang.org/x/net v0.35.0 // indirect - golang.org/x/sync v0.11.0 // indirect - golang.org/x/sys v0.30.0 // indirect - golang.org/x/term v0.29.0 // indirect - golang.org/x/text v0.22.0 // indirect + golang.org/x/crypto v0.39.0 // indirect + golang.org/x/net v0.40.0 // indirect + golang.org/x/sync v0.15.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/term v0.32.0 // indirect + golang.org/x/text v0.26.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 // indirect google.golang.org/grpc v1.70.0 // indirect google.golang.org/protobuf v1.36.5 // indirect diff --git a/bib/go.sum b/bib/go.sum index c4d708311..50e81cf4e 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -88,8 +88,8 @@ github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= -github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= +github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE= +github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -239,8 +239,8 @@ github.com/osbuild/blueprint v1.9.0 h1:YFFtaxYWrcjgNZ9yeb4AxiPv6zk+ywQwbA671A0gl github.com/osbuild/blueprint v1.9.0/go.mod h1:LfxBgOupiH6h6dfFHAkHK9Kpj9Yd7cSHnQd6zIiuKlc= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.153.0 h1:NPPhtq/WWE5DK7psKFZ/cO4OSaRd+FYsYqPG48WBgzk= -github.com/osbuild/images v0.153.0/go.mod h1:ZiEO1WWKuRvPSaiXsmqn+7krAIZ+qXiiOfBQed0H7lY= +github.com/osbuild/images v0.154.0 h1:iwQ1rW+xwVYciyWQ/v0XBFx/liG8hTUtie3ZHeGr5gs= +github.com/osbuild/images v0.154.0/go.mod h1:74L03u6qLwsYA10qGj6n55lBXCCj5wZLXlFl8Pj3ilI= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -350,8 +350,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= -golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= +golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= +golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 h1:9kj3STMvgqy3YA4VQXBrN7925ICMxD5wzMRcgA30588= golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= @@ -365,8 +365,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM= -golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= +golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -383,8 +383,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= -golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= +golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= +golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -397,8 +397,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= -golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8= +golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -415,8 +415,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -426,8 +426,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= -golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= +golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= +golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -437,8 +437,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= -golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= +golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4= golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -453,8 +453,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY= -golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY= +golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc= +golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 7074516d7638f23c403aeabc1f25b130eaa54d20 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sun, 29 Jun 2025 08:58:22 +0000 Subject: [PATCH 085/254] chore(deps): update google.golang.org/genproto/googleapis/rpc digest to 513f239 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 4 ++-- bib/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 9e2c422ea..590de0aa1 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -126,8 +126,8 @@ require ( golang.org/x/sys v0.33.0 // indirect golang.org/x/term v0.32.0 // indirect golang.org/x/text v0.26.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect google.golang.org/grpc v1.70.0 // indirect - google.golang.org/protobuf v1.36.5 // indirect + google.golang.org/protobuf v1.36.6 // indirect gopkg.in/ini.v1 v1.67.0 // indirect ) diff --git a/bib/go.sum b/bib/go.sum index 50e81cf4e..11f31a293 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -467,8 +467,8 @@ google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEY google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 h1:Pw6WnI9W/LIdRxqK7T6XGugGbHIRl5Q7q3BssH6xk4s= google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47 h1:5iw9XJTD4thFidQmFVvx0wi4g5yOHk76rNRUxz1ZG5g= google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47/go.mod h1:AfA77qWLcidQWywD0YgqfpJzf50w2VjzBml3TybHeJU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 h1:2duwAxN2+k0xLNpjnHTXoMUgnv6VPSp5fiqTuwSxjmI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= @@ -485,8 +485,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= -google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= +google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= From 6bddfa51132d0ad761f1ac3cd4412ce958b4b10e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 4 Jul 2025 10:47:38 +0200 Subject: [PATCH 086/254] github: bump fedora version in testingfarm workflows This commit bumps the `compse:` from Fedora-40 -> Fedora-42 in testingfarm.yml. Its a bit unclear why testingfarm has both this and `plan/unit-go.fmf` where we specify ```yaml summary: Run all tests inside a VM environment provision: how: virtual image: fedora:42 ... ``` already. --- .github/workflows/testingfarm-unit.yml | 2 +- .github/workflows/testingfarm.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/testingfarm-unit.yml b/.github/workflows/testingfarm-unit.yml index ab378281e..f04183fc3 100644 --- a/.github/workflows/testingfarm-unit.yml +++ b/.github/workflows/testingfarm-unit.yml @@ -33,7 +33,7 @@ jobs: - name: Run the tests uses: sclorg/testing-farm-as-github-action@v4 with: - compose: Fedora-40 + compose: Fedora-42 tmt_plan_regex: "/plans/unit-go" api_key: ${{ secrets.TF_API_KEY }} git_url: ${{ github.event.pull_request.head.repo.clone_url }} diff --git a/.github/workflows/testingfarm.yml b/.github/workflows/testingfarm.yml index 2d5b39cf6..5fcf06897 100644 --- a/.github/workflows/testingfarm.yml +++ b/.github/workflows/testingfarm.yml @@ -50,7 +50,7 @@ jobs: - name: Run the tests uses: sclorg/testing-farm-as-github-action@v4 with: - compose: Fedora-40 + compose: Fedora-42 tmt_plan_regex: "/plans/integration" api_key: ${{ secrets.TF_API_KEY }} git_url: ${{ github.event.pull_request.head.repo.clone_url }} From 5e0f71692066e3af3f3c7c7bb42ffec730009a6d Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 7 Jun 2025 19:39:04 +0200 Subject: [PATCH 087/254] test: use randomized password for test VMs This commit uses a randomized password for the test user in the test VM. --- test/test_build_disk.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/test/test_build_disk.py b/test/test_build_disk.py index 9bacdaf2e..8d47674f0 100644 --- a/test/test_build_disk.py +++ b/test/test_build_disk.py @@ -2,8 +2,10 @@ import os import pathlib import platform +import random import re import shutil +import string import subprocess import tempfile import uuid @@ -256,7 +258,9 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ image_types = request.param.image.split("+") username = "test" - password = "password" + # use 18 char random password + password = "".join( + random.choices(string.ascii_uppercase + string.digits, k=18)) kargs = "systemd.journald.forward_to_console=1" container_ref = tc.container_ref @@ -375,10 +379,13 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ } testutil.maybe_create_filesystem_customizations(cfg, tc) testutil.maybe_create_disk_customizations(cfg, tc) - print(f"config for {output_path} {tc=}: {cfg=}") config_json_path = output_path / "config.json" config_json_path.write_text(json.dumps(cfg), encoding="utf-8") + # mask pw + for user in cfg["customizations"]["user"]: + user["password"] = "***" + print(f"config for {output_path} {tc=}: {cfg=}") cursor = testutil.journal_cursor() From f1a047c1be1823f069449a34591168d7332b6069 Mon Sep 17 00:00:00 2001 From: Alessandro Rossi <4215912+kubealex@users.noreply.github.com> Date: Wed, 9 Jul 2025 16:45:42 +0200 Subject: [PATCH 088/254] Fix indentation in README.md Cleaning up indentation. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a0dd65271..d07eefb3f 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ sudo podman run \ -v /var/lib/containers/storage:/var/lib/containers/storage \ quay.io/centos-bootc/bootc-image-builder:latest \ --type qcow2 \ - --use-librepo=True \ + --use-librepo=True \ quay.io/centos-bootc/centos-bootc:stream9 ``` From 7b1fa2fdc5f92c2480954e8d21c298591a88b91a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Jul 2025 05:33:17 +0000 Subject: [PATCH 089/254] build(deps): bump the go-deps group across 1 directory with 2 updates Bumps the go-deps group with 1 update in the /bib directory: [github.com/osbuild/blueprint](https://github.com/osbuild/blueprint). Updates `github.com/osbuild/blueprint` from 1.9.0 to 1.10.0 - [Release notes](https://github.com/osbuild/blueprint/releases) - [Commits](https://github.com/osbuild/blueprint/compare/v1.9.0...v1.10.0) Updates `github.com/osbuild/images` from 0.154.0 to 0.157.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.154.0...v0.157.0) --- updated-dependencies: - dependency-name: github.com/osbuild/blueprint dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/osbuild/images dependency-version: 0.157.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 62 +++++++++--------- bib/go.sum | 189 ++++++++++++++++++++++++++--------------------------- 2 files changed, 124 insertions(+), 127 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 590de0aa1..0fb02f42f 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,9 +6,9 @@ require ( github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.9.0 + github.com/osbuild/blueprint v1.10.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.154.0 + github.com/osbuild/images v0.157.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 @@ -25,24 +25,24 @@ require ( github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.55.7 // indirect - github.com/containerd/cgroups/v3 v3.0.3 // indirect - github.com/containerd/errdefs v0.3.0 // indirect + github.com/containerd/cgroups/v3 v3.0.5 // indirect + github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect - github.com/containers/common v0.62.3 // indirect - github.com/containers/image/v5 v5.34.3 // indirect + github.com/containers/common v0.63.1 // indirect + github.com/containers/image/v5 v5.35.0 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.2.1 // indirect - github.com/containers/storage v1.57.2 // indirect + github.com/containers/storage v1.58.0 // indirect github.com/coreos/go-semver v0.3.1 // indirect - github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect - github.com/cyphar/filepath-securejoin v0.3.6 // indirect + github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect + github.com/cyphar/filepath-securejoin v0.4.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v27.5.1+incompatible // indirect - github.com/docker/docker-credential-helpers v0.8.2 // indirect + github.com/docker/docker v28.0.4+incompatible // indirect + github.com/docker/docker-credential-helpers v0.9.3 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/fatih/color v1.18.0 // indirect @@ -62,9 +62,9 @@ require ( github.com/go-openapi/validate v0.24.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/google/go-containerregistry v0.20.2 // indirect + github.com/google/go-containerregistry v0.20.3 // indirect github.com/google/go-intervals v0.0.2 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.1 // indirect @@ -74,60 +74,62 @@ require ( github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.11 // indirect + github.com/klauspost/compress v1.18.0 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect - github.com/mattn/go-sqlite3 v1.14.24 // indirect + github.com/mattn/go-sqlite3 v1.14.27 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mistifyio/go-zfs/v3 v3.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/sys/capability v0.4.0 // indirect github.com/moby/sys/mountinfo v0.7.2 // indirect - github.com/moby/sys/user v0.3.0 // indirect + github.com/moby/sys/user v0.4.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect - github.com/opencontainers/runtime-spec v1.2.0 // indirect - github.com/opencontainers/selinux v1.11.1 // indirect + github.com/opencontainers/runtime-spec v1.2.1 // indirect + github.com/opencontainers/selinux v1.12.0 // indirect github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/proglottis/gpgme v0.1.4 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect - github.com/sigstore/fulcio v1.6.4 // indirect - github.com/sigstore/rekor v1.3.8 // indirect - github.com/sigstore/sigstore v1.8.12 // indirect + github.com/sigstore/fulcio v1.6.6 // indirect + github.com/sigstore/protobuf-specs v0.4.1 // indirect + github.com/sigstore/rekor v1.3.10 // indirect + github.com/sigstore/sigstore v1.9.3 // indirect github.com/smallstep/pkcs7 v0.1.1 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect - github.com/sylabs/sif/v2 v2.20.2 // indirect + github.com/sylabs/sif/v2 v2.21.1 // indirect github.com/tchap/go-patricia/v2 v2.3.2 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/ulikunitz/xz v0.5.12 // indirect - github.com/vbatts/tar-split v0.11.7 // indirect - github.com/vbauerster/mpb/v8 v8.9.1 // indirect + github.com/vbatts/tar-split v0.12.1 // indirect + github.com/vbauerster/mpb/v8 v8.9.3 // indirect go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect - go.opentelemetry.io/otel v1.34.0 // indirect - go.opentelemetry.io/otel/metric v1.34.0 // indirect - go.opentelemetry.io/otel/trace v1.34.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect + go.opentelemetry.io/otel v1.36.0 // indirect + go.opentelemetry.io/otel/metric v1.36.0 // indirect + go.opentelemetry.io/otel/trace v1.36.0 // indirect golang.org/x/crypto v0.39.0 // indirect - golang.org/x/net v0.40.0 // indirect + golang.org/x/net v0.41.0 // indirect golang.org/x/sync v0.15.0 // indirect golang.org/x/sys v0.33.0 // indirect golang.org/x/term v0.32.0 // indirect golang.org/x/text v0.26.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect - google.golang.org/grpc v1.70.0 // indirect + google.golang.org/grpc v1.73.0 // indirect google.golang.org/protobuf v1.36.6 // indirect gopkg.in/ini.v1 v1.67.0 // indirect ) diff --git a/bib/go.sum b/bib/go.sum index 11f31a293..9ee9c1e1e 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -31,10 +31,10 @@ github.com/cheggaaa/pb/v3 v3.1.7 h1:2FsIW307kt7A/rz/ZI2lvPO+v3wKazzE4K/0LtTWsOI= github.com/cheggaaa/pb/v3 v3.1.7/go.mod h1:/Ji89zfVPeC/u5j8ukD0MBPHt2bzTYp74lQ7KlgFWTQ= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= -github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= -github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= -github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/cgroups/v3 v3.0.5 h1:44na7Ud+VwyE7LIoJ8JTNQOa549a8543BmzaJHo6Bzo= +github.com/containerd/cgroups/v3 v3.0.5/go.mod h1:SA5DLYnXO8pTGYiAHXz94qvLQTKfVM5GEVisn4jpins= +github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= +github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= @@ -43,37 +43,37 @@ github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRcc github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= -github.com/containers/common v0.62.3 h1:aOGryqXfW6aKBbHbqOveH7zB+ihavUN03X/2pUSvWFI= -github.com/containers/common v0.62.3/go.mod h1:3R8kDox2prC9uj/a2hmXj/YjZz5sBEUNrcDiw51S0Lo= -github.com/containers/image/v5 v5.34.3 h1:/cMgfyA4Y7ILH7nzWP/kqpkE5Df35Ek4bp5ZPvJOVmI= -github.com/containers/image/v5 v5.34.3/go.mod h1:MG++slvQSZVq5ejAcLdu4APGsKGMb0YHHnAo7X28fdE= +github.com/containers/common v0.63.1 h1:6g02gbW34PaRVH4Heb2Pk11x0SdbQ+8AfeKKeQGqYBE= +github.com/containers/common v0.63.1/go.mod h1:+3GCotSqNdIqM3sPs152VvW7m5+Mg8Kk+PExT3G9hZw= +github.com/containers/image/v5 v5.35.0 h1:T1OeyWp3GjObt47bchwD9cqiaAm/u4O4R9hIWdrdrP8= +github.com/containers/image/v5 v5.35.0/go.mod h1:8vTsgb+1gKcBL7cnjyNOInhJQfTUQjJoO2WWkKDoebM= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.2.1 h1:0qIOTT9DoYwcKmxSt8QJt+VzMY18onl9jUXsxpVhSmM= github.com/containers/ocicrypt v1.2.1/go.mod h1:aD0AAqfMp0MtwqWgHM1bUwe1anx0VazI108CRrSKINQ= -github.com/containers/storage v1.57.2 h1:2roCtTyE9pzIaBDHibK72DTnYkPmwWaq5uXxZdaWK4U= -github.com/containers/storage v1.57.2/go.mod h1:i/Hb4lu7YgFr9G0K6BMjqW0BLJO1sFsnWQwj2UoWCUM= +github.com/containers/storage v1.58.0 h1:Q7SyyCCjqgT3wYNgRNIL8o/wUS92heIj2/cc8Sewvcc= +github.com/containers/storage v1.58.0/go.mod h1:w7Jl6oG+OpeLGLzlLyOZPkmUso40kjpzgrHUk5tyBlo= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= -github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f h1:eHnXnuK47UlSTOQexbzxAZfekVz6i+LKRdj1CU5DPaM= -github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= -github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= -github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 h1:uX1JmpONuD549D73r6cgnxyUu18Zb7yHAy5AYU0Pm4Q= +github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= +github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= +github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v27.5.1+incompatible h1:JB9cieUT9YNiMITtIsguaN55PLOHhBSz3LKVc6cqWaY= -github.com/docker/cli v27.5.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v28.0.4+incompatible h1:pBJSJeNd9QeIWPjRcV91RVJihd/TXB77q1ef64XEu4A= +github.com/docker/cli v28.0.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v27.5.1+incompatible h1:4PYU5dnBYqRQi0294d1FBECqT9ECWeQAIfE8q4YnPY8= -github.com/docker/docker v27.5.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= -github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= +github.com/docker/docker v28.0.4+incompatible h1:JNNkBctYKurkw6FrHfKqY0nKIDf5nrbxjVBtS+cdcok= +github.com/docker/docker v28.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= +github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= @@ -123,8 +123,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -146,8 +146,8 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo= -github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8= +github.com/google/go-containerregistry v0.20.3 h1:oNx7IdTI936V8CQRveCjaxOiegWwvM7kqkbXTpyiovI= +github.com/google/go-containerregistry v0.20.3/go.mod h1:w00pIgBRDVUDFM6bq+Qx8lwNWK+cxgCuX1vd3PIBDNI= github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM= github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -157,8 +157,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -180,8 +180,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= -github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= +github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= +github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -198,8 +198,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM= -github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/mattn/go-sqlite3 v1.14.27 h1:drZCnuvf37yPfs95E5jd9s3XhdVWLal+6BOK6qrv6IU= +github.com/mattn/go-sqlite3 v1.14.27/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mistifyio/go-zfs/v3 v3.0.1 h1:YaoXgBePoMA12+S1u/ddkv+QqxcfiZK4prI6HPnkFiU= @@ -212,10 +212,10 @@ github.com/moby/sys/capability v0.4.0 h1:4D4mI6KlNtWMCM1Z/K0i7RV1FkX+DBDHKVJpCnd github.com/moby/sys/capability v0.4.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I= github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= -github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= -github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= -github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= -github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs= +github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= +github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= +github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -231,16 +231,16 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= -github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= -github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/osbuild/blueprint v1.9.0 h1:YFFtaxYWrcjgNZ9yeb4AxiPv6zk+ywQwbA671A0glXM= -github.com/osbuild/blueprint v1.9.0/go.mod h1:LfxBgOupiH6h6dfFHAkHK9Kpj9Yd7cSHnQd6zIiuKlc= +github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= +github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= +github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= +github.com/osbuild/blueprint v1.10.0 h1:6TG+mSV5kUA3Vq+0fc10MchDilBcDd8SEA8KbDFUn2w= +github.com/osbuild/blueprint v1.10.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.154.0 h1:iwQ1rW+xwVYciyWQ/v0XBFx/liG8hTUtie3ZHeGr5gs= -github.com/osbuild/images v0.154.0/go.mod h1:74L03u6qLwsYA10qGj6n55lBXCCj5wZLXlFl8Pj3ilI= +github.com/osbuild/images v0.157.0 h1:1NNvaYrbwZu/mpIGH45rX8YW1E8uwO5oLyv1LF3nj+w= +github.com/osbuild/images v0.157.0/go.mod h1:cHCCI3bZmv+SQk15fCRmMiBu3KVgCqug6YKqD2rZFzM= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -250,13 +250,13 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/proglottis/gpgme v0.1.4 h1:3nE7YNA70o2aLjcg63tXMOhPD7bplfE5CBdV+hLAm2M= github.com/proglottis/gpgme v0.1.4/go.mod h1:5LoXMgpE4bttgwwdv9bLs/vwqv3qV7F4glEEZ7mRKrM= -github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= -github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk= +github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVhoNcY= -github.com/prometheus/common v0.57.0/go.mod h1:7uRPFSUTbfZWsJ7MHY56sqt7hLQu3bxXHDnNhl8E9qI= +github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= +github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -265,18 +265,22 @@ github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUc github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 h1:PKK9DyHxif4LZo+uQSgXNqs0jj5+xZwwfKHgph2lxBw= +github.com/santhosh-tekuri/jsonschema/v6 v6.0.1/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= github.com/sebdah/goldie/v2 v2.5.5 h1:rx1mwF95RxZ3/83sdS4Yp7t2C5TCokvWP4TBRbAyEWY= github.com/sebdah/goldie/v2 v2.5.5/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI= github.com/secure-systems-lab/go-securesystemslib v0.9.0 h1:rf1HIbL64nUpEIZnjLZ3mcNEL9NBPB0iuVjyxvq3LZc= github.com/secure-systems-lab/go-securesystemslib v0.9.0/go.mod h1:DVHKMcZ+V4/woA/peqr+L0joiRXbPpQ042GgJckkFgw= github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= -github.com/sigstore/fulcio v1.6.4 h1:d86obfxUAG3Y6CYwOx1pdwCZwKmROB6w6927pKOVIRY= -github.com/sigstore/fulcio v1.6.4/go.mod h1:Y6bn3i3KGhXpaHsAtYP3Z4Np0+VzCo1fLv8Ci6mbPDs= -github.com/sigstore/rekor v1.3.8 h1:B8kJI8mpSIXova4Jxa6vXdJyysRxFGsEsLKBDl0rRjA= -github.com/sigstore/rekor v1.3.8/go.mod h1:/dHFYKSuxEygfDRnEwyJ+ZD6qoVYNXQdi1mJrKvKWsI= -github.com/sigstore/sigstore v1.8.12 h1:S8xMVZbE2z9ZBuQUEG737pxdLjnbOIcFi5v9UFfkJFc= -github.com/sigstore/sigstore v1.8.12/go.mod h1:+PYQAa8rfw0QdPpBcT+Gl3egKD9c+TUgAlF12H3Nmjo= +github.com/sigstore/fulcio v1.6.6 h1:XaMYX6TNT+8n7Npe8D94nyZ7/ERjEsNGFC+REdi/wzw= +github.com/sigstore/fulcio v1.6.6/go.mod h1:BhQ22lwaebDgIxVBEYOOqLRcN5+xOV+C9bh/GUXRhOk= +github.com/sigstore/protobuf-specs v0.4.1 h1:5SsMqZbdkcO/DNHudaxuCUEjj6x29tS2Xby1BxGU7Zc= +github.com/sigstore/protobuf-specs v0.4.1/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= +github.com/sigstore/rekor v1.3.10 h1:/mSvRo4MZ/59ECIlARhyykAlQlkmeAQpvBPlmJtZOCU= +github.com/sigstore/rekor v1.3.10/go.mod h1:JvryKJ40O0XA48MdzYUPu0y4fyvqt0C4iSY7ri9iu3A= +github.com/sigstore/sigstore v1.9.3 h1:y2qlTj+vh+Or3ictKuR3JUFawZPdDxAjrWkeFhon0OQ= +github.com/sigstore/sigstore v1.9.3/go.mod h1:VwYkiw0G0dRtwL25KSs04hCyVFF6CYMd/qvNeYrl7EQ= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU= @@ -297,24 +301,18 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/sylabs/sif/v2 v2.20.2 h1:HGEPzauCHhIosw5o6xmT3jczuKEuaFzSfdjAsH33vYw= -github.com/sylabs/sif/v2 v2.20.2/go.mod h1:WyYryGRaR4Wp21SAymm5pK0p45qzZCSRiZMFvUZiuhc= +github.com/sylabs/sif/v2 v2.21.1 h1:GZ0b5//AFAqJEChd8wHV/uSKx/l1iuGYwjR8nx+4wPI= +github.com/sylabs/sif/v2 v2.21.1/go.mod h1:YoqEGQnb5x/ItV653bawXHZJOXQaEWpGwHsSD3YePJI= github.com/tchap/go-patricia/v2 v2.3.2 h1:xTHFutuitO2zqKAQ5rCROYgUb7Or/+IC3fts9/Yc7nM= github.com/tchap/go-patricia/v2 v2.3.2/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/vbatts/tar-split v0.11.7 h1:ixZ93pO/GmvaZw4Vq9OwmfZK/kc2zKdPfu0B+gYqs3U= -github.com/vbatts/tar-split v0.11.7/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= -github.com/vbauerster/mpb/v8 v8.9.1 h1:LH5R3lXPfE2e3lIGxN7WNWv3Hl5nWO6LRi2B0L0ERHw= -github.com/vbauerster/mpb/v8 v8.9.1/go.mod h1:4XMvznPh8nfe2NpnDo1QTPvW9MVkUhbG90mPWvmOzcQ= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo= +github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= +github.com/vbauerster/mpb/v8 v8.9.3 h1:PnMeF+sMvYv9u23l6DO6Q3+Mdj408mjLRXIzmUmU2Z8= +github.com/vbauerster/mpb/v8 v8.9.3/go.mod h1:hxS8Hz4C6ijnppDSIX6LjG8FYJSoPo9iIOcE53Zik0c= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= @@ -324,24 +322,24 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= -go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= -go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 h1:j9+03ymgYhPKmeXGk5Zu+cIZOlVzd9Zv7QIiyItjFBU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0/go.mod h1:Y5+XiUG4Emn1hTfciPzGPJaSI+RpDts6BnCIir0SLqk= -go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= -go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= -go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= -go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= -go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= -go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= -go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= -go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= -go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= -go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= +go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= +go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 h1:wpMfgF8E1rkrT1Z6meFh1NDtownE9Ii3n3X2GJYjsaU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0= +go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= +go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= +go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= +go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= +go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= +go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= +go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= +go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= +go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= +go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -383,8 +381,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= -golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= +golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= +golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -439,8 +437,8 @@ golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= -golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4= -golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= +golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -453,8 +451,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc= -golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI= +golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo= +golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -464,9 +462,8 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 h1:Pw6WnI9W/LIdRxqK7T6XGugGbHIRl5Q7q3BssH6xk4s= -google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47 h1:5iw9XJTD4thFidQmFVvx0wi4g5yOHk76rNRUxz1ZG5g= -google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47/go.mod h1:AfA77qWLcidQWywD0YgqfpJzf50w2VjzBml3TybHeJU= +google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a h1:SGktgSolFCo75dnHJF2yMvnns6jCmHFJ0vE4Vn2JKvQ= +google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a/go.mod h1:a77HrdMjoeKbnd2jmgcWdaS++ZLZAEq3orIOAEIKiVw= google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE= google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -474,8 +471,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= -google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= +google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= +google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -498,9 +495,7 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= -gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= -gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= +gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= +gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From 9c4322044c0aa22b029ae3f96f67b803580b7db4 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 4 Jul 2025 09:31:26 +0200 Subject: [PATCH 090/254] test: skip the test_image_build_without_se_linux_denials Skip the test_image_build_without_se_linux_denials test until https://github.com/osbuild/bootc-image-builder/issues/645 is resolved. It pains me to do this but the test is failing for some time and bib itself cannot do anything to resolve this (AIUI it need an upstream selinux policy change so that install_t can transition to container_runtime_t because of https://github.com/bootc-dev/bootc/commit/0527ca96202633625f79dfe06277b96cfb522000 --- test/test_build_disk.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/test_build_disk.py b/test/test_build_disk.py index 8d47674f0..9dd990ca3 100644 --- a/test/test_build_disk.py +++ b/test/test_build_disk.py @@ -630,6 +630,8 @@ def has_selinux(): @pytest.mark.skipif(not has_selinux(), reason="selinux not enabled") @pytest.mark.parametrize("image_type", gen_testcases("qemu-boot"), indirect=["image_type"]) def test_image_build_without_se_linux_denials(image_type): + pytest.skip("skip until https://github.com/osbuild/bootc-image-builder/issues/645 is resolved") + # the journal always contains logs from the image building assert image_type.journal_output != "" assert not log_has_osbuild_selinux_denials(image_type.journal_output), \ From e9183bcecca822886ab062fec55a747cb7be64ba Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 4 Jul 2025 09:40:50 +0200 Subject: [PATCH 091/254] plan: add `osbuild-{lvm2,ostree}` to tmt test This commit adds the missing `osbuild-{lvm2,ostree}` to integration.fmf so that the manifest lvm tests work. --- plans/integration.fmf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plans/integration.fmf b/plans/integration.fmf index 2b1d01c51..4d6d00a09 100644 --- a/plans/integration.fmf +++ b/plans/integration.fmf @@ -12,6 +12,8 @@ prepare: package: - edk2-aarch64 - osbuild-depsolve-dnf + - osbuild-lvm2 + - osbuild-ostree - podman - pytest - python3-boto3 From 861ce611d187a53739e08529358b7950f4d2930d Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 4 Jul 2025 09:45:45 +0200 Subject: [PATCH 092/254] test: enable `OSBUILD_EXPERIMENTAL=debug-qemu-user` This commit enables OSBUILD_EXPERIMENTAL=debug-qemu-user during the tests so that we see what unimplemented syscalls or ioctls are used. This should help with the cross-arch failure debugging we see in tmt right now. --- test/test_build_disk.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/test_build_disk.py b/test/test_build_disk.py index 9dd990ca3..eaf2138cf 100644 --- a/test/test_build_disk.py +++ b/test/test_build_disk.py @@ -426,6 +426,11 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ "-v", "/var/tmp/osbuild-test-store:/store", # share the cache between builds "-v", "/var/lib/containers/storage:/var/lib/containers/storage", # mount the host's containers storage ] + if tc.target_arch: + # help debug cross-arch issues by making qemu-user print + cmd.extend( + ["--env", "OSBUILD_EXPERIMENTAL=debug-qemu-user"]) + if tc.podman_terminal: cmd.append("-t") From 36a88cf3a1f266337f3bc71c5029cd5200d63790 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 4 Jul 2025 12:37:51 +0200 Subject: [PATCH 093/254] Containerfile: fix io.openshift.tags Trivial drive-by to update LABEL io.openshift.tags="base fedora40" -> 42 --- Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containerfile b/Containerfile index b8c806c07..00b860307 100644 --- a/Containerfile +++ b/Containerfile @@ -28,5 +28,5 @@ VOLUME /var/lib/containers/storage LABEL description="This tools allows to build and deploy disk-images from bootc container inputs." LABEL io.k8s.description="This tools allows to build and deploy disk-images from bootc container inputs." LABEL io.k8s.display-name="Bootc Image Builder" -LABEL io.openshift.tags="base fedora40" +LABEL io.openshift.tags="base fedora42" LABEL summary="A container to create disk-images from bootc container inputs" From 5c4376fb716ab28dd1b7d68aacf9c0a937f1c5e0 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 14 Jul 2025 19:10:00 +0200 Subject: [PATCH 094/254] plans: disable the aws upload test Disable the aws upload test until we have the AWS credentials added back as github secrets. --- plans/integration.fmf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plans/integration.fmf b/plans/integration.fmf index 4d6d00a09..a0b7fbf30 100644 --- a/plans/integration.fmf +++ b/plans/integration.fmf @@ -33,7 +33,8 @@ execute: echo "Install test requirements" pip install --user -r test/requirements.txt echo "Run tests" - pytest --force-aws-upload + # mvo:2025-07-14: disabled AWS upload test until we add back the credentials + pytest # --force-aws-upload duration: 4h finish: how: shell From 9e9647694abcd4488285f33e5bc2503bd89c2437 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 14 Jul 2025 13:13:45 +0200 Subject: [PATCH 095/254] go.mod: update to the latest version of "images" This pulls in https://github.com/osbuild/images/pull/1651 --- bib/go.mod | 16 ++++++++-------- bib/go.sum | 40 ++++++++++++++++++++-------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 0fb02f42f..386d84b53 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.10.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.157.0 + github.com/osbuild/images v0.160.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 @@ -121,13 +121,13 @@ require ( go.opentelemetry.io/otel v1.36.0 // indirect go.opentelemetry.io/otel/metric v1.36.0 // indirect go.opentelemetry.io/otel/trace v1.36.0 // indirect - golang.org/x/crypto v0.39.0 // indirect - golang.org/x/net v0.41.0 // indirect - golang.org/x/sync v0.15.0 // indirect - golang.org/x/sys v0.33.0 // indirect - golang.org/x/term v0.32.0 // indirect - golang.org/x/text v0.26.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a // indirect + golang.org/x/crypto v0.40.0 // indirect + golang.org/x/net v0.42.0 // indirect + golang.org/x/sync v0.16.0 // indirect + golang.org/x/sys v0.34.0 // indirect + golang.org/x/term v0.33.0 // indirect + golang.org/x/text v0.27.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect google.golang.org/grpc v1.73.0 // indirect google.golang.org/protobuf v1.36.6 // indirect diff --git a/bib/go.sum b/bib/go.sum index 9ee9c1e1e..60c30547d 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -239,8 +239,8 @@ github.com/osbuild/blueprint v1.10.0 h1:6TG+mSV5kUA3Vq+0fc10MchDilBcDd8SEA8KbDFU github.com/osbuild/blueprint v1.10.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.157.0 h1:1NNvaYrbwZu/mpIGH45rX8YW1E8uwO5oLyv1LF3nj+w= -github.com/osbuild/images v0.157.0/go.mod h1:cHCCI3bZmv+SQk15fCRmMiBu3KVgCqug6YKqD2rZFzM= +github.com/osbuild/images v0.160.0 h1:ssgSHg3lOEsKmP1epv8iv9NWXtd95fU92yteJkTycOY= +github.com/osbuild/images v0.160.0/go.mod h1:OBM7JJRFJXfSGv1VsrehbWxqa+y4pcwJhcjTsZQZ0vI= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -348,8 +348,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= -golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= +golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= +golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 h1:9kj3STMvgqy3YA4VQXBrN7925ICMxD5wzMRcgA30588= golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= @@ -363,8 +363,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= -golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= +golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -381,8 +381,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= -golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -395,8 +395,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8= -golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= +golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -413,8 +413,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -424,8 +424,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= -golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= +golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg= +golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -435,8 +435,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= -golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= +golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= +golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -451,8 +451,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo= -golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= +golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= +golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -462,8 +462,8 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a h1:SGktgSolFCo75dnHJF2yMvnns6jCmHFJ0vE4Vn2JKvQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a/go.mod h1:a77HrdMjoeKbnd2jmgcWdaS++ZLZAEq3orIOAEIKiVw= +google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 h1:oWVWY3NzT7KJppx2UKhKmzPq4SRe0LdCijVRwvGeikY= +google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822/go.mod h1:h3c4v36UTKzUiuaOKQ6gr3S+0hovBtUrXzTG/i3+XEc= google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE= google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= From 0d0fd2347317b435817486b92301ad95b48baa72 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 8 Jul 2025 10:09:21 +0200 Subject: [PATCH 096/254] image: update bib for latest images This commit makes bib use the latest images library, i.e. update for the explicit use of `OSCustomizations`. --- bib/cmd/bootc-image-builder/image.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 09d43a477..d5c4b1a2f 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -369,15 +369,15 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest } img := image.NewBootcDiskImage(containerSource, buildContainerSource) - img.Users = users.UsersFromBP(customizations.GetUsers()) - img.Groups = users.GroupsFromBP(customizations.GetGroups()) - img.SELinux = c.SourceInfo.SELinuxPolicy - img.BuildSELinux = img.SELinux + img.OSCustomizations.Users = users.UsersFromBP(customizations.GetUsers()) + img.OSCustomizations.Groups = users.GroupsFromBP(customizations.GetGroups()) + img.OSCustomizations.SELinux = c.SourceInfo.SELinuxPolicy + img.OSCustomizations.BuildSELinux = img.OSCustomizations.SELinux if c.BuildSourceInfo != nil { - img.BuildSELinux = c.BuildSourceInfo.SELinuxPolicy + img.OSCustomizations.BuildSELinux = c.BuildSourceInfo.SELinuxPolicy } - img.KernelOptionsAppend = []string{ + img.OSCustomizations.KernelOptionsAppend = []string{ "rw", // TODO: Drop this as we expect kargs to come from the container image, // xref https://github.com/CentOS/centos-bootc-layered/blob/main/cloud/usr/lib/bootc/install/05-cloud-kargs.toml @@ -415,7 +415,7 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest } if kopts := customizations.GetKernel(); kopts != nil && kopts.Append != "" { - img.KernelOptionsAppend = append(img.KernelOptionsAppend, kopts.Append) + img.OSCustomizations.KernelOptionsAppend = append(img.OSCustomizations.KernelOptionsAppend, kopts.Append) } pt, err := genPartitionTable(c, customizations, rng) @@ -436,11 +436,11 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest if err := blueprint.CheckFileCustomizationsPolicy(fc, policies.OstreeCustomFilesPolicies); err != nil { return nil, err } - img.Files, err = blueprint.FileCustomizationsToFsNodeFiles(fc) + img.OSCustomizations.Files, err = blueprint.FileCustomizationsToFsNodeFiles(fc) if err != nil { return nil, err } - img.Directories, err = blueprint.DirectoryCustomizationsToFsNodeDirectories(dc) + img.OSCustomizations.Directories, err = blueprint.DirectoryCustomizationsToFsNodeDirectories(dc) if err != nil { return nil, err } From 0140cab23fd05daffb01fce5c7178bc9e1c2f608 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 13:35:13 +0000 Subject: [PATCH 097/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.160.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 386d84b53..919144352 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.10.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.160.0 + github.com/osbuild/images v0.162.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 diff --git a/bib/go.sum b/bib/go.sum index 60c30547d..8a687bd87 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -239,8 +239,8 @@ github.com/osbuild/blueprint v1.10.0 h1:6TG+mSV5kUA3Vq+0fc10MchDilBcDd8SEA8KbDFU github.com/osbuild/blueprint v1.10.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.160.0 h1:ssgSHg3lOEsKmP1epv8iv9NWXtd95fU92yteJkTycOY= -github.com/osbuild/images v0.160.0/go.mod h1:OBM7JJRFJXfSGv1VsrehbWxqa+y4pcwJhcjTsZQZ0vI= +github.com/osbuild/images v0.162.0 h1:hZgQGN2J3A51hGYK+nNZ66jXcl5F2jGN+Hu1NxNbOKU= +github.com/osbuild/images v0.162.0/go.mod h1:7DA7VdzXMBDuO/0eiAOOpTt9jvNpzmQfduwsQ8l59pY= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From f203eb3a6eace261dcc6de9fe55a16d00a3f0ac3 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sat, 12 Jul 2025 06:04:36 +0000 Subject: [PATCH 098/254] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- .tekton/bootc-image-builder-pull-request.yaml | 36 +++++++-------- .tekton/bootc-image-builder-push.yaml | 44 +++++++++---------- 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.tekton/bootc-image-builder-pull-request.yaml b/.tekton/bootc-image-builder-pull-request.yaml index 8982b4a89..94256c244 100644 --- a/.tekton/bootc-image-builder-pull-request.yaml +++ b/.tekton/bootc-image-builder-pull-request.yaml @@ -46,7 +46,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1c46fdc4331ab68b925d615e9787e67382916c4ef3ec382d05bedf0cb2b2f51b + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1fa4b71e0e0ca51da1cb769a2e20bbf186235e36b03cd97998e042e6e15a0c67 - name: kind value: task resolver: bundles @@ -65,7 +65,7 @@ spec: - name: name value: summary - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:716d50d6f79c119e729a41ddf4eca7ddc521dbfb32cc10c7e1ef1942da887e26 + value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:599d8b12c4f34ca3c386cb5c18af532cdc5f0773c0477044bbf4fe8591940725 - name: kind value: task resolver: bundles @@ -154,7 +154,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:6d307bd02891fea47e5b4e1a3adfaa1c9cc9760acb92c6c3be5d15992cd1fc09 + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:ecec49de014d480e85a01b4351d7e20d9d9df44788758796da785e5be6da8881 - name: kind value: task resolver: bundles @@ -171,7 +171,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 - name: kind value: task resolver: bundles @@ -199,7 +199,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 - name: kind value: task resolver: bundles @@ -227,7 +227,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 - name: kind value: task resolver: bundles @@ -253,7 +253,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 - name: kind value: task resolver: bundles @@ -290,7 +290,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.4@sha256:0e022da1be692c48348e282e73f30c7e6b1f520d37fb6f985ccb2795940dbe72 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.4@sha256:d8b81c27dd50e936c8140ef8225d814954f0b4fc11c1c23a0e5841af0a0cd168 - name: kind value: task resolver: bundles @@ -327,7 +327,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 - name: kind value: task resolver: bundles @@ -364,7 +364,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 - name: kind value: task resolver: bundles @@ -401,7 +401,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 - name: kind value: task resolver: bundles @@ -435,7 +435,7 @@ spec: - name: name value: build-image-manifest - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:4c7ee801ca6d7dcd2f75c40dc72c2500bcb4de648d4e9f784619b12494a81b57 + value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:bb2042f91b9b3f162fd3bcc2d3516dc8650128a6c8d60a590a8168e86b64ada0 - name: kind value: task resolver: bundles @@ -457,7 +457,7 @@ spec: - name: name value: inspect-image - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.2@sha256:1fbf255b6303b9adf507f0c7df065c10d754a389fc587c03b414e324c10c5d8b + value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.2@sha256:01f4a7ac0ff27ef5d220b6d1e1057d2da6e8c1ba70b45262b14cf55bbf004098 - name: kind value: task resolver: bundles @@ -480,7 +480,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:2ca2cb88240ae105c4404e01ba8b38cff35c0e7a83fb54c180e9fa0d222b1d49 + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:b68137ffd9362e950b2a60f3d7beec22ffc39561642b95e39f95e54596bceee1 - name: kind value: task resolver: bundles @@ -502,7 +502,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.2@sha256:2b4000d80bf5ef8d21c708ebf2cb3182f1b91be8c463f895b13368f568383d52 + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.2@sha256:cbb4a7c9f6d5591b74047a580f5199a91228a810df1c854e03ff049824b8a348 - name: kind value: task resolver: bundles @@ -524,7 +524,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.3@sha256:3f2fd6bb53eb6e562ce1ee794beb081535935aa54b3c56d3ae3707ce65420923 + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.4@sha256:eebe43b3223cbf7d1b6c95c8575c5bcbfd6fe6fb85261b1ad8cd018dff3f5f27 - name: kind value: task resolver: bundles @@ -549,7 +549,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:ed56998b7992b022c4d418d60a8e0427b50294c18c8c92776d9c1f74b1076e3d + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:bb1bfcbe2514b8deb600e7eaf751f24f31a78f37788d838184760fb94fcc6c11 - name: kind value: task resolver: bundles @@ -571,7 +571,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:79b72c8c2a3ff3bb75e7ecaf9ed35316ec1d9ddd68568b3bf3169bee80398dc3 + value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:e16f95bbc57a92ea64e7eac004ced8f9e37262c702d46ca520b33a70bdbed7f3 - name: kind value: task resolver: bundles diff --git a/.tekton/bootc-image-builder-push.yaml b/.tekton/bootc-image-builder-push.yaml index 9da0ef0a9..79104d1e2 100644 --- a/.tekton/bootc-image-builder-push.yaml +++ b/.tekton/bootc-image-builder-push.yaml @@ -42,7 +42,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1c46fdc4331ab68b925d615e9787e67382916c4ef3ec382d05bedf0cb2b2f51b + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1fa4b71e0e0ca51da1cb769a2e20bbf186235e36b03cd97998e042e6e15a0c67 - name: kind value: task resolver: bundles @@ -61,7 +61,7 @@ spec: - name: name value: summary - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:716d50d6f79c119e729a41ddf4eca7ddc521dbfb32cc10c7e1ef1942da887e26 + value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:599d8b12c4f34ca3c386cb5c18af532cdc5f0773c0477044bbf4fe8591940725 - name: kind value: task resolver: bundles @@ -150,7 +150,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:6d307bd02891fea47e5b4e1a3adfaa1c9cc9760acb92c6c3be5d15992cd1fc09 + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:ecec49de014d480e85a01b4351d7e20d9d9df44788758796da785e5be6da8881 - name: kind value: task resolver: bundles @@ -167,7 +167,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 - name: kind value: task resolver: bundles @@ -195,7 +195,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 - name: kind value: task resolver: bundles @@ -223,7 +223,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 - name: kind value: task resolver: bundles @@ -249,7 +249,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:ff20a2f84ae23e580f75e364bd96369a80be75efc7736c4c947cecc636034c88 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 - name: kind value: task resolver: bundles @@ -274,7 +274,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:79abdddffcca0fb71374ab6118e07cc55468252bed6f38b1ae6d81eac3ef71e0 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:c5e7c270abceeab6764e0d15380fbf83311536606fb12b3542fbb1965d8b1df7 - name: kind value: task resolver: bundles @@ -297,7 +297,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:79abdddffcca0fb71374ab6118e07cc55468252bed6f38b1ae6d81eac3ef71e0 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:c5e7c270abceeab6764e0d15380fbf83311536606fb12b3542fbb1965d8b1df7 - name: kind value: task resolver: bundles @@ -320,7 +320,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:79abdddffcca0fb71374ab6118e07cc55468252bed6f38b1ae6d81eac3ef71e0 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:c5e7c270abceeab6764e0d15380fbf83311536606fb12b3542fbb1965d8b1df7 - name: kind value: task resolver: bundles @@ -343,7 +343,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:79abdddffcca0fb71374ab6118e07cc55468252bed6f38b1ae6d81eac3ef71e0 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:c5e7c270abceeab6764e0d15380fbf83311536606fb12b3542fbb1965d8b1df7 - name: kind value: task resolver: bundles @@ -378,7 +378,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.4@sha256:0e022da1be692c48348e282e73f30c7e6b1f520d37fb6f985ccb2795940dbe72 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.4@sha256:d8b81c27dd50e936c8140ef8225d814954f0b4fc11c1c23a0e5841af0a0cd168 - name: kind value: task resolver: bundles @@ -415,7 +415,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 - name: kind value: task resolver: bundles @@ -452,7 +452,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 - name: kind value: task resolver: bundles @@ -489,7 +489,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:8e75d07f09a828bde672b5cbb2a912ec5c6b75c26be7633376e05a3046937794 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 - name: kind value: task resolver: bundles @@ -523,7 +523,7 @@ spec: - name: name value: build-image-manifest - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:4c7ee801ca6d7dcd2f75c40dc72c2500bcb4de648d4e9f784619b12494a81b57 + value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:bb2042f91b9b3f162fd3bcc2d3516dc8650128a6c8d60a590a8168e86b64ada0 - name: kind value: task resolver: bundles @@ -545,7 +545,7 @@ spec: - name: name value: inspect-image - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.2@sha256:1fbf255b6303b9adf507f0c7df065c10d754a389fc587c03b414e324c10c5d8b + value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.2@sha256:01f4a7ac0ff27ef5d220b6d1e1057d2da6e8c1ba70b45262b14cf55bbf004098 - name: kind value: task resolver: bundles @@ -568,7 +568,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:2ca2cb88240ae105c4404e01ba8b38cff35c0e7a83fb54c180e9fa0d222b1d49 + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:b68137ffd9362e950b2a60f3d7beec22ffc39561642b95e39f95e54596bceee1 - name: kind value: task resolver: bundles @@ -590,7 +590,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.2@sha256:2b4000d80bf5ef8d21c708ebf2cb3182f1b91be8c463f895b13368f568383d52 + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.2@sha256:cbb4a7c9f6d5591b74047a580f5199a91228a810df1c854e03ff049824b8a348 - name: kind value: task resolver: bundles @@ -612,7 +612,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.3@sha256:3f2fd6bb53eb6e562ce1ee794beb081535935aa54b3c56d3ae3707ce65420923 + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.4@sha256:eebe43b3223cbf7d1b6c95c8575c5bcbfd6fe6fb85261b1ad8cd018dff3f5f27 - name: kind value: task resolver: bundles @@ -637,7 +637,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:ed56998b7992b022c4d418d60a8e0427b50294c18c8c92776d9c1f74b1076e3d + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:bb1bfcbe2514b8deb600e7eaf751f24f31a78f37788d838184760fb94fcc6c11 - name: kind value: task resolver: bundles @@ -659,7 +659,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:79b72c8c2a3ff3bb75e7ecaf9ed35316ec1d9ddd68568b3bf3169bee80398dc3 + value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:e16f95bbc57a92ea64e7eac004ced8f9e37262c702d46ca520b33a70bdbed7f3 - name: kind value: task resolver: bundles From 59f5cb2dc24f21f4e1340d381e7efe12259ea91c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 17 Jul 2025 05:05:29 +0000 Subject: [PATCH 099/254] build(deps): bump github.com/spf13/pflag in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/spf13/pflag](https://github.com/spf13/pflag). Updates `github.com/spf13/pflag` from 1.0.6 to 1.0.7 - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](https://github.com/spf13/pflag/compare/v1.0.6...v1.0.7) --- updated-dependencies: - dependency-name: github.com/spf13/pflag dependency-version: 1.0.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 919144352..72fa971f2 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -11,7 +11,7 @@ require ( github.com/osbuild/images v0.162.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 - github.com/spf13/pflag v1.0.6 + github.com/spf13/pflag v1.0.7 github.com/stretchr/testify v1.10.0 golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 gopkg.in/yaml.v3 v3.0.1 diff --git a/bib/go.sum b/bib/go.sum index 8a687bd87..d08bb01c9 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -287,8 +287,9 @@ github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU github.com/smallstep/pkcs7 v0.1.1/go.mod h1:dL6j5AIz9GHjVEBTXtW+QliALcgM19RtXaTeyxI+AfA= github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= -github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M= +github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= From 6a04608894ffba1742fdfd6c9dbf40f25fbb673f Mon Sep 17 00:00:00 2001 From: Mbarak Bujra Date: Wed, 21 May 2025 15:20:49 -0400 Subject: [PATCH 100/254] Add Fedora 42 as a link to Fedora 40 --- bib/data/defs/fedora-42.yaml | 1 + 1 file changed, 1 insertion(+) create mode 120000 bib/data/defs/fedora-42.yaml diff --git a/bib/data/defs/fedora-42.yaml b/bib/data/defs/fedora-42.yaml new file mode 120000 index 000000000..b77da5759 --- /dev/null +++ b/bib/data/defs/fedora-42.yaml @@ -0,0 +1 @@ +fedora-40.yaml \ No newline at end of file From 3bb0d282e789fee7f4692de6df78700163a18aaf Mon Sep 17 00:00:00 2001 From: Mbarak Bujra Date: Wed, 21 May 2025 15:21:42 -0400 Subject: [PATCH 101/254] Use rootfs when generating ISO --- bib/cmd/bootc-image-builder/image.go | 6 ++++++ bib/cmd/bootc-image-builder/main.go | 21 ++++++++++----------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index d5c4b1a2f..4b4947fed 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -589,6 +589,12 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro img.RootfsType = manifest.SquashfsRootfs img.Filename = "install.iso" + installRootfsType, err := disk.NewFSType(c.RootFSType) + if err != nil { + return nil, err + } + img.InstallRootfsType = installRootfsType + mf := manifest.New() foundDistro, foundRunner, err := getDistroAndRunner(c.SourceInfo.OSRelease) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index ec2ef56a3..6102ca3c3 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -273,19 +273,18 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress }() var rootfsType string - if !imageTypes.BuildsISO() { - if rootFs != "" { - rootfsType = rootFs - } else { - rootfsType, err = container.DefaultRootfsType() - if err != nil { - return nil, nil, fmt.Errorf("cannot get rootfs type for container: %w", err) - } - if rootfsType == "" { - return nil, nil, fmt.Errorf(`no default root filesystem type specified in container, please use "--rootfs" to set manually`) - } + if rootFs != "" { + rootfsType = rootFs + } else { + rootfsType, err = container.DefaultRootfsType() + if err != nil { + return nil, nil, fmt.Errorf("cannot get rootfs type for container: %w", err) + } + if rootfsType == "" { + return nil, nil, fmt.Errorf(`no default root filesystem type specified in container, please use "--rootfs" to set manually`) } } + // Gather some data from the containers distro sourceinfo, err := source.LoadInfo(container.Root()) if err != nil { From c187d2d3df1342a28dda643fbd3b482cae76fbdf Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 11 Jul 2025 10:06:07 +0200 Subject: [PATCH 102/254] bib: update "images" library to latest version --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 72fa971f2..eb1bb8840 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.10.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.162.0 + github.com/osbuild/images v0.163.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 diff --git a/bib/go.sum b/bib/go.sum index d08bb01c9..6b6ed38ef 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -239,8 +239,8 @@ github.com/osbuild/blueprint v1.10.0 h1:6TG+mSV5kUA3Vq+0fc10MchDilBcDd8SEA8KbDFU github.com/osbuild/blueprint v1.10.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.162.0 h1:hZgQGN2J3A51hGYK+nNZ66jXcl5F2jGN+Hu1NxNbOKU= -github.com/osbuild/images v0.162.0/go.mod h1:7DA7VdzXMBDuO/0eiAOOpTt9jvNpzmQfduwsQ8l59pY= +github.com/osbuild/images v0.163.0 h1:JPA8DY5rAr8qcmfSH5CHFl7HPtcc0G7gvw13C2M0NGc= +github.com/osbuild/images v0.163.0/go.mod h1:/akyaFWxh7IN0ezlXB+6F4N/rKi/Vod1RAh8XLNzCKE= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 3addfe3af1e70892256e9cf42e80169381c4eb12 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 11 Jul 2025 10:11:17 +0200 Subject: [PATCH 103/254] bib: replace internal/{buildconfig,container,source} with images This commit removes the internal/{buildconfig,container,source} packages and replaces them with the (idential but renamed) versions in the images library. This needs https://github.com/osbuild/images/pull/1655 --- bib/cmd/bootc-image-builder/image.go | 15 +- bib/cmd/bootc-image-builder/image_test.go | 9 +- bib/cmd/bootc-image-builder/main.go | 12 +- bib/cmd/bootc-image-builder/main_test.go | 13 +- bib/internal/buildconfig/config.go | 145 ---------------- bib/internal/buildconfig/config_test.go | 196 --------------------- bib/internal/buildconfig/export_test.go | 21 --- bib/internal/container/container.go | 166 ------------------ bib/internal/container/container_test.go | 173 ------------------- bib/internal/container/solver.go | 125 -------------- bib/internal/container/solver_test.go | 198 ---------------------- bib/internal/source/source.go | 165 ------------------ bib/internal/source/source_test.go | 170 ------------------- 13 files changed, 23 insertions(+), 1385 deletions(-) delete mode 100644 bib/internal/buildconfig/config.go delete mode 100644 bib/internal/buildconfig/config_test.go delete mode 100644 bib/internal/buildconfig/export_test.go delete mode 100644 bib/internal/container/container.go delete mode 100644 bib/internal/container/container_test.go delete mode 100644 bib/internal/container/solver.go delete mode 100644 bib/internal/container/solver_test.go delete mode 100644 bib/internal/source/source.go delete mode 100644 bib/internal/source/source_test.go diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 4b4947fed..273fc59c4 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -12,6 +12,7 @@ import ( "strings" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/bib/osinfo" "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/customizations/anaconda" @@ -28,10 +29,8 @@ import ( "github.com/osbuild/images/pkg/runner" "github.com/sirupsen/logrus" - "github.com/osbuild/bootc-image-builder/bib/internal/buildconfig" "github.com/osbuild/bootc-image-builder/bib/internal/distrodef" "github.com/osbuild/bootc-image-builder/bib/internal/imagetypes" - "github.com/osbuild/bootc-image-builder/bib/internal/source" ) // TODO: Auto-detect this from container image metadata @@ -45,7 +44,7 @@ type ManifestConfig struct { ImageTypes imagetypes.ImageTypes // Build config - Config *buildconfig.BuildConfig + Config *blueprint.Blueprint // CPU architecture of the image Architecture arch.Arch @@ -58,8 +57,8 @@ type ManifestConfig struct { DistroDefPaths []string // Extracted information about the source container image - SourceInfo *source.Info - BuildSourceInfo *source.Info + SourceInfo *osinfo.Info + BuildSourceInfo *osinfo.Info // RootFSType specifies the filesystem type for the root partition RootFSType string @@ -460,7 +459,7 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest return &mf, nil } -func labelForISO(os *source.OSRelease, arch *arch.Arch) string { +func labelForISO(os *osinfo.OSRelease, arch *arch.Arch) string { switch os.ID { case "fedora": return fmt.Sprintf("Fedora-S-dvd-%s-%s", arch, os.VersionID) @@ -478,7 +477,7 @@ func labelForISO(os *source.OSRelease, arch *arch.Arch) string { } } -func needsRHELLoraxTemplates(si source.OSRelease) bool { +func needsRHELLoraxTemplates(si osinfo.OSRelease) bool { return si.ID == "rhel" || slices.Contains(si.IDLike, "rhel") || si.VersionID == "eln" } @@ -607,7 +606,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro return &mf, err } -func getDistroAndRunner(osRelease source.OSRelease) (manifest.Distro, runner.Runner, error) { +func getDistroAndRunner(osRelease osinfo.OSRelease) (manifest.Distro, runner.Runner, error) { switch osRelease.ID { case "fedora": version, err := strconv.ParseUint(osRelease.VersionID, 10, 64) diff --git a/bib/cmd/bootc-image-builder/image_test.go b/bib/cmd/bootc-image-builder/image_test.go index b513abc19..f49e03865 100644 --- a/bib/cmd/bootc-image-builder/image_test.go +++ b/bib/cmd/bootc-image-builder/image_test.go @@ -15,8 +15,7 @@ import ( "github.com/osbuild/images/pkg/runner" bib "github.com/osbuild/bootc-image-builder/bib/cmd/bootc-image-builder" - "github.com/osbuild/bootc-image-builder/bib/internal/buildconfig" - "github.com/osbuild/bootc-image-builder/bib/internal/source" + "github.com/osbuild/images/pkg/bib/osinfo" ) func TestGetDistroAndRunner(t *testing.T) { @@ -46,7 +45,7 @@ func TestGetDistroAndRunner(t *testing.T) { for _, c := range cases { t.Run(fmt.Sprintf("%s-%s", c.id, c.versionID), func(t *testing.T) { - osRelease := source.OSRelease{ + osRelease := osinfo.OSRelease{ ID: c.id, VersionID: c.versionID, } @@ -685,7 +684,7 @@ func TestGenPartitionTableDiskCustomizationSizes(t *testing.T) { func TestManifestFilecustomizationsSad(t *testing.T) { config := getBaseConfig() config.ImageTypes = []string{"qcow2"} - config.Config = &buildconfig.BuildConfig{ + config.Config = &blueprint.Blueprint{ Customizations: &blueprint.Customizations{ Files: []blueprint.FileCustomization{ { @@ -703,7 +702,7 @@ func TestManifestFilecustomizationsSad(t *testing.T) { func TestManifestDirCustomizationsSad(t *testing.T) { config := getBaseConfig() config.ImageTypes = []string{"qcow2"} - config.Config = &buildconfig.BuildConfig{ + config.Config = &blueprint.Blueprint{ Customizations: &blueprint.Customizations{ Directories: []blueprint.DirectoryCustomization{ { diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 6102ca3c3..939d2fc49 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -19,6 +19,7 @@ import ( "golang.org/x/exp/slices" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/bib/blueprintload" "github.com/osbuild/images/pkg/cloud" "github.com/osbuild/images/pkg/cloud/awscloud" "github.com/osbuild/images/pkg/container" @@ -28,10 +29,9 @@ import ( "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/rpmmd" - "github.com/osbuild/bootc-image-builder/bib/internal/buildconfig" - podman_container "github.com/osbuild/bootc-image-builder/bib/internal/container" "github.com/osbuild/bootc-image-builder/bib/internal/imagetypes" - "github.com/osbuild/bootc-image-builder/bib/internal/source" + podman_container "github.com/osbuild/images/pkg/bib/container" + "github.com/osbuild/images/pkg/bib/osinfo" "github.com/osbuild/image-builder-cli/pkg/progress" "github.com/osbuild/image-builder-cli/pkg/setup" @@ -246,7 +246,7 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress return nil, nil, fmt.Errorf("cannot detect build types %v: %w", imgTypes, err) } - config, err := buildconfig.ReadWithFallback(userConfigFile) + config, err := blueprintload.LoadWithFallback(userConfigFile) if err != nil { return nil, nil, fmt.Errorf("cannot read config: %w", err) } @@ -286,7 +286,7 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress } // Gather some data from the containers distro - sourceinfo, err := source.LoadInfo(container.Root()) + sourceinfo, err := osinfo.Load(container.Root()) if err != nil { return nil, nil, err } @@ -310,7 +310,7 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress startedBuildContainer = true // Gather some data from the containers distro - buildSourceinfo, err = source.LoadInfo(buildContainer.Root()) + buildSourceinfo, err = osinfo.Load(buildContainer.Root()) if err != nil { return nil, nil, err } diff --git a/bib/cmd/bootc-image-builder/main_test.go b/bib/cmd/bootc-image-builder/main_test.go index 2beba7506..b910da079 100644 --- a/bib/cmd/bootc-image-builder/main_test.go +++ b/bib/cmd/bootc-image-builder/main_test.go @@ -15,6 +15,7 @@ import ( "github.com/stretchr/testify/require" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/bib/osinfo" "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/dnfjson" @@ -22,9 +23,7 @@ import ( "github.com/osbuild/images/pkg/rpmmd" main "github.com/osbuild/bootc-image-builder/bib/cmd/bootc-image-builder" - "github.com/osbuild/bootc-image-builder/bib/internal/buildconfig" "github.com/osbuild/bootc-image-builder/bib/internal/imagetypes" - "github.com/osbuild/bootc-image-builder/bib/internal/source" ) func TestCanChownInPathHappy(t *testing.T) { @@ -75,8 +74,8 @@ func getBaseConfig() *main.ManifestConfig { return &main.ManifestConfig{ Architecture: arch.ARCH_X86_64, Imgref: "testempty", - SourceInfo: &source.Info{ - OSRelease: source.OSRelease{ + SourceInfo: &osinfo.Info{ + OSRelease: osinfo.OSRelease{ ID: "fedora", VersionID: "40", Name: "Fedora Linux", @@ -100,7 +99,7 @@ func getUserConfig() *main.ManifestConfig { return &main.ManifestConfig{ Architecture: arch.ARCH_X86_64, Imgref: "testuser", - Config: &buildconfig.BuildConfig{ + Config: &blueprint.Blueprint{ Customizations: &blueprint.Customizations{ User: []blueprint.UserCustomization{ { @@ -111,8 +110,8 @@ func getUserConfig() *main.ManifestConfig { }, }, }, - SourceInfo: &source.Info{ - OSRelease: source.OSRelease{ + SourceInfo: &osinfo.Info{ + OSRelease: osinfo.OSRelease{ ID: "fedora", VersionID: "40", Name: "Fedora Linux", diff --git a/bib/internal/buildconfig/config.go b/bib/internal/buildconfig/config.go deleted file mode 100644 index 599e2ebbf..000000000 --- a/bib/internal/buildconfig/config.go +++ /dev/null @@ -1,145 +0,0 @@ -package buildconfig - -import ( - "bytes" - "encoding/json" - "fmt" - "io" - "os" - "path/filepath" - - "github.com/BurntSushi/toml" - "github.com/sirupsen/logrus" - - // XXX: eventually there will be only be one importable blueprint, i.e. - // see https://github.com/osbuild/blueprint/issues/3 - externalBlueprint "github.com/osbuild/blueprint/pkg/blueprint" - imagesBlueprint "github.com/osbuild/images/pkg/blueprint" -) - -// legacyBuildConfig is the json based configuration that was used in -// bootc-image-builder before PR#395. It was essentially a blueprint -// with just the extra layer of "blueprint". Supporting it still makes -// the transition of existing users/docs easier. -type legacyBuildConfig struct { - Blueprint *json.RawMessage `json:"blueprint"` -} - -type BuildConfig imagesBlueprint.Blueprint - -// configRootDir is only overriden in tests -var configRootDir = "/" - -func decodeJsonBuildConfig(r io.Reader, what string) (*externalBlueprint.Blueprint, error) { - content, err := io.ReadAll(r) - if err != nil && err != io.EOF { - return nil, fmt.Errorf("cannot read %q: %w", what, err) - } - - // support for legacy json before 2024/05 - var legacyBC legacyBuildConfig - if err := json.Unmarshal(content, &legacyBC); err == nil { - if legacyBC.Blueprint != nil { - logrus.Warningf("Using legacy config") - content = *legacyBC.Blueprint - } - } - - dec := json.NewDecoder(bytes.NewBuffer(content)) - dec.DisallowUnknownFields() - - var conf externalBlueprint.Blueprint - if err := dec.Decode(&conf); err != nil { - return nil, fmt.Errorf("cannot decode %q: %w", what, err) - } - if dec.More() { - return nil, fmt.Errorf("multiple configuration objects or extra data found in %q", what) - } - return &conf, nil -} - -func decodeTomlBuildConfig(r io.Reader, what string) (*externalBlueprint.Blueprint, error) { - dec := toml.NewDecoder(r) - - var conf externalBlueprint.Blueprint - metadata, err := dec.Decode(&conf) - if err != nil { - return nil, fmt.Errorf("cannot decode %q: %w", what, err) - } - - if len(metadata.Undecoded()) > 0 { - return nil, fmt.Errorf("cannot decode %q: unknown keys found: %v", what, metadata.Undecoded()) - } - - return &conf, nil -} - -var osStdin = os.Stdin - -func loadConfig(path string) (*externalBlueprint.Blueprint, error) { - var fp *os.File - var err error - - if path == "-" { - fp = osStdin - } else { - fp, err = os.Open(path) - if err != nil { - return nil, err - } - // nolint:errcheck - defer fp.Close() - } - - switch { - case path == "-", filepath.Ext(path) == ".json": - return decodeJsonBuildConfig(fp, path) - case filepath.Ext(path) == ".toml": - return decodeTomlBuildConfig(fp, path) - default: - return nil, fmt.Errorf("unsupported file extension for %q", path) - } -} - -func LoadConfig(path string) (*imagesBlueprint.Blueprint, error) { - externalBp, err := loadConfig(path) - if err != nil { - return nil, err - } - - bp := externalBlueprint.Convert(*externalBp) - return &bp, nil -} - -func readWithFallback(userConfig string) (*externalBlueprint.Blueprint, error) { - // user asked for an explicit config - if userConfig != "" { - return loadConfig(userConfig) - } - - // check default configs - var foundConfig string - for _, dflConfigFile := range []string{"config.toml", "config.json"} { - cnfPath := filepath.Join(configRootDir, dflConfigFile) - if _, err := os.Stat(cnfPath); err == nil { - if foundConfig != "" { - return nil, fmt.Errorf("found %q and also %q, only a single one is supported", dflConfigFile, filepath.Base(foundConfig)) - } - foundConfig = cnfPath - } - } - if foundConfig == "" { - return &externalBlueprint.Blueprint{}, nil - } - - return loadConfig(foundConfig) -} - -func ReadWithFallback(userConfig string) (*BuildConfig, error) { - externalBp, err := readWithFallback(userConfig) - if err != nil { - return nil, err - } - internalBp := BuildConfig(externalBlueprint.Convert(*externalBp)) - return &internalBp, nil -} diff --git a/bib/internal/buildconfig/config_test.go b/bib/internal/buildconfig/config_test.go deleted file mode 100644 index 63e02bff4..000000000 --- a/bib/internal/buildconfig/config_test.go +++ /dev/null @@ -1,196 +0,0 @@ -package buildconfig_test - -import ( - "os" - "path/filepath" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/osbuild/images/pkg/blueprint" - - "github.com/osbuild/bootc-image-builder/bib/internal/buildconfig" -) - -var expectedBuildConfig = &buildconfig.BuildConfig{ - Customizations: &blueprint.Customizations{ - User: []blueprint.UserCustomization{ - { - Name: "alice", - }, - }, - }, -} - -var fakeConfigJSON = `{ - "customizations": { - "user": [ - { - "name": "alice" - } - ] - } -}` - -var fakeConfigToml = ` -[[customizations.user]] -name = "alice" -` - -func makeFakeConfig(t *testing.T, filename, content string) string { - tmpdir := t.TempDir() - fakeCfgPath := filepath.Join(tmpdir, filename) - err := os.WriteFile(fakeCfgPath, []byte(content), 0644) - assert.NoError(t, err) - return fakeCfgPath -} - -func TestReadWithFallbackUserNoConfigNoFallack(t *testing.T) { - cfg, err := buildconfig.ReadWithFallback("") - assert.NoError(t, err) - assert.Equal(t, &buildconfig.BuildConfig{}, cfg) -} - -func TestReadWithFallbackUserProvidedConfig(t *testing.T) { - for _, tc := range []struct { - fname string - content string - }{ - {"config.toml", fakeConfigToml}, - {"config.json", fakeConfigJSON}, - } { - fakeUserCnfPath := makeFakeConfig(t, tc.fname, tc.content) - - cfg, err := buildconfig.ReadWithFallback(fakeUserCnfPath) - assert.NoError(t, err) - assert.Equal(t, expectedBuildConfig, cfg) - } -} - -func TestReadWithFallProvidedConfig(t *testing.T) { - for _, tc := range []struct { - fname string - content string - }{ - {"config.toml", fakeConfigToml}, - {"config.json", fakeConfigJSON}, - } { - fakeCnfPath := makeFakeConfig(t, tc.fname, tc.content) - restore := buildconfig.MockConfigRootDir(filepath.Dir(fakeCnfPath)) - defer restore() - - cfg, err := buildconfig.ReadWithFallback("") - assert.NoError(t, err) - assert.Equal(t, expectedBuildConfig, cfg) - } -} - -func TestReadUserConfigErrorWrongFormat(t *testing.T) { - for _, tc := range []struct { - fname, content string - expectedErr string - }{ - // wrong content, json in a toml file and vice-versa - {"config.toml", fakeConfigJSON, "cannot decode"}, - {"config.json", fakeConfigToml, "cannot decode"}, - } { - fakeCnfPath := makeFakeConfig(t, tc.fname, tc.content) - - _, err := buildconfig.ReadWithFallback(fakeCnfPath) - assert.ErrorContains(t, err, tc.expectedErr) - } -} - -func TestReadUserConfigTwoConfigsError(t *testing.T) { - tmpdir := t.TempDir() - for _, fname := range []string{"config.json", "config.toml"} { - err := os.WriteFile(filepath.Join(tmpdir, fname), nil, 0644) - assert.NoError(t, err) - } - restore := buildconfig.MockConfigRootDir(tmpdir) - defer restore() - - _, err := buildconfig.ReadWithFallback("") - assert.ErrorContains(t, err, `found "config.json" and also "config.toml", only a single one is supported`) -} - -var fakeLegacyConfigJSON = `{ - "blueprint": { - "customizations": { - "user": [ - { - "name": "alice" - } - ] - } - } -}` - -func TestReadLegacyJSONConfig(t *testing.T) { - fakeUserCnfPath := makeFakeConfig(t, "config.json", fakeLegacyConfigJSON) - cfg, err := buildconfig.ReadWithFallback(fakeUserCnfPath) - assert.NoError(t, err) - assert.Equal(t, expectedBuildConfig, cfg) -} - -func TestTomlUnknownKeysError(t *testing.T) { - fakeUserCnfPath := makeFakeConfig(t, "config.toml", ` -[[birds]] -name = "toucan" -`) - _, err := buildconfig.ReadWithFallback(fakeUserCnfPath) - - assert.ErrorContains(t, err, "unknown keys found: [birds birds.name]") -} - -func TestJsonUnknownKeysError(t *testing.T) { - fakeUserCnfPath := makeFakeConfig(t, "config.json", ` -{ - "birds": [ - { - "name": "toucan" - } - ] -} -`) - _, err := buildconfig.ReadWithFallback(fakeUserCnfPath) - - assert.ErrorContains(t, err, `json: unknown field "birds"`) -} - -func TestReadConfigIsssue655(t *testing.T) { - fakeUserCnfPath := makeFakeConfig(t, "config.toml", ` -[[customizations.filesystem]] -mountpoint = "/" -minsize = 1000 -`) - - conf, err := buildconfig.ReadWithFallback(fakeUserCnfPath) - assert.NoError(t, err) - assert.Equal(t, &buildconfig.BuildConfig{ - Customizations: &blueprint.Customizations{ - Filesystem: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/", - MinSize: 1000, - }, - }, - }, - }, conf) -} - -func TestReadWithFallbackFromStdin(t *testing.T) { - fakeUserCnfPath := makeFakeConfig(t, "fake-stdin", fakeConfigJSON) - fakeStdinFp, err := os.Open(fakeUserCnfPath) - require.NoError(t, err) - // nolint:errcheck - defer fakeStdinFp.Close() - - restore := buildconfig.MockOsStdin(fakeStdinFp) - defer restore() - - cfg, err := buildconfig.ReadWithFallback("-") - assert.NoError(t, err) - assert.Equal(t, expectedBuildConfig, cfg) -} diff --git a/bib/internal/buildconfig/export_test.go b/bib/internal/buildconfig/export_test.go deleted file mode 100644 index 13f7d9069..000000000 --- a/bib/internal/buildconfig/export_test.go +++ /dev/null @@ -1,21 +0,0 @@ -package buildconfig - -import ( - "os" -) - -func MockConfigRootDir(newDir string) (restore func()) { - saved := configRootDir - configRootDir = newDir - return func() { - configRootDir = saved - } -} - -func MockOsStdin(new *os.File) (restore func()) { - saved := osStdin - osStdin = new - return func() { - osStdin = saved - } -} diff --git a/bib/internal/container/container.go b/bib/internal/container/container.go deleted file mode 100644 index bc7c86000..000000000 --- a/bib/internal/container/container.go +++ /dev/null @@ -1,166 +0,0 @@ -package container - -import ( - "encoding/json" - "fmt" - "os" - "os/exec" - "strings" - - "golang.org/x/exp/slices" - - "github.com/osbuild/image-builder-cli/pkg/util" -) - -// Container is a simpler wrapper around a running podman container. -// This type isn't meant as a general-purpose container management tool, but -// as an opinonated library for bootc-image-builder. -type Container struct { - id string - root string -} - -// New creates a new running container from the given image reference. -// -// NB: -// - --net host is used to make networking work in a nested container -// - /run/secrets is mounted from the host to make sure RHSM credentials are available -func New(ref string) (*Container, error) { - const secretDir = "/run/secrets" - secretVolume := fmt.Sprintf("%s:%s", secretDir, secretDir) - - args := []string{ - "run", - "--rm", - "--init", // If sleep infinity is run as PID 1, it doesn't get signals, thus we cannot easily stop the container - "--detach", - "--net", "host", // Networking in a nested container doesn't work without re-using this container's network - "--entrypoint", "sleep", // The entrypoint might be arbitrary, so let's just override it with sleep, we don't want to run anything - } - - // Re-mount the secret directory if it exists - if _, err := os.Stat(secretDir); err == nil { - args = append(args, "--volume", secretVolume) - } - - args = append(args, ref, "infinity") - - output, err := exec.Command("podman", args...).Output() - if err != nil { - if e, ok := err.(*exec.ExitError); ok { - return nil, fmt.Errorf("running %s container failed: %w\nstderr:\n%s", ref, e, e.Stderr) - } - return nil, fmt.Errorf("running %s container failed with generic error: %w", ref, err) - } - - c := &Container{} - c.id = strings.TrimSpace(string(output)) - // Ensure that the container is stopped when this function errors - defer func() { - if err != nil { - if stopErr := c.Stop(); stopErr != nil { - err = fmt.Errorf("%w\nstopping the container failed too: %s", err, stopErr) - } - c = nil - } - }() - - output, err = exec.Command("podman", "mount", c.id).Output() - if err != nil { - if err, ok := err.(*exec.ExitError); ok { - return nil, fmt.Errorf("mounting %s container failed: %w\nstderr:\n%s", ref, err, err.Stderr) - } - return nil, fmt.Errorf("mounting %s container failed with generic error: %w", ref, err) - } - c.root = strings.TrimSpace(string(output)) - - return c, err -} - -// Stop stops the container. Since New() creates a container with --rm, this -// removes the container as well. -func (c *Container) Stop() error { - if output, err := exec.Command("podman", "stop", c.id).CombinedOutput(); err != nil { - return fmt.Errorf("stopping %s container failed: %w\noutput:\n%s", c.id, err, output) - } - // when the container is stopped by podman it may not honor the "--rm" - // that was passed in `New()` so manually remove the container here if it is still available - if output, err := exec.Command("podman", "rm", "--ignore", c.id).CombinedOutput(); err != nil { - return fmt.Errorf("removing %s container failed: %w\noutput:\n%s", c.id, err, output) - } - - return nil -} - -// Root returns the root directory of the container as available on the host. -func (c *Container) Root() string { - return c.root -} - -// Reads a file from the container -func (c *Container) ReadFile(path string) ([]byte, error) { - output, err := exec.Command("podman", "exec", c.id, "cat", path).Output() - if err != nil { - if err, ok := err.(*exec.ExitError); ok { - return nil, fmt.Errorf("reading %s from %s container failed: %w\nstderr:\n%s", path, c.id, err, err.Stderr) - } - return nil, fmt.Errorf("reading %s from %s container failed with generic error: %w", path, c.id, err) - } - - return output, nil -} - -// CopyInto copies a file into the container. -func (c *Container) CopyInto(src, dest string) error { - if output, err := exec.Command("podman", "cp", src, c.id+":"+dest).CombinedOutput(); err != nil { - return fmt.Errorf("copying %s into %s container failed: %w\noutput:\n%s", src, c.id, err, output) - } - - return nil -} - -func (c *Container) ExecArgv() []string { - return []string{"podman", "exec", "-i", c.id} -} - -// DefaultRootfsType returns the default rootfs type (e.g. "ext4") as -// specified by the bootc container install configuration. An empty -// string is valid and means the container sets no default. -func (c *Container) DefaultRootfsType() (string, error) { - output, err := exec.Command("podman", "exec", c.id, "bootc", "install", "print-configuration").Output() - if err != nil { - return "", fmt.Errorf("failed to run bootc install print-configuration: %w", util.OutputErr(err)) - } - - var bootcConfig struct { - Filesystem struct { - Root struct { - Type string `json:"type"` - } `json:"root"` - } `json:"filesystem"` - } - - if err := json.Unmarshal(output, &bootcConfig); err != nil { - return "", fmt.Errorf("failed to unmarshal bootc configuration: %w", err) - } - - // filesystem.root.type is the preferred way instead of the old root-fs-type top-level key. - // See https://github.com/containers/bootc/commit/558cd4b1d242467e0ffec77fb02b35166469dcc7 - fsType := bootcConfig.Filesystem.Root.Type - // Note that these are the only filesystems that the "images" library - // knows how to handle, i.e. how to construct the required osbuild - // stages for. - // TODO: move this into a helper in "images" so that there is only - // a single place that needs updating when we add e.g. btrfs or - // bcachefs - supportedFS := []string{"ext4", "xfs", "btrfs"} - - if fsType == "" { - return "", nil - } - if !slices.Contains(supportedFS, fsType) { - return "", fmt.Errorf("unsupported root filesystem type: %s, supported: %s", fsType, strings.Join(supportedFS, ", ")) - } - - return fsType, nil -} diff --git a/bib/internal/container/container_test.go b/bib/internal/container/container_test.go deleted file mode 100644 index 2aaf218a5..000000000 --- a/bib/internal/container/container_test.go +++ /dev/null @@ -1,173 +0,0 @@ -package container - -import ( - "bytes" - "encoding/json" - "fmt" - "os" - "os/exec" - "path" - "path/filepath" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -const testingImage = "registry.access.redhat.com/ubi9-micro:latest" - -type containerInfo struct { - State string `json:"State"` - Image string `json:"Image"` -} - -type invalidContainerCountError struct { - id string - count int -} - -func (e invalidContainerCountError) Error() string { - return fmt.Sprintf("expected 1 container info for %s, got %d", e.id, e.count) -} - -func getContainerInfo(id string) (containerInfo, error) { - cmd := exec.Command("podman", "ps", "--filter", "id="+id, "--format", "json") - var stdout, stderr bytes.Buffer - cmd.Stdout = &stdout - cmd.Stderr = &stderr - - if err := cmd.Run(); err != nil { - return containerInfo{}, fmt.Errorf("checking status of %s failed: %w\nstderr:\n%s", id, err, stderr.String()) - } - - var infos []containerInfo - if err := json.Unmarshal(stdout.Bytes(), &infos); err != nil { - return containerInfo{}, fmt.Errorf("unmarshalling %s info failed: %w\nstdout:\n%s", id, err, stdout.String()) - } - - if len(infos) != 1 { - return containerInfo{}, invalidContainerCountError{id: id, count: len(infos)} - } - - return infos[0], nil -} - -func TestNew(t *testing.T) { - if os.Geteuid() != 0 { - t.Skip("skipping test; not running as root") - } - - c, err := New(testingImage) - require.NoError(t, err) - t.Cleanup(func() { - err = c.Stop() - assert.NoError(t, err) - - // double-check that the container indeed doesn't exist - _, infoErr := getContainerInfo(c.id) - assert.ErrorIs(t, infoErr, invalidContainerCountError{id: c.id, count: 0}) - }) - - info, err := getContainerInfo(c.id) - require.NoError(t, err) - assert.Equal(t, testingImage, info.Image) - assert.Equal(t, "running", info.State) - - root := c.Root() - osRelease, err := os.ReadFile(path.Join(root, "etc/os-release")) - require.NoError(t, err) - - assert.Contains(t, string(osRelease), `ID="rhel"`) -} - -func TestReadFile(t *testing.T) { - if os.Geteuid() != 0 { - t.Skip("skipping test; not running as root") - } - - c, err := New(testingImage) - require.NoError(t, err) - t.Cleanup(func() { - err = c.Stop() - assert.NoError(t, err) - }) - - content, err := c.ReadFile("/etc/os-release") - require.NoError(t, err) - require.Contains(t, string(content), `ID="rhel"`) -} - -func TestCopyInto(t *testing.T) { - if os.Geteuid() != 0 { - t.Skip("skipping test; not running as root") - } - - tmpdir := t.TempDir() - testfile := path.Join(tmpdir, "testfile") - require.NoError(t, os.WriteFile(testfile, []byte("Hello, world!"), 0644)) - - c, err := New(testingImage) - require.NoError(t, err) - t.Cleanup(func() { - err = c.Stop() - assert.NoError(t, err) - }) - - err = c.CopyInto(testfile, "/testfile") - require.NoError(t, err) - - root := c.Root() - testfileInContainer := path.Join(root, "testfile") - testfileContent, err := os.ReadFile(testfileInContainer) - require.NoError(t, err) - require.Equal(t, "Hello, world!", string(testfileContent)) -} - -func makeFakePodman(t *testing.T, content string) { - tmpdir := t.TempDir() - t.Setenv("PATH", tmpdir+":"+os.Getenv("PATH")) - - err := os.WriteFile(filepath.Join(tmpdir, "podman"), []byte(content), 0755) - assert.NoError(t, err) -} -func TestNewFakedUnhappy(t *testing.T) { - fakePodman := `#!/bin/sh -if [ "$1" = "mount" ]; then - >&2 echo "forced-crash" - exit 2 -fi -exec /usr/bin/podman "$@" -` - makeFakePodman(t, fakePodman) - _, err := New(testingImage) - assert.ErrorContains(t, err, fmt.Sprintf("mounting %s container failed: ", testingImage)) - assert.ErrorContains(t, err, "stderr:\nforced-crash") -} - -func TestRootfsTypeHappy(t *testing.T) { - for _, tc := range []string{"", "ext4", "xfs"} { - jsonStr := "{}" - if tc != "" { - jsonStr = fmt.Sprintf(`{"filesystem": {"root": {"type": "%s"}}}`, tc) - } - makeFakePodman(t, fmt.Sprintf(`#!/bin/sh -echo '%s' -`, jsonStr)) - cnt := Container{} - rootfs, err := cnt.DefaultRootfsType() - assert.NoError(t, err) - assert.Equal(t, tc, rootfs) - } -} - -func TestRootfsTypeSad(t *testing.T) { - for _, tc := range []string{"ext1"} { - jsonStr := fmt.Sprintf(`{"filesystem": {"root": {"type": "%s"}}}`, tc) - makeFakePodman(t, fmt.Sprintf(`#!/bin/sh -echo '%s' -`, jsonStr)) - cnt := Container{} - _, err := cnt.DefaultRootfsType() - assert.ErrorContains(t, err, "unsupported root filesystem type: ext1, supported: ") - } -} diff --git a/bib/internal/container/solver.go b/bib/internal/container/solver.go deleted file mode 100644 index 9381b92ba..000000000 --- a/bib/internal/container/solver.go +++ /dev/null @@ -1,125 +0,0 @@ -package container - -import ( - "fmt" - "os" - "os/exec" - "path/filepath" - - "github.com/osbuild/images/pkg/arch" - "github.com/osbuild/images/pkg/dnfjson" - - "github.com/osbuild/bootc-image-builder/bib/internal/source" -) - -func forceSymlink(symlinkPath, target string) error { - if output, err := exec.Command("ln", "-sf", target, symlinkPath).CombinedOutput(); err != nil { - return fmt.Errorf("cannot run ln: %w, output:\n%s", err, output) - } - return nil -} - -// InitDNF initializes dnf in the container. This is necessary when -// the caller wants to read the image's dnf repositories, but they are -// not static, but rather configured by dnf dynamically. The primaru -// use-case for this is RHEL and subscription-manager. -// -// The implementation is simple: We just run plain `dnf` in the -// container so that the subscription-manager gets initialized. For -// compatibility with both dnf and dnf5 we cannot just run "dnf" as -// dnf5 will error and do nothing in this case. So we use "dnf check -// --duplicates" as this is fast on both dnf4/dnf5 (just doing "dnf5 -// check" without arguments takes around 25s so that is not a great -// option). -func (c *Container) InitDNF() error { - if output, err := exec.Command("podman", "exec", c.id, "dnf", "check", "--duplicates").CombinedOutput(); err != nil { - return fmt.Errorf("initializing dnf in %s container failed: %w\noutput:\n%s", c.id, err, string(output)) - } - - return nil -} - -func (cnt *Container) hasRunSecrets() bool { - _, err := os.Stat(filepath.Join(cnt.root, "/run/secrets/redhat.repo")) - return err == nil -} - -// setupRunSecretsBindMount will synthesise a /run/secrets dir -// in the container root -func (cnt *Container) setupRunSecrets() error { - if cnt.hasRunSecrets() { - return nil - } - dst := filepath.Join(cnt.root, "/run/secrets") - if err := os.MkdirAll(dst, 0755); err != nil { - return err - } - - // We cannot just bind mount here because - // /usr/share/rhel/secrets contains a bunch of relative symlinks - // that will point to the container root not the host when resolved - // from the outside (via the host container mount). - // - // So instead of bind mounting we create a copy of the - // /run/secrets/ - they are static so that should be fine. - // - // We want to support /usr/share/rhel/secrets too to be able - // to run "bootc-image-builder manifest" directly on the host - // (which is useful for e.g. composer). - for _, src := range []string{"/run/secrets", "/usr/share/rhel/secrets"} { - if st, err := os.Stat(src); err != nil || !st.IsDir() { - continue - } - - dents, err := filepath.Glob(src + "/*") - if err != nil { - return err - } - for _, ent := range dents { - // Check if the target file actually exists (i.e. for - // symlinks that they are valid) and only copy if so. - // This covers unsubscribed machines. - if _, err := os.Stat(ent); err != nil { - continue - } - - // Note the use of "-L" here to dereference/copy links - if output, err := exec.Command("cp", "-rvL", ent, dst).CombinedOutput(); err != nil { - return fmt.Errorf("failed to setup /run/secrets: %w, output:\n%s", err, string(output)) - } - } - } - - // workaround broken containers (like f41) that use absolute symlinks - // to point to the entitlements-host and rhsm-host, they need to be - // relative so that the "SetRootdir()" from the resolver works, i.e. - // they need to point into the mounted container. - symlink := filepath.Join(cnt.root, "/etc/pki/entitlement-host") - target := "../../run/secrets/etc-pki-entitlement" - if err := forceSymlink(symlink, target); err != nil { - return err - } - symlink = filepath.Join(cnt.root, "/etc/rhsm-host") - target = "../run/secrets/rhsm" - if err := forceSymlink(symlink, target); err != nil { - return err - } - return nil -} - -func (cnt *Container) NewContainerSolver(cacheRoot string, architecture arch.Arch, sourceInfo *source.Info) (*dnfjson.Solver, error) { - solver := dnfjson.NewSolver( - sourceInfo.OSRelease.PlatformID, - sourceInfo.OSRelease.VersionID, - architecture.String(), - fmt.Sprintf("%s-%s", sourceInfo.OSRelease.ID, sourceInfo.OSRelease.VersionID), - cacheRoot) - - // we copy the data directly into the cnt.root, no need to - // cleanup here because podman stop will remove the dir - if err := cnt.setupRunSecrets(); err != nil { - return nil, err - } - solver.SetRootDir(cnt.root) - return solver, nil -} diff --git a/bib/internal/container/solver_test.go b/bib/internal/container/solver_test.go deleted file mode 100644 index ce5e72d79..000000000 --- a/bib/internal/container/solver_test.go +++ /dev/null @@ -1,198 +0,0 @@ -package container_test - -import ( - "os" - "os/exec" - "path/filepath" - "runtime" - "strings" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/osbuild/images/pkg/arch" - "github.com/osbuild/images/pkg/rpmmd" - - "github.com/osbuild/bootc-image-builder/bib/internal/container" - "github.com/osbuild/bootc-image-builder/bib/internal/source" -) - -const ( - dnfTestingImageRHEL = "registry.access.redhat.com/ubi9:latest" - dnfTestingImageCentos = "quay.io/centos/centos:stream9" - dnfTestingImageFedoraLatest = "registry.fedoraproject.org/fedora:latest" -) - -func ensureCanRunDNFJsonTests(t *testing.T) { - if os.Geteuid() != 0 { - t.Skip("skipping test; not running as root") - } - if _, err := os.Stat("/usr/libexec/osbuild-depsolve-dnf"); err != nil { - t.Skip("cannot find /usr/libexec/osbuild-depsolve-dnf") - } -} - -func ensureAMD64(t *testing.T) { - if runtime.GOARCH != "amd64" { - t.Skip("skipping test; only runs on x86_64") - } -} - -func TestDNFJsonWorks(t *testing.T) { - ensureCanRunDNFJsonTests(t) - - cacheRoot := t.TempDir() - - cnt, err := container.New(dnfTestingImageCentos) - require.NoError(t, err) - defer func() { - assert.NoError(t, cnt.Stop()) - }() - - err = cnt.InitDNF() - require.NoError(t, err) - - sourceInfo, err := source.LoadInfo(cnt.Root()) - require.NoError(t, err) - solver, err := cnt.NewContainerSolver(cacheRoot, arch.Current(), sourceInfo) - require.NoError(t, err) - res, err := solver.Depsolve([]rpmmd.PackageSet{ - { - Include: []string{"coreutils"}, - }, - }, 0) - require.NoError(t, err) - assert.True(t, len(res.Packages) > 0) -} - -func subscribeMachine(t *testing.T) (restore func()) { - if _, err := exec.LookPath("subscription-manager"); err != nil { - t.Skip("no subscription-manager found") - return func() {} - } - - matches, err := filepath.Glob("/etc/pki/entitlement/*.pem") - if err == nil && len(matches) > 0 { - return func() {} - } - - rhsmOrg := os.Getenv("RHSM_ORG") - rhsmActivationKey := os.Getenv("RHSM_ACTIVATION_KEY") - if rhsmOrg == "" || rhsmActivationKey == "" { - t.Skip("no RHSM_{ORG,ACTIVATION_KEY} env vars found") - return func() {} - } - - err = exec.Command("subscription-manager", "register", - "--org", rhsmOrg, - "--activationkey", rhsmActivationKey).Run() - require.NoError(t, err) - - return func() { - err := exec.Command("subscription-manager", "unregister").Run() - require.NoError(t, err) - } -} - -func TestDNFInitGivesAccessToSubscribedContent(t *testing.T) { - if os.Geteuid() != 0 { - t.Skip("skipping test; not running as root") - } - ensureAMD64(t) - - restore := subscribeMachine(t) - defer restore() - - cnt, err := container.New(dnfTestingImageRHEL) - require.NoError(t, err) - err = cnt.InitDNF() - require.NoError(t, err) - - content, err := cnt.ReadFile("/etc/yum.repos.d/redhat.repo") - require.NoError(t, err) - assert.Contains(t, string(content), "rhel-9-for-x86_64-baseos-rpms") -} - -func TestDNFJsonWorkWithSubscribedContent(t *testing.T) { - ensureCanRunDNFJsonTests(t) - ensureAMD64(t) - cacheRoot := t.TempDir() - - restore := subscribeMachine(t) - defer restore() - - cnt, err := container.New(dnfTestingImageRHEL) - require.NoError(t, err) - defer func() { - assert.NoError(t, cnt.Stop()) - }() - - err = cnt.InitDNF() - require.NoError(t, err) - - sourceInfo, err := source.LoadInfo(cnt.Root()) - require.NoError(t, err) - solver, err := cnt.NewContainerSolver(cacheRoot, arch.ARCH_X86_64, sourceInfo) - require.NoError(t, err) - - res, err := solver.Depsolve([]rpmmd.PackageSet{ - { - Include: []string{"coreutils"}, - }, - }, 0) - require.NoError(t, err) - assert.True(t, len(res.Packages) > 0) -} - -func runCmd(t *testing.T, args ...string) { - cmd := exec.Command(args[0], args[1:]...) - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - err := cmd.Run() - require.NoError(t, err) -} - -func TestDNFJsonWorkWithSubscribedContentNestedContainers(t *testing.T) { - ensureCanRunDNFJsonTests(t) - ensureAMD64(t) - tmpdir := t.TempDir() - - restore := subscribeMachine(t) - defer restore() - - // build a test binary from the existing - // TestDNFJsonWorkWithSubscribedContent that is then - // transfered and run *inside* the centos container - testBinary := filepath.Join(tmpdir, "dnftest") - runCmd(t, "go", "test", - "-c", - "-o", testBinary, - "-run", "^TestDNFJsonWorkWithSubscribedContent$") - - output, err := exec.Command( - "podman", "run", "--rm", - "--privileged", - "--init", - "--detach", - "--entrypoint", "sleep", - // use a fedora container as intermediate so that we - // always have the latest glibc (we cannot fully - // static link the test) - dnfTestingImageFedoraLatest, - "infinity", - ).Output() - require.NoError(t, err, string(output)) - cntID := strings.TrimSpace(string(output)) - defer func() { - err := exec.Command("podman", "stop", cntID).Run() - assert.NoError(t, err) - }() - - runCmd(t, "podman", "cp", testBinary, cntID+":/dnftest") - // we need these test dependencies inside the container - runCmd(t, "podman", "exec", cntID, "dnf", "install", "-y", - "gpgme", "podman") - // run the test - runCmd(t, "podman", "exec", cntID, "/dnftest") -} diff --git a/bib/internal/source/source.go b/bib/internal/source/source.go deleted file mode 100644 index cbc345fb5..000000000 --- a/bib/internal/source/source.go +++ /dev/null @@ -1,165 +0,0 @@ -package source - -import ( - "bufio" - "errors" - "fmt" - "os" - "path" - "strings" - - "github.com/sirupsen/logrus" - - "github.com/osbuild/bootc-image-builder/bib/internal/buildconfig" - "github.com/osbuild/images/pkg/blueprint" - "github.com/osbuild/images/pkg/distro" -) - -const bibPathPrefix = "usr/lib/bootc-image-builder" - -type OSRelease struct { - PlatformID string - ID string - VersionID string - Name string - VariantID string - IDLike []string -} - -type Info struct { - OSRelease OSRelease - UEFIVendor string - SELinuxPolicy string - ImageCustomization *blueprint.Customizations -} - -func validateOSRelease(osrelease map[string]string) error { - // VARIANT_ID, PLATFORM_ID are optional - for _, key := range []string{"ID", "VERSION_ID", "NAME"} { - if _, ok := osrelease[key]; !ok { - return fmt.Errorf("missing %s in os-release", key) - } - } - return nil -} - -func uefiVendor(root string) (string, error) { - bootupdEfiDir := path.Join(root, "usr/lib/bootupd/updates/EFI") - l, err := os.ReadDir(bootupdEfiDir) - if err != nil { - return "", fmt.Errorf("cannot read bootupd EFI directory %s: %w", bootupdEfiDir, err) - } - - // best-effort search: return the first directory that's not "BOOT" - for _, entry := range l { - if !entry.IsDir() { - continue - } - - if entry.Name() == "BOOT" { - continue - } - - return entry.Name(), nil - } - - return "", fmt.Errorf("cannot find UEFI vendor in %s", bootupdEfiDir) -} - -func readSelinuxPolicy(root string) (string, error) { - configPath := "etc/selinux/config" - f, err := os.Open(path.Join(root, configPath)) - if err != nil { - return "", fmt.Errorf("cannot read selinux config %s: %w", configPath, err) - } - // nolint:errcheck - defer f.Close() - - policy := "" - scanner := bufio.NewScanner(f) - for scanner.Scan() { - line := strings.TrimSpace(scanner.Text()) - if len(line) == 0 { - continue - } - if strings.HasPrefix(line, "#") { - continue - } - - parts := strings.SplitN(line, "=", 2) - if len(parts) != 2 { - return "", errors.New("selinux config: invalid input") - } - key := strings.TrimSpace(parts[0]) - if key == "SELINUXTYPE" { - policy = strings.TrimSpace(parts[1]) - } - } - - return policy, nil -} - -func readImageCustomization(root string) (*blueprint.Customizations, error) { - prefix := path.Join(root, bibPathPrefix) - config, err := buildconfig.LoadConfig(path.Join(prefix, "config.json")) - if err != nil && !os.IsNotExist(err) { - return nil, err - } - if config == nil { - config, err = buildconfig.LoadConfig(path.Join(prefix, "config.toml")) - if err != nil && !os.IsNotExist(err) { - return nil, err - } - } - // no config found in either toml/json - if config == nil { - return nil, nil - } - - return config.Customizations, nil -} - -func LoadInfo(root string) (*Info, error) { - osrelease, err := distro.ReadOSReleaseFromTree(root) - if err != nil { - return nil, err - } - if err := validateOSRelease(osrelease); err != nil { - return nil, err - } - - vendor, err := uefiVendor(root) - if err != nil { - logrus.Debugf("cannot read UEFI vendor: %v, setting it to none", err) - } - - customization, err := readImageCustomization(root) - if err != nil { - return nil, err - } - - selinuxPolicy, err := readSelinuxPolicy(root) - if err != nil { - logrus.Debugf("cannot read selinux policy: %v, setting it to none", err) - } - - var idLike []string - if osrelease["ID_LIKE"] != "" { - idLike = strings.Split(osrelease["ID_LIKE"], " ") - } - - return &Info{ - OSRelease: OSRelease{ - ID: osrelease["ID"], - VersionID: osrelease["VERSION_ID"], - Name: osrelease["NAME"], - PlatformID: osrelease["PLATFORM_ID"], - VariantID: osrelease["VARIANT_ID"], - IDLike: idLike, - }, - - UEFIVendor: vendor, - SELinuxPolicy: selinuxPolicy, - ImageCustomization: customization, - }, nil -} diff --git a/bib/internal/source/source_test.go b/bib/internal/source/source_test.go deleted file mode 100644 index 7060cb29a..000000000 --- a/bib/internal/source/source_test.go +++ /dev/null @@ -1,170 +0,0 @@ -package source - -import ( - "fmt" - "os" - "path" - "strings" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func writeOSRelease(root, id, versionID, name, platformID, variantID, idLike string) error { - err := os.MkdirAll(path.Join(root, "etc"), 0755) - if err != nil { - return err - } - - var buf string - if id != "" { - buf += "ID=" + id + "\n" - } - if versionID != "" { - buf += "VERSION_ID=" + versionID + "\n" - } - if name != "" { - buf += "NAME=" + name + "\n" - } - if platformID != "" { - buf += "PLATFORM_ID=" + platformID + "\n" - } - if variantID != "" { - buf += "VARIANT_ID=" + variantID + "\n" - } - if idLike != "" { - buf += "ID_LIKE=" + idLike + "\n" - } - - return os.WriteFile(path.Join(root, "etc/os-release"), []byte(buf), 0644) -} - -func createBootupdEFI(root, uefiVendor string) error { - err := os.MkdirAll(path.Join(root, "usr/lib/bootupd/updates/EFI/BOOT"), 0755) - if err != nil { - return err - } - return os.Mkdir(path.Join(root, "usr/lib/bootupd/updates/EFI", uefiVendor), 0755) -} - -func createImageCustomization(root, custType string) error { - bibDir := path.Join(root, "usr/lib/bootc-image-builder/") - err := os.MkdirAll(bibDir, 0755) - if err != nil { - return err - } - - var buf string - var filename string - switch custType { - case "json": - buf = `{ - "customizations": { - "disk": { - "partitions": [ - { - "label": "var", - "mountpoint": "/var", - "fs_type": "ext4", - "minsize": "3 GiB", - "part_type": "01234567-89ab-cdef-0123-456789abcdef" - } - ] - } - } - }` - filename = "config.json" - case "toml": - buf = `[[customizations.disk.partitions]] -label = "var" -mountpoint = "/var" -fs_type = "ext4" -minsize = "3 GiB" -part_type = "01234567-89ab-cdef-0123-456789abcdef" -` - filename = "config.toml" - case "broken": - buf = "{" - filename = "config.json" - default: - return fmt.Errorf("unsupported customization type %s", custType) - } - - return os.WriteFile(path.Join(bibDir, filename), []byte(buf), 0644) -} - -func TestLoadInfo(t *testing.T) { - cases := []struct { - desc string - id string - versionID string - name string - uefiVendor string - platformID string - variantID string - idLike string - custType string - errorStr string - }{ - {"happy", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", "json", ""}, - {"happy-no-uefi", "fedora", "40", "Fedora Linux", "", "platform:f40", "coreos", "", "json", ""}, - {"happy-no-variant_id", "fedora", "40", "Fedora Linux", "", "platform:f40", "", "", "json", ""}, - {"happy-no-id", "fedora", "43", "Fedora Linux", "fedora", "", "", "", "json", ""}, - {"happy-with-id-like", "centos", "9", "CentOS Stream", "", "platform:el9", "", "rhel fedora", "json", ""}, - {"happy-no-cust", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", "", ""}, - {"happy-toml", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", "toml", ""}, - {"sad-no-id", "", "40", "Fedora Linux", "fedora", "platform:f40", "", "", "json", "missing ID in os-release"}, - {"sad-no-id", "fedora", "", "Fedora Linux", "fedora", "platform:f40", "", "", "json", "missing VERSION_ID in os-release"}, - {"sad-no-id", "fedora", "40", "", "fedora", "platform:f40", "", "", "json", "missing NAME in os-release"}, - {"sad-broken-json", "fedora", "40", "Fedora Linux", "fedora", "platform:f40", "coreos", "", "broken", "cannot decode \"$ROOT/usr/lib/bootc-image-builder/config.json\": unexpected EOF"}, - } - - for _, c := range cases { - t.Run(c.desc, func(t *testing.T) { - root := t.TempDir() - require.NoError(t, writeOSRelease(root, c.id, c.versionID, c.name, c.platformID, c.variantID, c.idLike)) - if c.uefiVendor != "" { - require.NoError(t, createBootupdEFI(root, c.uefiVendor)) - - } - if c.custType != "" { - require.NoError(t, createImageCustomization(root, c.custType)) - - } - - info, err := LoadInfo(root) - - if c.errorStr != "" { - require.EqualError(t, err, strings.ReplaceAll(c.errorStr, "$ROOT", root)) - return - } - require.NoError(t, err) - assert.Equal(t, c.id, info.OSRelease.ID) - assert.Equal(t, c.versionID, info.OSRelease.VersionID) - assert.Equal(t, c.name, info.OSRelease.Name) - assert.Equal(t, c.uefiVendor, info.UEFIVendor) - assert.Equal(t, c.platformID, info.OSRelease.PlatformID) - assert.Equal(t, c.variantID, info.OSRelease.VariantID) - if c.custType != "" { - assert.NotNil(t, info.ImageCustomization) - assert.NotNil(t, info.ImageCustomization.Disk) - assert.NotEmpty(t, info.ImageCustomization.Disk.Partitions) - part := info.ImageCustomization.Disk.Partitions[0] - assert.Equal(t, part.Label, "var") - assert.Equal(t, part.MinSize, uint64(3*1024*1024*1024)) - assert.Equal(t, part.FSType, "ext4") - assert.Equal(t, part.Mountpoint, "/var") - // TODO: Validate part.PartType when it is fixed - } else { - assert.Nil(t, info.ImageCustomization) - } - if c.idLike == "" { - assert.Equal(t, len(info.OSRelease.IDLike), 0) - } else { - expected := strings.Split(c.idLike, " ") - assert.Equal(t, expected, info.OSRelease.IDLike) - } - }) - } -} From a63cde5d9fe9e8d061d144f0295da6c94625b789 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Jul 2025 05:46:24 +0000 Subject: [PATCH 104/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.163.0 to 0.164.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.163.0...v0.164.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.164.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 6 +++--- bib/go.sum | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index eb1bb8840..50e308890 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -3,12 +3,10 @@ module github.com/osbuild/bootc-image-builder/bib go 1.23.9 require ( - github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.10.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.163.0 + github.com/osbuild/images v0.164.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 @@ -19,6 +17,7 @@ require ( require ( dario.cat/mergo v1.0.1 // indirect + github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Microsoft/hcsshim v0.12.9 // indirect github.com/VividCortex/ewma v1.2.0 // indirect @@ -96,6 +95,7 @@ require ( github.com/opencontainers/image-spec v1.1.1 // indirect github.com/opencontainers/runtime-spec v1.2.1 // indirect github.com/opencontainers/selinux v1.12.0 // indirect + github.com/osbuild/blueprint v1.10.0 // indirect github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect diff --git a/bib/go.sum b/bib/go.sum index 6b6ed38ef..0928dfb4e 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -239,8 +239,8 @@ github.com/osbuild/blueprint v1.10.0 h1:6TG+mSV5kUA3Vq+0fc10MchDilBcDd8SEA8KbDFU github.com/osbuild/blueprint v1.10.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.163.0 h1:JPA8DY5rAr8qcmfSH5CHFl7HPtcc0G7gvw13C2M0NGc= -github.com/osbuild/images v0.163.0/go.mod h1:/akyaFWxh7IN0ezlXB+6F4N/rKi/Vod1RAh8XLNzCKE= +github.com/osbuild/images v0.164.0 h1:FfrAmuwcL1peGsMHko2zeAN+6g6lDBY9cLVM6vacPPY= +github.com/osbuild/images v0.164.0/go.mod h1:/akyaFWxh7IN0ezlXB+6F4N/rKi/Vod1RAh8XLNzCKE= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 705d0694b6588f53b60c1003ccd892c842d40742 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Jul 2025 05:50:05 +0000 Subject: [PATCH 105/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.164.0 to 0.165.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.164.0...v0.165.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.165.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 41 ++++++------------- bib/go.sum | 118 +++++++++++++++++++---------------------------------- 2 files changed, 54 insertions(+), 105 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 50e308890..ca72aec9d 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,7 +6,7 @@ require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.164.0 + github.com/osbuild/images v0.165.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 @@ -16,31 +16,30 @@ require ( ) require ( - dario.cat/mergo v1.0.1 // indirect + dario.cat/mergo v1.0.2 // indirect github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a // indirect github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/Microsoft/hcsshim v0.12.9 // indirect + github.com/Microsoft/hcsshim v0.13.0 // indirect github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect - github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.55.7 // indirect github.com/containerd/cgroups/v3 v3.0.5 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect - github.com/containers/common v0.63.1 // indirect - github.com/containers/image/v5 v5.35.0 // indirect + github.com/containers/common v0.64.0 // indirect + github.com/containers/image/v5 v5.36.0 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.2.1 // indirect - github.com/containers/storage v1.58.0 // indirect + github.com/containers/storage v1.59.0 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect github.com/cyphar/filepath-securejoin v0.4.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v28.0.4+incompatible // indirect + github.com/docker/docker v28.3.2+incompatible // indirect github.com/docker/docker-credential-helpers v0.9.3 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect @@ -49,16 +48,6 @@ require ( github.com/go-jose/go-jose/v4 v4.0.5 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/analysis v0.23.0 // indirect - github.com/go-openapi/errors v0.22.1 // indirect - github.com/go-openapi/jsonpointer v0.21.1 // indirect - github.com/go-openapi/jsonreference v0.21.0 // indirect - github.com/go-openapi/loads v0.22.0 // indirect - github.com/go-openapi/runtime v0.28.0 // indirect - github.com/go-openapi/spec v0.21.0 // indirect - github.com/go-openapi/strfmt v0.23.0 // indirect - github.com/go-openapi/swag v0.23.1 // indirect - github.com/go-openapi/validate v0.24.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect @@ -71,32 +60,27 @@ require ( github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect - github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.18.0 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect - github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect - github.com/mattn/go-sqlite3 v1.14.27 // indirect + github.com/mattn/go-sqlite3 v1.14.28 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mistifyio/go-zfs/v3 v3.0.1 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/sys/capability v0.4.0 // indirect github.com/moby/sys/mountinfo v0.7.2 // indirect github.com/moby/sys/user v0.4.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect github.com/opencontainers/runtime-spec v1.2.1 // indirect github.com/opencontainers/selinux v1.12.0 // indirect github.com/osbuild/blueprint v1.10.0 // indirect - github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/proglottis/gpgme v0.1.4 // indirect @@ -104,17 +88,15 @@ require ( github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect github.com/sigstore/fulcio v1.6.6 // indirect github.com/sigstore/protobuf-specs v0.4.1 // indirect - github.com/sigstore/rekor v1.3.10 // indirect - github.com/sigstore/sigstore v1.9.3 // indirect + github.com/sigstore/sigstore v1.9.5 // indirect github.com/smallstep/pkcs7 v0.1.1 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect github.com/sylabs/sif/v2 v2.21.1 // indirect - github.com/tchap/go-patricia/v2 v2.3.2 // indirect + github.com/tchap/go-patricia/v2 v2.3.3 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/ulikunitz/xz v0.5.12 // indirect github.com/vbatts/tar-split v0.12.1 // indirect - github.com/vbauerster/mpb/v8 v8.9.3 // indirect - go.mongodb.org/mongo-driver v1.14.0 // indirect + github.com/vbauerster/mpb/v8 v8.10.2 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect @@ -132,4 +114,5 @@ require ( google.golang.org/grpc v1.73.0 // indirect google.golang.org/protobuf v1.36.6 // indirect gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/bib/go.sum b/bib/go.sum index 0928dfb4e..e4324e161 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -1,23 +1,19 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= -dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774 h1:SCbEWT58NSt7d2mcFdvxC9uyrdcTfvBbPLThhkDmXzg= -github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774/go.mod h1:6/0dYRLLXyJjbkIPeeGyoJ/eKOSI0eU6eTlCBYibgd0= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= +dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a h1:pRZNZLyCUkX30uKttIh5ihOtsqCgugM+a4WTxUULiMw= github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg= -github.com/Microsoft/hcsshim v0.12.9/go.mod h1:fJ0gkFAna6ukt0bLdKB8djt4XIJhF/vEPuoIWYVvZ8Y= +github.com/Microsoft/hcsshim v0.13.0 h1:/BcXOiS6Qi7N9XqUcv27vkIuVOkBEcWstd2pMlWSeaA= +github.com/Microsoft/hcsshim v0.13.0/go.mod h1:9KWJ/8DgU+QzYGupX4tzMhRQE8h6w90lH6HAaclpEok= github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= -github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= -github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE= github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -43,16 +39,16 @@ github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRcc github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= -github.com/containers/common v0.63.1 h1:6g02gbW34PaRVH4Heb2Pk11x0SdbQ+8AfeKKeQGqYBE= -github.com/containers/common v0.63.1/go.mod h1:+3GCotSqNdIqM3sPs152VvW7m5+Mg8Kk+PExT3G9hZw= -github.com/containers/image/v5 v5.35.0 h1:T1OeyWp3GjObt47bchwD9cqiaAm/u4O4R9hIWdrdrP8= -github.com/containers/image/v5 v5.35.0/go.mod h1:8vTsgb+1gKcBL7cnjyNOInhJQfTUQjJoO2WWkKDoebM= +github.com/containers/common v0.64.0 h1:Jdjq1e5tqrLov9tcAVc/AfvQCgX4krhcfDBgOXwrSfw= +github.com/containers/common v0.64.0/go.mod h1:bq2UIiFP8vUJdgM+WN8E8jkD7wF69SpDRGzU7epJljg= +github.com/containers/image/v5 v5.36.0 h1:Zh+xFcLjRmicnOT5AFPHH/xj+e3s9ojDN/9X2Kx1+Jo= +github.com/containers/image/v5 v5.36.0/go.mod h1:VZ6cyDHbxZoOt4dklUJ+WNEH9FrgSgfH3qUBYKFlcT0= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.2.1 h1:0qIOTT9DoYwcKmxSt8QJt+VzMY18onl9jUXsxpVhSmM= github.com/containers/ocicrypt v1.2.1/go.mod h1:aD0AAqfMp0MtwqWgHM1bUwe1anx0VazI108CRrSKINQ= -github.com/containers/storage v1.58.0 h1:Q7SyyCCjqgT3wYNgRNIL8o/wUS92heIj2/cc8Sewvcc= -github.com/containers/storage v1.58.0/go.mod h1:w7Jl6oG+OpeLGLzlLyOZPkmUso40kjpzgrHUk5tyBlo= +github.com/containers/storage v1.59.0 h1:r2pYSTzQpJTROZbjJQ54Z0GT+rUC6+wHzlSY8yPjsXk= +github.com/containers/storage v1.59.0/go.mod h1:KoAYHnAjP3/cTsRS+mmWZGkufSY2GACiKQ4V3ZLQnR0= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= @@ -66,12 +62,12 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v28.0.4+incompatible h1:pBJSJeNd9QeIWPjRcV91RVJihd/TXB77q1ef64XEu4A= -github.com/docker/cli v28.0.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v28.3.2+incompatible h1:mOt9fcLE7zaACbxW1GeS65RI67wIJrTnqS3hP2huFsY= +github.com/docker/cli v28.3.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v28.0.4+incompatible h1:JNNkBctYKurkw6FrHfKqY0nKIDf5nrbxjVBtS+cdcok= -github.com/docker/docker v28.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.3.2+incompatible h1:wn66NJ6pWB1vBZIilP8G3qQPqHy5XymfYn5vsqeA5oA= +github.com/docker/docker v28.3.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -95,26 +91,6 @@ github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= -github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= -github.com/go-openapi/errors v0.22.1 h1:kslMRRnK7NCb/CvR1q1VWuEQCEIsBGn5GgKD9e+HYhU= -github.com/go-openapi/errors v0.22.1/go.mod h1:+n/5UdIqdVnLIJ6Q9Se8HNGUXYaY6CN8ImWzfi/Gzp0= -github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic= -github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= -github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= -github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= -github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= -github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= -github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ= -github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc= -github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= -github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= -github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= -github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= -github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= -github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= -github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= -github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= @@ -174,8 +150,6 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= -github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= @@ -190,28 +164,28 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= -github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= -github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mattn/go-sqlite3 v1.14.27 h1:drZCnuvf37yPfs95E5jd9s3XhdVWLal+6BOK6qrv6IU= -github.com/mattn/go-sqlite3 v1.14.27/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/mattn/go-sqlite3 v1.14.28 h1:ThEiQrnbtumT+QMknw63Befp/ce/nUPgBPMlRFEum7A= +github.com/mattn/go-sqlite3 v1.14.28/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mistifyio/go-zfs/v3 v3.0.1 h1:YaoXgBePoMA12+S1u/ddkv+QqxcfiZK4prI6HPnkFiU= github.com/mistifyio/go-zfs/v3 v3.0.1/go.mod h1:CzVgeB0RvF2EGzQnytKVvVSDwmKJXxkOTUGbNrTja/k= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= +github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= +github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs= github.com/moby/sys/capability v0.4.0 h1:4D4mI6KlNtWMCM1Z/K0i7RV1FkX+DBDHKVJpCndZoHk= github.com/moby/sys/capability v0.4.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I= github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= +github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= +github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs= github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= @@ -225,8 +199,6 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -239,10 +211,8 @@ github.com/osbuild/blueprint v1.10.0 h1:6TG+mSV5kUA3Vq+0fc10MchDilBcDd8SEA8KbDFU github.com/osbuild/blueprint v1.10.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.164.0 h1:FfrAmuwcL1peGsMHko2zeAN+6g6lDBY9cLVM6vacPPY= -github.com/osbuild/images v0.164.0/go.mod h1:/akyaFWxh7IN0ezlXB+6F4N/rKi/Vod1RAh8XLNzCKE= -github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= -github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= +github.com/osbuild/images v0.165.0 h1:yEwxi98U0BfITqH3U5/dyk/YIlTP9lTmrZmlLrCz2c0= +github.com/osbuild/images v0.165.0/go.mod h1:ug+8lHP2KMaFe5cWJ4EPBZUiwtVUWjqJ04oLB7Mdefg= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -250,11 +220,11 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/proglottis/gpgme v0.1.4 h1:3nE7YNA70o2aLjcg63tXMOhPD7bplfE5CBdV+hLAm2M= github.com/proglottis/gpgme v0.1.4/go.mod h1:5LoXMgpE4bttgwwdv9bLs/vwqv3qV7F4glEEZ7mRKrM= -github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk= -github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg= +github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= +github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= -github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= +github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= @@ -265,8 +235,8 @@ github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUc github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 h1:PKK9DyHxif4LZo+uQSgXNqs0jj5+xZwwfKHgph2lxBw= -github.com/santhosh-tekuri/jsonschema/v6 v6.0.1/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= +github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= +github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= github.com/sebdah/goldie/v2 v2.5.5 h1:rx1mwF95RxZ3/83sdS4Yp7t2C5TCokvWP4TBRbAyEWY= github.com/sebdah/goldie/v2 v2.5.5/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI= github.com/secure-systems-lab/go-securesystemslib v0.9.0 h1:rf1HIbL64nUpEIZnjLZ3mcNEL9NBPB0iuVjyxvq3LZc= @@ -277,10 +247,8 @@ github.com/sigstore/fulcio v1.6.6 h1:XaMYX6TNT+8n7Npe8D94nyZ7/ERjEsNGFC+REdi/wzw github.com/sigstore/fulcio v1.6.6/go.mod h1:BhQ22lwaebDgIxVBEYOOqLRcN5+xOV+C9bh/GUXRhOk= github.com/sigstore/protobuf-specs v0.4.1 h1:5SsMqZbdkcO/DNHudaxuCUEjj6x29tS2Xby1BxGU7Zc= github.com/sigstore/protobuf-specs v0.4.1/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= -github.com/sigstore/rekor v1.3.10 h1:/mSvRo4MZ/59ECIlARhyykAlQlkmeAQpvBPlmJtZOCU= -github.com/sigstore/rekor v1.3.10/go.mod h1:JvryKJ40O0XA48MdzYUPu0y4fyvqt0C4iSY7ri9iu3A= -github.com/sigstore/sigstore v1.9.3 h1:y2qlTj+vh+Or3ictKuR3JUFawZPdDxAjrWkeFhon0OQ= -github.com/sigstore/sigstore v1.9.3/go.mod h1:VwYkiw0G0dRtwL25KSs04hCyVFF6CYMd/qvNeYrl7EQ= +github.com/sigstore/sigstore v1.9.5 h1:Wm1LT9yF4LhQdEMy5A2JeGRHTrAWGjT3ubE5JUSrGVU= +github.com/sigstore/sigstore v1.9.5/go.mod h1:VtxgvGqCmEZN9X2zhFSOkfXxvKUjpy8RpUW39oCtoII= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU= @@ -304,21 +272,19 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/sylabs/sif/v2 v2.21.1 h1:GZ0b5//AFAqJEChd8wHV/uSKx/l1iuGYwjR8nx+4wPI= github.com/sylabs/sif/v2 v2.21.1/go.mod h1:YoqEGQnb5x/ItV653bawXHZJOXQaEWpGwHsSD3YePJI= -github.com/tchap/go-patricia/v2 v2.3.2 h1:xTHFutuitO2zqKAQ5rCROYgUb7Or/+IC3fts9/Yc7nM= -github.com/tchap/go-patricia/v2 v2.3.2/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= +github.com/tchap/go-patricia/v2 v2.3.3 h1:xfNEsODumaEcCcY3gI0hYPZ/PcpVv5ju6RMAhgwZDDc= +github.com/tchap/go-patricia/v2 v2.3.3/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo= github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= -github.com/vbauerster/mpb/v8 v8.9.3 h1:PnMeF+sMvYv9u23l6DO6Q3+Mdj408mjLRXIzmUmU2Z8= -github.com/vbauerster/mpb/v8 v8.9.3/go.mod h1:hxS8Hz4C6ijnppDSIX6LjG8FYJSoPo9iIOcE53Zik0c= +github.com/vbauerster/mpb/v8 v8.10.2 h1:2uBykSHAYHekE11YvJhKxYmLATKHAGorZwFlyNw4hHM= +github.com/vbauerster/mpb/v8 v8.10.2/go.mod h1:+Ja4P92E3/CorSZgfDtK46D7AVbDqmBQRTmyTqPElo0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= -go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= @@ -327,10 +293,10 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6h go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 h1:wpMfgF8E1rkrT1Z6meFh1NDtownE9Ii3n3X2GJYjsaU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 h1:IJFEoHiytixx8cMiVAO+GmHR6Frwu+u5Ur8njpFO6Ac= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0/go.mod h1:3rHrKNtLIoS0oZwkY2vxi+oJcwFRWdtUyRII+so45p8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 h1:xJ2qHD0C1BeYVTLLR9sX12+Qb95kfeD/byKj6Ky1pXg= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0/go.mod h1:u5BF1xyjstDowA1R5QAO9JHzqK+ublenEW/dyqTjBVk= go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= @@ -339,8 +305,8 @@ go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFw go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= -go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= -go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= From f880ac928a71469bcf20aadc085366889d6f9e47 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Tue, 29 Jul 2025 16:44:54 +0200 Subject: [PATCH 106/254] github: publish upstream container to ghcr At some point we stopped building and pushing the container to ghcr to focus on having only Konflux builds and a single source of the upstream (though, more like "midstream") container on quay.io. However, Konflux builds are not entirely reliable and are inaccessible to external users and contributors. So while the container itself is publicly available under the quay.io/centos-bootc namespace, investigating (and solving) build failures requires contacting people with access to the private job logs. Re-enabling ghcr builds allows us (and practically anyone) to easily investigate and solve build failures and gives us a reliable upstream container available shortly after every PR is merged, making troubleshooting against the latest version a lot easier. This reverts commit 62dda279dae875539436f30aafc5edd45b7fb88e. See also discussion in #1000. --- .github/workflows/build.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index eb0244973..43de0729f 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -3,14 +3,19 @@ name: Build containers on: pull_request: branches: [main] + workflow_dispatch: # for merge queue merge_group: + push: + branches: [main] env: + REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} permissions: contents: read + packages: write jobs: build: @@ -25,3 +30,19 @@ jobs: image: ${{ env.IMAGE_NAME }} tags: "latest" containerfiles: Containerfile + + - name: Log in to the Container registry + if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'push') && github.ref == 'refs/heads/main' }} + uses: redhat-actions/podman-login@v1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push to GitHub Container Repository + if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'push') && github.ref == 'refs/heads/main' }} + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ env.IMAGE_NAME }} + tags: "latest" + registry: ${{ env.REGISTRY }} From 15d53f54e22fc8141f4e3843eb0ffc44f0431158 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Jul 2025 04:29:22 +0000 Subject: [PATCH 107/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.165.0 to 0.166.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.165.0...v0.166.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.166.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index ca72aec9d..ee17eb9f4 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,7 +6,7 @@ require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.165.0 + github.com/osbuild/images v0.166.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 diff --git a/bib/go.sum b/bib/go.sum index e4324e161..80efbd5fa 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -211,8 +211,8 @@ github.com/osbuild/blueprint v1.10.0 h1:6TG+mSV5kUA3Vq+0fc10MchDilBcDd8SEA8KbDFU github.com/osbuild/blueprint v1.10.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.165.0 h1:yEwxi98U0BfITqH3U5/dyk/YIlTP9lTmrZmlLrCz2c0= -github.com/osbuild/images v0.165.0/go.mod h1:ug+8lHP2KMaFe5cWJ4EPBZUiwtVUWjqJ04oLB7Mdefg= +github.com/osbuild/images v0.166.0 h1:glTSU3jPZq13vYoD7CDE1Ho1PRQCXuTb6pZgddGKHGE= +github.com/osbuild/images v0.166.0/go.mod h1:ug+8lHP2KMaFe5cWJ4EPBZUiwtVUWjqJ04oLB7Mdefg= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From 3233d4fe123c95079b9a22654bd11765f8115a59 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Jul 2025 04:23:08 +0000 Subject: [PATCH 108/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.166.0 to 0.168.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.166.0...v0.168.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.168.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 8 ++++---- bib/go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index ee17eb9f4..d1d725508 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,7 +6,7 @@ require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.166.0 + github.com/osbuild/images v0.168.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 @@ -109,9 +109,9 @@ require ( golang.org/x/sys v0.34.0 // indirect golang.org/x/term v0.33.0 // indirect golang.org/x/text v0.27.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect - google.golang.org/grpc v1.73.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250721164621-a45f3dfb1074 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250721164621-a45f3dfb1074 // indirect + google.golang.org/grpc v1.74.2 // indirect google.golang.org/protobuf v1.36.6 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index 80efbd5fa..5c69f9602 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -211,8 +211,8 @@ github.com/osbuild/blueprint v1.10.0 h1:6TG+mSV5kUA3Vq+0fc10MchDilBcDd8SEA8KbDFU github.com/osbuild/blueprint v1.10.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.166.0 h1:glTSU3jPZq13vYoD7CDE1Ho1PRQCXuTb6pZgddGKHGE= -github.com/osbuild/images v0.166.0/go.mod h1:ug+8lHP2KMaFe5cWJ4EPBZUiwtVUWjqJ04oLB7Mdefg= +github.com/osbuild/images v0.168.0 h1:qPmm9d28Py8/TrfzzyCjHAOdcXG4//NbF1EO3I8NanA= +github.com/osbuild/images v0.168.0/go.mod h1:WwKRXlJ7ksVf5jLNpKk2XBRBoX/+/7jrojS2hCm2aDw= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -429,17 +429,17 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 h1:oWVWY3NzT7KJppx2UKhKmzPq4SRe0LdCijVRwvGeikY= -google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822/go.mod h1:h3c4v36UTKzUiuaOKQ6gr3S+0hovBtUrXzTG/i3+XEc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/api v0.0.0-20250721164621-a45f3dfb1074 h1:mVXdvnmR3S3BQOqHECm9NGMjYiRtEvDYcqAqedTXY6s= +google.golang.org/genproto/googleapis/api v0.0.0-20250721164621-a45f3dfb1074/go.mod h1:vYFwMYFbmA8vl6Z/krj/h7+U/AqpHknwJX4Uqgfyc7I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250721164621-a45f3dfb1074 h1:qJW29YvkiJmXOYMu5Tf8lyrTp3dOS+K4z6IixtLaCf8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250721164621-a45f3dfb1074/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= -google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= +google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= +google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 7786514bda92dcc550c59f2e63ce76412298e1ed Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Fri, 1 Aug 2025 17:28:11 +0200 Subject: [PATCH 109/254] go.mod: update osbuild/blueprint to v1.11.0 Fixes #1004 --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index d1d725508..80040ed77 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -80,7 +80,7 @@ require ( github.com/opencontainers/image-spec v1.1.1 // indirect github.com/opencontainers/runtime-spec v1.2.1 // indirect github.com/opencontainers/selinux v1.12.0 // indirect - github.com/osbuild/blueprint v1.10.0 // indirect + github.com/osbuild/blueprint v1.11.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/proglottis/gpgme v0.1.4 // indirect diff --git a/bib/go.sum b/bib/go.sum index 5c69f9602..1bf4f9c11 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -207,8 +207,8 @@ github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= -github.com/osbuild/blueprint v1.10.0 h1:6TG+mSV5kUA3Vq+0fc10MchDilBcDd8SEA8KbDFUn2w= -github.com/osbuild/blueprint v1.10.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= +github.com/osbuild/blueprint v1.11.0 h1:Crqt+RRSE84JOoajzTIGrQaXXxnAgGUCDYe3nump54g= +github.com/osbuild/blueprint v1.11.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= github.com/osbuild/images v0.168.0 h1:qPmm9d28Py8/TrfzzyCjHAOdcXG4//NbF1EO3I8NanA= From d43ee733bb855e8e26dbadf3ea17180acd219e9c Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Fri, 1 Aug 2025 17:42:16 +0200 Subject: [PATCH 110/254] test: add manifest test for partition table type --- test/test_manifest.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/test/test_manifest.py b/test/test_manifest.py index 90ed1c699..bf275401f 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -631,6 +631,28 @@ def test_manifest_disk_customization_lvm(tmp_path, build_container): assert st["devices"]["rootlv"]["type"] == "org.osbuild.lvm2.lv" +def test_manifest_disk_customization_dos(tmp_path, build_container): + container_ref = "quay.io/centos-bootc/centos-bootc:stream9" + testutil.pull_container(container_ref) + + config = textwrap.dedent("""\ + [customizations.disk] + type = "dos" + """) + config_path = tmp_path / "config.toml" + config_path.write_text(config) + + testutil.pull_container(container_ref) + output = subprocess.check_output([ + *testutil.podman_run_common, + "-v", f"{config_path}:/config.toml:ro", + build_container, + "manifest", f"{container_ref}", + ]) + st = find_sfdisk_stage_from(output) + assert st["label"] == "dos" + + def test_manifest_disk_customization_btrfs(tmp_path, build_container): container_ref = "quay.io/centos-bootc/centos-bootc:stream9" From e5a3379932bc8beb39eccf5812dcdb8aa3503da3 Mon Sep 17 00:00:00 2001 From: Guoguo <16666742+imguoguo@users.noreply.github.com> Date: Tue, 17 Jun 2025 02:02:16 +0000 Subject: [PATCH 111/254] feat: add support for RISC-V architecture in disk image and partition table --- bib/cmd/bootc-image-builder/image.go | 15 +++++++++++++++ bib/cmd/bootc-image-builder/partition_tables.go | 9 +++++++++ 2 files changed, 24 insertions(+) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 273fc59c4..03942aace 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -411,7 +411,15 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest }, BIOS: true, } + case arch.ARCH_RISCV64: + img.Platform = &platform.RISCV64{ + UEFIVendor: "fedora", + BasePlatform: platform.BasePlatform{ + QCOW2Compat: "1.1", + }, + } } + if kopts := customizations.GetKernel(); kopts != nil && kopts.Append != "" { img.OSCustomizations.KernelOptionsAppend = append(img.OSCustomizations.KernelOptionsAppend, kopts.Append) @@ -581,6 +589,13 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro ImageFormat: platform.FORMAT_ISO, }, } + case arch.ARCH_RISCV64: + img.Platform = &platform.RISCV64{ + BasePlatform: platform.BasePlatform{ + ImageFormat: platform.FORMAT_ISO, + }, + UEFIVendor: c.SourceInfo.UEFIVendor, + } default: return nil, fmt.Errorf("unsupported architecture %v", c.Architecture) } diff --git a/bib/cmd/bootc-image-builder/partition_tables.go b/bib/cmd/bootc-image-builder/partition_tables.go index 0d67f8705..9ce5468c5 100644 --- a/bib/cmd/bootc-image-builder/partition_tables.go +++ b/bib/cmd/bootc-image-builder/partition_tables.go @@ -127,4 +127,13 @@ var partitionTables = distro.BasePartitionTableMap{ rootPartition, }, }, + arch.ARCH_RISCV64.String(): disk.PartitionTable{ + UUID: diskUuidOfUnknownOrigin, + Type: disk.PT_GPT, + Partitions: []disk.Partition{ + efiPartition, + bootPartition, + rootPartition, + }, + }, } From 93793dbdaab1ad3ac543b41e3a0e4cbe90898682 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 21 Aug 2025 10:42:42 +0200 Subject: [PATCH 112/254] test: disable centos9 iso test for now because kernel panic This commit disables the centos9 iso test because it currently crashes the centos9 kernel, see https://issues.redhat.com/browse/RHEL-109635 This unbreaks bib merges and should be reverted once RHEL-109635 is fixed. --- test/testcases.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/testcases.py b/test/testcases.py index 3f1062295..21c537674 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -99,7 +99,8 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements # 2024-12-19: disabled for now until the mirror situation becomes # a bit more stable # TestCaseFedora(image="anaconda-iso", sign=True), - TestCaseC9S(image="anaconda-iso"), + # 2025-08-21: disabled because of https://issues.redhat.com/browse/RHEL-109635 + # TestCaseC9S(image="anaconda-iso"), TestCaseC10S(image="anaconda-iso"), ] if what == "qemu-cross": From fd8eebe23ef90b25df7578357d7088daaa013aa1 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 20 Aug 2025 12:05:31 +0200 Subject: [PATCH 113/254] bib: simplify extractTLSKeys() The extractTLSKeys() takes a SimplefileReader so that its testable. The downside is that it makes it slightly harder to use the helper because of the extra parameter. But we don't really need this, we can make the testing entirely invisible for the API user via the common ```go var osReadFile = os.ReadFile ``` pattern. This commit is doing exactly this. --- bib/cmd/bootc-image-builder/export_test.go | 8 ++++++++ bib/cmd/bootc-image-builder/main.go | 2 +- bib/cmd/bootc-image-builder/mtls.go | 18 +++++------------- bib/cmd/bootc-image-builder/mtls_test.go | 10 +++++++--- 4 files changed, 21 insertions(+), 17 deletions(-) diff --git a/bib/cmd/bootc-image-builder/export_test.go b/bib/cmd/bootc-image-builder/export_test.go index 9b0e6a2c5..ae62449d2 100644 --- a/bib/cmd/bootc-image-builder/export_test.go +++ b/bib/cmd/bootc-image-builder/export_test.go @@ -20,3 +20,11 @@ func MockOsGetuid(new func() int) (restore func()) { osGetuid = saved } } + +func MockOsReadFile(new func(string) ([]byte, error)) (restore func()) { + saved := osReadFile + osReadFile = new + return func() { + osReadFile = saved + } +} diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 939d2fc49..2c9b17ccd 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -347,7 +347,7 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress return nil, nil, err } - mTLS, err := extractTLSKeys(SimpleFileReader{}, repos) + mTLS, err := extractTLSKeys(repos) if err != nil { return nil, nil, err } diff --git a/bib/cmd/bootc-image-builder/mtls.go b/bib/cmd/bootc-image-builder/mtls.go index 101a8e45d..ebe650771 100644 --- a/bib/cmd/bootc-image-builder/mtls.go +++ b/bib/cmd/bootc-image-builder/mtls.go @@ -15,17 +15,9 @@ type mTLSConfig struct { ca []byte } -type fileReader interface { - ReadFile(string) ([]byte, error) -} - -type SimpleFileReader struct{} - -func (SimpleFileReader) ReadFile(path string) ([]byte, error) { - return os.ReadFile(path) -} +var osReadFile = os.ReadFile -func extractTLSKeys(reader fileReader, repoSets map[string][]rpmmd.RepoConfig) (*mTLSConfig, error) { +func extractTLSKeys(repoSets map[string][]rpmmd.RepoConfig) (*mTLSConfig, error) { var keyPath, certPath, caPath string for _, set := range repoSets { for _, r := range set { @@ -44,17 +36,17 @@ func extractTLSKeys(reader fileReader, repoSets map[string][]rpmmd.RepoConfig) ( return nil, nil } - key, err := reader.ReadFile(keyPath) + key, err := osReadFile(keyPath) if err != nil { return nil, fmt.Errorf("failed to read TLS client key from the container: %w", err) } - cert, err := reader.ReadFile(certPath) + cert, err := osReadFile(certPath) if err != nil { return nil, fmt.Errorf("failed to read TLS client certificate from the container: %w", err) } - ca, err := reader.ReadFile(caPath) + ca, err := osReadFile(caPath) if err != nil { return nil, fmt.Errorf("failed to read TLS CA certificate from the container: %w", err) } diff --git a/bib/cmd/bootc-image-builder/mtls_test.go b/bib/cmd/bootc-image-builder/mtls_test.go index 15a3d30a8..03fac2372 100644 --- a/bib/cmd/bootc-image-builder/mtls_test.go +++ b/bib/cmd/bootc-image-builder/mtls_test.go @@ -33,8 +33,10 @@ func TestExtractTLSKeysHappy(t *testing.T) { } fakeReader := &fakeFileReader{} + restore := MockOsReadFile(fakeReader.ReadFile) + defer restore() - mTLS, err := extractTLSKeys(fakeReader, repos) + mTLS, err := extractTLSKeys(repos) require.NoError(t, err) require.Equal(t, mTLS.ca, []byte("content of /ca")) require.Equal(t, mTLS.cert, []byte("content of /cert")) @@ -43,7 +45,7 @@ func TestExtractTLSKeysHappy(t *testing.T) { // also check that adding another repo with same keys still succeeds repos["toucan"] = repos["kingfisher"] - _, err = extractTLSKeys(fakeReader, repos) + _, err = extractTLSKeys(repos) require.NoError(t, err) require.Len(t, fakeReader.readPaths, 6) } @@ -68,8 +70,10 @@ func TestExtractTLSKeysUnhappy(t *testing.T) { } fakeReader := &fakeFileReader{} + restore := MockOsReadFile(fakeReader.ReadFile) + defer restore() - _, err := extractTLSKeys(fakeReader, repos) + _, err := extractTLSKeys(repos) require.EqualError(t, err, "multiple TLS client keys found, this is currently unsupported") } From b2a18aaf7270094f38cac9413aa166849e7fda4d Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 20 Aug 2025 08:29:12 +0200 Subject: [PATCH 114/254] go.mod: update images to v0.177 --- bib/go.mod | 49 +++++++++++++++-------- bib/go.sum | 113 ++++++++++++++++++++++++++++++++++------------------- 2 files changed, 105 insertions(+), 57 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 80040ed77..c9d151544 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -5,8 +5,9 @@ go 1.23.9 require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 + github.com/osbuild/blueprint v1.13.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.168.0 + github.com/osbuild/images v0.177.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 @@ -22,17 +23,36 @@ require ( github.com/Microsoft/hcsshim v0.13.0 // indirect github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect - github.com/aws/aws-sdk-go v1.55.7 // indirect + github.com/aws/aws-sdk-go-v2 v1.38.0 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 // indirect + github.com/aws/aws-sdk-go-v2/config v1.31.0 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.18.4 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 // indirect + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.18.4 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.3 // indirect + github.com/aws/aws-sdk-go-v2/service/ec2 v1.244.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.3 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.87.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.28.0 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.37.0 // indirect + github.com/aws/smithy-go v1.22.5 // indirect github.com/containerd/cgroups/v3 v3.0.5 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect - github.com/containers/common v0.64.0 // indirect - github.com/containers/image/v5 v5.36.0 // indirect + github.com/containers/common v0.64.1 // indirect + github.com/containers/image/v5 v5.36.1 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.2.1 // indirect - github.com/containers/storage v1.59.0 // indirect + github.com/containers/storage v1.59.1 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect github.com/cyphar/filepath-securejoin v0.4.1 // indirect @@ -59,7 +79,6 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.18.0 // indirect github.com/klauspost/pgzip v1.2.6 // indirect @@ -80,7 +99,6 @@ require ( github.com/opencontainers/image-spec v1.1.1 // indirect github.com/opencontainers/runtime-spec v1.2.1 // indirect github.com/opencontainers/selinux v1.12.0 // indirect - github.com/osbuild/blueprint v1.11.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/proglottis/gpgme v0.1.4 // indirect @@ -103,16 +121,15 @@ require ( go.opentelemetry.io/otel v1.36.0 // indirect go.opentelemetry.io/otel/metric v1.36.0 // indirect go.opentelemetry.io/otel/trace v1.36.0 // indirect - golang.org/x/crypto v0.40.0 // indirect - golang.org/x/net v0.42.0 // indirect + golang.org/x/crypto v0.41.0 // indirect + golang.org/x/net v0.43.0 // indirect golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.34.0 // indirect - golang.org/x/term v0.33.0 // indirect - golang.org/x/text v0.27.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250721164621-a45f3dfb1074 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250721164621-a45f3dfb1074 // indirect + golang.org/x/sys v0.35.0 // indirect + golang.org/x/term v0.34.0 // indirect + golang.org/x/text v0.28.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b // indirect google.golang.org/grpc v1.74.2 // indirect - google.golang.org/protobuf v1.36.6 // indirect + google.golang.org/protobuf v1.36.7 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/bib/go.sum b/bib/go.sum index 1bf4f9c11..e657f4918 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -14,8 +14,46 @@ github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1o github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= -github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE= -github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.38.0 h1:UCRQ5mlqcFk9HJDIqENSLR3wiG1VTWlyUfLDEvY7RxU= +github.com/aws/aws-sdk-go-v2 v1.38.0/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 h1:6GMWV6CNpA/6fbFHnoAjrv4+LGfyTqZz2LtCHnspgDg= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0/go.mod h1:/mXlTIVG9jbxkqDnr5UQNQxW1HRYxeGklkM9vAFeabg= +github.com/aws/aws-sdk-go-v2/config v1.31.0 h1:9yH0xiY5fUnVNLRWO0AtayqwU1ndriZdN78LlhruJR4= +github.com/aws/aws-sdk-go-v2/config v1.31.0/go.mod h1:VeV3K72nXnhbe4EuxxhzsDc/ByrCSlZwUnWH52Nde/I= +github.com/aws/aws-sdk-go-v2/credentials v1.18.4 h1:IPd0Algf1b+Qy9BcDp0sCUcIWdCQPSzDoMK3a8pcbUM= +github.com/aws/aws-sdk-go-v2/credentials v1.18.4/go.mod h1:nwg78FjH2qvsRM1EVZlX9WuGUJOL5od+0qvm0adEzHk= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 h1:GicIdnekoJsjq9wqnvyi2elW6CGMSYKhdozE7/Svh78= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3/go.mod h1:R7BIi6WNC5mc1kfRM7XM/VHC3uRWkjc396sfabq4iOo= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.18.4 h1:0SzCLoPRSK3qSydsaFQWugP+lOBCTPwfcBOm6222+UA= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.18.4/go.mod h1:JAet9FsBHjfdI+TnMBX4ModNNaQHAd3dc/Bk+cNsxeM= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3 h1:o9RnO+YZ4X+kt5Z7Nvcishlz0nksIt2PIzDglLMP0vA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3/go.mod h1:+6aLJzOG1fvMOyzIySYjOFjcguGvVRL68R+uoRencN4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3 h1:joyyUFhiTQQmVK6ImzNU9TQSNRNeD9kOklqTzyk5v6s= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3/go.mod h1:+vNIyZQP3b3B1tSLI0lxvrU9cfM7gpdRXMFfm67ZcPc= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.3 h1:ZV2XK2L3HBq9sCKQiQ/MdhZJppH/rH0vddEAamsHUIs= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.3/go.mod h1:b9F9tk2HdHpbf3xbN7rUZcfmJI26N6NcJu/8OsBFI/0= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.244.0 h1:KfETrpt7yv2nkSrjOltgmKyAl8scbzYc4TFtZeoV6uc= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.244.0/go.mod h1:EeWmteKqZjaMj45MUmPET1SisFI+HkqWIRQoyjMivcc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 h1:6+lZi2JeGKtCraAj1rpoZfKqnQ9SptseRZioejfUOLM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0/go.mod h1:eb3gfbVIxIoGgJsi9pGne19dhCBpK6opTYpQqAmdy44= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.3 h1:3ZKmesYBaFX33czDl6mbrcHb6jeheg6LqjJhQdefhsY= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.3/go.mod h1:7ryVb78GLCnjq7cw45N6oUb9REl7/vNUwjvIqC5UgdY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 h1:ieRzyHXypu5ByllM7Sp4hC5f/1Fy5wqxqY0yB85hC7s= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3/go.mod h1:O5ROz8jHiOAKAwx179v+7sHMhfobFVi6nZt8DEyiYoM= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.3 h1:SE/e52dq9a05RuxzLcjT+S5ZpQobj3ie3UTaSf2NnZc= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.3/go.mod h1:zkpvBTsR020VVr8TOrwK2TrUW9pOir28sH5ECHpnAfo= +github.com/aws/aws-sdk-go-v2/service/s3 v1.87.0 h1:egoDf+Geuuntmw79Mz6mk9gGmELCPzg5PFEABOHB+6Y= +github.com/aws/aws-sdk-go-v2/service/s3 v1.87.0/go.mod h1:t9MDi29H+HDbkolTSQtbI0HP9DemAWQzUjmWC7LGMnE= +github.com/aws/aws-sdk-go-v2/service/sso v1.28.0 h1:Mc/MKBf2m4VynyJkABoVEN+QzkfLqGj0aiJuEe7cMeM= +github.com/aws/aws-sdk-go-v2/service/sso v1.28.0/go.mod h1:iS5OmxEcN4QIPXARGhavH7S8kETNL11kym6jhoS7IUQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.0 h1:6csaS/aJmqZQbKhi1EyEMM7yBW653Wy/B9hnBofW+sw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.0/go.mod h1:59qHWaY5B+Rs7HGTuVGaC32m0rdpQ68N8QCN3khYiqs= +github.com/aws/aws-sdk-go-v2/service/sts v1.37.0 h1:MG9VFW43M4A8BYeAfaJJZWrroinxeTi2r3+SnmLQfSA= +github.com/aws/aws-sdk-go-v2/service/sts v1.37.0/go.mod h1:JdeBDPgpJfuS6rU/hNglmOigKhyEZtBmbraLE4GK1J8= +github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw= +github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= @@ -39,16 +77,16 @@ github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRcc github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= -github.com/containers/common v0.64.0 h1:Jdjq1e5tqrLov9tcAVc/AfvQCgX4krhcfDBgOXwrSfw= -github.com/containers/common v0.64.0/go.mod h1:bq2UIiFP8vUJdgM+WN8E8jkD7wF69SpDRGzU7epJljg= -github.com/containers/image/v5 v5.36.0 h1:Zh+xFcLjRmicnOT5AFPHH/xj+e3s9ojDN/9X2Kx1+Jo= -github.com/containers/image/v5 v5.36.0/go.mod h1:VZ6cyDHbxZoOt4dklUJ+WNEH9FrgSgfH3qUBYKFlcT0= +github.com/containers/common v0.64.1 h1:E8vSiL+B84/UCsyVSb70GoxY9cu+0bseLujm4EKF6GE= +github.com/containers/common v0.64.1/go.mod h1:CtfQNHoCAZqWeXMwdShcsxmMJSeGRgKKMqAwRKmWrHE= +github.com/containers/image/v5 v5.36.1 h1:6zpXBqR59UcAzoKpa/By5XekeqFV+htWYfr65+Cgjqo= +github.com/containers/image/v5 v5.36.1/go.mod h1:b4GMKH2z/5t6/09utbse2ZiLK/c72GuGLFdp7K69eA4= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.2.1 h1:0qIOTT9DoYwcKmxSt8QJt+VzMY18onl9jUXsxpVhSmM= github.com/containers/ocicrypt v1.2.1/go.mod h1:aD0AAqfMp0MtwqWgHM1bUwe1anx0VazI108CRrSKINQ= -github.com/containers/storage v1.59.0 h1:r2pYSTzQpJTROZbjJQ54Z0GT+rUC6+wHzlSY8yPjsXk= -github.com/containers/storage v1.59.0/go.mod h1:KoAYHnAjP3/cTsRS+mmWZGkufSY2GACiKQ4V3ZLQnR0= +github.com/containers/storage v1.59.1 h1:11Zu68MXsEQGBBd+GadPrHPpWeqjKS8hJDGiAHgIqDs= +github.com/containers/storage v1.59.1/go.mod h1:KoAYHnAjP3/cTsRS+mmWZGkufSY2GACiKQ4V3ZLQnR0= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= @@ -144,10 +182,6 @@ github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKe github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY= -github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -184,8 +218,8 @@ github.com/moby/sys/capability v0.4.0 h1:4D4mI6KlNtWMCM1Z/K0i7RV1FkX+DBDHKVJpCnd github.com/moby/sys/capability v0.4.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I= github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= -github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= -github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= +github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= +github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs= github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= @@ -207,12 +241,12 @@ github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= -github.com/osbuild/blueprint v1.11.0 h1:Crqt+RRSE84JOoajzTIGrQaXXxnAgGUCDYe3nump54g= -github.com/osbuild/blueprint v1.11.0/go.mod h1:uknOfX/bAoi+dbeNJj+uAir1T++/LVEtoY8HO3U7MiQ= +github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32WyuymA= +github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.168.0 h1:qPmm9d28Py8/TrfzzyCjHAOdcXG4//NbF1EO3I8NanA= -github.com/osbuild/images v0.168.0/go.mod h1:WwKRXlJ7ksVf5jLNpKk2XBRBoX/+/7jrojS2hCm2aDw= +github.com/osbuild/images v0.177.0 h1:oubjOaYmrI0STPnJmtxuDPNRQmV2nR9JI0g42u+yShw= +github.com/osbuild/images v0.177.0/go.mod h1:7CfDwGb8YA4erIzvMnqJysVpSu52i6l/f3h82usGPTg= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -315,8 +349,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= -golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= +golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= +golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 h1:9kj3STMvgqy3YA4VQXBrN7925ICMxD5wzMRcgA30588= golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= @@ -330,8 +364,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= -golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= +golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ= +golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -348,8 +382,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= -golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= +golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -380,8 +414,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= -golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= +golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -391,8 +425,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg= -golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= +golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4= +golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -402,8 +436,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= -golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= +golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= +golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -418,8 +452,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= -golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= +golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg= +golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -429,10 +463,10 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20250721164621-a45f3dfb1074 h1:mVXdvnmR3S3BQOqHECm9NGMjYiRtEvDYcqAqedTXY6s= -google.golang.org/genproto/googleapis/api v0.0.0-20250721164621-a45f3dfb1074/go.mod h1:vYFwMYFbmA8vl6Z/krj/h7+U/AqpHknwJX4Uqgfyc7I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250721164621-a45f3dfb1074 h1:qJW29YvkiJmXOYMu5Tf8lyrTp3dOS+K4z6IixtLaCf8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250721164621-a45f3dfb1074/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b h1:ULiyYQ0FdsJhwwZUwbaXpZF5yUE3h+RA+gxvBu37ucc= +google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:oDOGiMSXHL4sDTJvFvIB9nRQCGdLP1o/iVaqQK8zB+M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b h1:zPKJod4w6F1+nRGDI9ubnXYhU9NSWoFAijkHkUXeTK8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= @@ -449,16 +483,13 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= +google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= From 96ccef3994c540668e593b0052db919dd991ddcc Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 20 Aug 2025 08:31:58 +0200 Subject: [PATCH 115/254] image: update blueprint import path We no longer ship the blueprint package inside the images library but its now part of its own "blueprint" library. --- bib/cmd/bootc-image-builder/image.go | 3 +-- bib/cmd/bootc-image-builder/image_test.go | 2 +- bib/cmd/bootc-image-builder/main_test.go | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 03942aace..6d50f0498 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -11,9 +11,9 @@ import ( "strconv" "strings" + "github.com/osbuild/blueprint/pkg/blueprint" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/bib/osinfo" - "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/customizations/anaconda" "github.com/osbuild/images/pkg/customizations/kickstart" @@ -419,7 +419,6 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest }, } } - if kopts := customizations.GetKernel(); kopts != nil && kopts.Append != "" { img.OSCustomizations.KernelOptionsAppend = append(img.OSCustomizations.KernelOptionsAppend, kopts.Append) diff --git a/bib/cmd/bootc-image-builder/image_test.go b/bib/cmd/bootc-image-builder/image_test.go index f49e03865..acdf2f3cd 100644 --- a/bib/cmd/bootc-image-builder/image_test.go +++ b/bib/cmd/bootc-image-builder/image_test.go @@ -7,8 +7,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/osbuild/blueprint/pkg/blueprint" "github.com/osbuild/images/pkg/arch" - "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/datasizes" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/manifest" diff --git a/bib/cmd/bootc-image-builder/main_test.go b/bib/cmd/bootc-image-builder/main_test.go index b910da079..21bbd940c 100644 --- a/bib/cmd/bootc-image-builder/main_test.go +++ b/bib/cmd/bootc-image-builder/main_test.go @@ -14,9 +14,9 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/osbuild/blueprint/pkg/blueprint" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/bib/osinfo" - "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/dnfjson" "github.com/osbuild/images/pkg/manifest" From 7de3e8b3384e5dc1f386632fbd2fea1a08468ef5 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 20 Aug 2025 08:34:38 +0200 Subject: [PATCH 116/254] main: update for v0.177 API changes This includes: - disk.ParitioningMode->parition.PartitioningMode - anaconda.AdditionalModules -> anaconda.EnabledModules - use of new InstallerCustomizations - aws uploader needs arch.Arch --- bib/cmd/bootc-image-builder/image.go | 23 ++++++++++++----------- bib/cmd/bootc-image-builder/image_test.go | 21 +++++++++++---------- bib/cmd/bootc-image-builder/main.go | 6 +++++- 3 files changed, 28 insertions(+), 22 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 6d50f0498..678e76f7b 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -19,6 +19,7 @@ import ( "github.com/osbuild/images/pkg/customizations/kickstart" "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/disk" + "github.com/osbuild/images/pkg/disk/partition" "github.com/osbuild/images/pkg/image" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/osbuild" @@ -132,10 +133,10 @@ func checkMountpoints(filesystems []blueprint.FilesystemCustomization, policy *p return nil } -func checkFilesystemCustomizations(fsCustomizations []blueprint.FilesystemCustomization, ptmode disk.PartitioningMode) error { +func checkFilesystemCustomizations(fsCustomizations []blueprint.FilesystemCustomization, ptmode partition.PartitioningMode) error { var policy *pathpolicy.PathPolicies switch ptmode { - case disk.BtrfsPartitioningMode: + case partition.BtrfsPartitioningMode: // btrfs subvolumes are not supported at build time yet, so we only // allow / and /boot to be customized when building a btrfs disk (the // minimal policy) @@ -327,9 +328,9 @@ func genPartitionTableFsCust(c *ManifestConfig, fsCust []blueprint.FilesystemCus return nil, fmt.Errorf("pipelines: no partition tables defined for %s", c.Architecture) } - partitioningMode := disk.RawPartitioningMode + partitioningMode := partition.RawPartitioningMode if c.RootFSType == "btrfs" { - partitioningMode = disk.BtrfsPartitioningMode + partitioningMode = partition.BtrfsPartitioningMode } if err := checkFilesystemCustomizations(fsCust, partitioningMode); err != nil { return nil, err @@ -523,7 +524,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro if c.Config != nil { customizations = c.Config.Customizations } - img.FIPS = customizations.GetFIPS() + img.InstallerCustomizations.FIPS = customizations.GetFIPS() img.Kickstart, err = kickstart.New(customizations) if err != nil { return nil, err @@ -539,10 +540,10 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro return nil, err } if instCust != nil && instCust.Modules != nil { - img.AdditionalAnacondaModules = append(img.AdditionalAnacondaModules, instCust.Modules.Enable...) - img.DisabledAnacondaModules = append(img.DisabledAnacondaModules, instCust.Modules.Disable...) + img.InstallerCustomizations.EnabledAnacondaModules = append(img.InstallerCustomizations.EnabledAnacondaModules, instCust.Modules.Enable...) + img.InstallerCustomizations.DisabledAnacondaModules = append(img.InstallerCustomizations.DisabledAnacondaModules, instCust.Modules.Disable...) } - img.AdditionalAnacondaModules = append(img.AdditionalAnacondaModules, + img.InstallerCustomizations.EnabledAnacondaModules = append(img.InstallerCustomizations.EnabledAnacondaModules, anaconda.ModuleUsers, anaconda.ModuleServices, anaconda.ModuleSecurity, @@ -551,7 +552,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro img.Kickstart.OSTree = &kickstart.OSTree{ OSName: "default", } - img.UseRHELLoraxTemplates = needsRHELLoraxTemplates(c.SourceInfo.OSRelease) + img.InstallerCustomizations.UseRHELLoraxTemplates = needsRHELLoraxTemplates(c.SourceInfo.OSRelease) switch c.Architecture { case arch.ARCH_X86_64: @@ -562,7 +563,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro BIOS: true, UEFIVendor: c.SourceInfo.UEFIVendor, } - img.ISOBoot = manifest.Grub2ISOBoot + img.InstallerCustomizations.ISOBoot = manifest.Grub2ISOBoot case arch.ARCH_AARCH64: // aarch64 always uses UEFI, so let's enforce the vendor if c.SourceInfo.UEFIVendor == "" { @@ -599,7 +600,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro return nil, fmt.Errorf("unsupported architecture %v", c.Architecture) } // see https://github.com/osbuild/bootc-image-builder/issues/733 - img.RootfsType = manifest.SquashfsRootfs + img.InstallerCustomizations.ISORootfsType = manifest.SquashfsRootfs img.Filename = "install.iso" installRootfsType, err := disk.NewFSType(c.RootFSType) diff --git a/bib/cmd/bootc-image-builder/image_test.go b/bib/cmd/bootc-image-builder/image_test.go index acdf2f3cd..acddc18fe 100644 --- a/bib/cmd/bootc-image-builder/image_test.go +++ b/bib/cmd/bootc-image-builder/image_test.go @@ -11,6 +11,7 @@ import ( "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/datasizes" "github.com/osbuild/images/pkg/disk" + "github.com/osbuild/images/pkg/disk/partition" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/runner" @@ -64,7 +65,7 @@ func TestGetDistroAndRunner(t *testing.T) { func TestCheckFilesystemCustomizationsValidates(t *testing.T) { for _, tc := range []struct { fsCust []blueprint.FilesystemCustomization - ptmode disk.PartitioningMode + ptmode partition.PartitioningMode expectedErr string }{ // happy @@ -74,21 +75,21 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { }, { fsCust: []blueprint.FilesystemCustomization{}, - ptmode: disk.BtrfsPartitioningMode, + ptmode: partition.BtrfsPartitioningMode, expectedErr: "", }, { fsCust: []blueprint.FilesystemCustomization{ {Mountpoint: "/"}, {Mountpoint: "/boot"}, }, - ptmode: disk.RawPartitioningMode, + ptmode: partition.RawPartitioningMode, expectedErr: "", }, { fsCust: []blueprint.FilesystemCustomization{ {Mountpoint: "/"}, {Mountpoint: "/boot"}, }, - ptmode: disk.BtrfsPartitioningMode, + ptmode: partition.BtrfsPartitioningMode, expectedErr: "", }, { @@ -106,7 +107,7 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { {Mountpoint: "/"}, {Mountpoint: "/ostree"}, }, - ptmode: disk.RawPartitioningMode, + ptmode: partition.RawPartitioningMode, expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/ostree\" is not allowed", }, { @@ -114,7 +115,7 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { {Mountpoint: "/"}, {Mountpoint: "/var"}, }, - ptmode: disk.RawPartitioningMode, + ptmode: partition.RawPartitioningMode, expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/var\" is not allowed", }, { @@ -122,7 +123,7 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { {Mountpoint: "/"}, {Mountpoint: "/var/data"}, }, - ptmode: disk.BtrfsPartitioningMode, + ptmode: partition.BtrfsPartitioningMode, expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/var/data\" is not allowed", }, { @@ -130,7 +131,7 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { {Mountpoint: "/"}, {Mountpoint: "/boot/"}, }, - ptmode: disk.BtrfsPartitioningMode, + ptmode: partition.BtrfsPartitioningMode, expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/boot/\" must be canonical", }, { @@ -139,7 +140,7 @@ func TestCheckFilesystemCustomizationsValidates(t *testing.T) { {Mountpoint: "/boot/"}, {Mountpoint: "/opt"}, }, - ptmode: disk.BtrfsPartitioningMode, + ptmode: partition.BtrfsPartitioningMode, expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/boot/\" must be canonical\npath \"/opt\" is not allowed", }, } { @@ -202,7 +203,7 @@ func TestLocalMountpointPolicy(t *testing.T) { for _, tc := range testCases { t.Run(tc.path, func(t *testing.T) { - err := bib.CheckFilesystemCustomizations([]blueprint.FilesystemCustomization{{Mountpoint: tc.path}}, disk.RawPartitioningMode) + err := bib.CheckFilesystemCustomizations([]blueprint.FilesystemCustomization{{Mountpoint: tc.path}}, partition.RawPartitioningMode) if err != nil && tc.allowed { t.Errorf("expected %s to be allowed, but got error: %v", tc.path, err) } else if err == nil && !tc.allowed { diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 2c9b17ccd..097f26b07 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -379,13 +379,17 @@ func handleAWSFlags(cmd *cobra.Command) (cloud.Uploader, error) { } bucketName, _ := cmd.Flags().GetString("aws-bucket") imageName, _ := cmd.Flags().GetString("aws-ami-name") - targetArch, _ := cmd.Flags().GetString("target-arch") + targetArchStr, _ := cmd.Flags().GetString("target-arch") if !slices.Contains(imgTypes, "ami") { return nil, fmt.Errorf("aws flags set for non-ami image type (type is set to %s)", strings.Join(imgTypes, ",")) } // check as many permission prerequisites as possible before starting + targetArch, err := arch.FromString(targetArchStr) + if err != nil { + return nil, err + } uploaderOpts := &awscloud.UploaderOptions{ TargetArch: targetArch, } From 4cc5b96b3a6b134d04d0ef771693a2fb8c47b713 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 20 Aug 2025 08:50:18 +0200 Subject: [PATCH 117/254] bib: enable anaconda Module{Network,Payload,Runtime,Storage} Previously images [0] would take `AdditionalAnacondaModules`, i.e. we had a set of defaults in code with - anaconda.ModuleNetwork - anaconda.ModulePayloads - anaconda.ModuleRuntime - anaconda.ModuleStorage enabled by default. With the PR landed there are no longer default so we need to update our code to include those in the list of EnabledAnacondaModules. [0] Before https://github.com/osbuild/images/pull/1737/ --- bib/cmd/bootc-image-builder/image.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 678e76f7b..7a91f2039 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -547,6 +547,11 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro anaconda.ModuleUsers, anaconda.ModuleServices, anaconda.ModuleSecurity, + // XXX: get from the imagedefs + anaconda.ModuleNetwork, + anaconda.ModulePayloads, + anaconda.ModuleRuntime, + anaconda.ModuleStorage, ) img.Kickstart.OSTree = &kickstart.OSTree{ From 2da427a5651ccdc25e4a631614b7d3b9a9c541e9 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 20 Aug 2025 09:21:47 +0200 Subject: [PATCH 118/254] upload: update for awscloud API change --- bib/cmd/upload/main.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/bib/cmd/upload/main.go b/bib/cmd/upload/main.go index d97d9981b..c75df5bbd 100644 --- a/bib/cmd/upload/main.go +++ b/bib/cmd/upload/main.go @@ -7,6 +7,7 @@ import ( "github.com/sirupsen/logrus" "github.com/spf13/cobra" + "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/cloud/awscloud" ) @@ -29,9 +30,11 @@ func uploadAMI(cmd *cobra.Command, args []string) { check(err) imageName, err := flags.GetString("ami-name") check(err) - targetArch, err := flags.GetString("target-arch") + targetArchStr, err := flags.GetString("target-arch") check(err) + targetArch, err := arch.FromString(targetArchStr) + check(err) opts := &awscloud.UploaderOptions{ TargetArch: targetArch, } From 99dade575ed666ea93c92f59db008e5ccb3fb080 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Aug 2025 05:58:42 +0000 Subject: [PATCH 119/254] build(deps): bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- .github/workflows/testingfarm-unit.yml | 2 +- .github/workflows/testingfarm.yml | 2 +- .github/workflows/tests.yml | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 43de0729f..50a96ba78 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Build image uses: redhat-actions/buildah-build@v2 diff --git a/.github/workflows/testingfarm-unit.yml b/.github/workflows/testingfarm-unit.yml index f04183fc3..9863fae8f 100644 --- a/.github/workflows/testingfarm-unit.yml +++ b/.github/workflows/testingfarm-unit.yml @@ -27,7 +27,7 @@ jobs: echo "Job originally triggered by ${{ github.actor }}" exit 1 - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.sha }} - name: Run the tests diff --git a/.github/workflows/testingfarm.yml b/.github/workflows/testingfarm.yml index 5fcf06897..9c04193a8 100644 --- a/.github/workflows/testingfarm.yml +++ b/.github/workflows/testingfarm.yml @@ -44,7 +44,7 @@ jobs: echo "Job originally triggered by ${{ github.actor }}" exit 1 - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.sha }} - name: Run the tests diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 844e89eb7..4c47ee729 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -30,7 +30,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.sha }} @@ -59,7 +59,7 @@ jobs: name: "🐚 Shellcheck" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.sha }} - name: Run ShellCheck @@ -77,7 +77,7 @@ jobs: test_files: ${{ steps.collect.outputs.test_files }} steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.sha }} - name: Collect test files @@ -96,7 +96,7 @@ jobs: matrix: test_file: ${{ fromJson(needs.collect_tests.outputs.test_files) }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.sha }} - name: Setup up python From 542557e14e3d85f374fa20da4fdeaef7cad82dd7 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 25 Aug 2025 09:31:10 +0200 Subject: [PATCH 120/254] test: re-enable the fedora 42 iso test We had this test disabled for a while because the mirror situation was not very stable. With librepo by default and some time having passed we should try it again. --- test/testcases.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/testcases.py b/test/testcases.py index 21c537674..e48755e34 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -96,9 +96,7 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements return [TestCaseC9S(image="ami"), TestCaseFedora(image="ami")] if what == "anaconda-iso": return [ - # 2024-12-19: disabled for now until the mirror situation becomes - # a bit more stable - # TestCaseFedora(image="anaconda-iso", sign=True), + TestCaseFedora(image="anaconda-iso", sign=True), # 2025-08-21: disabled because of https://issues.redhat.com/browse/RHEL-109635 # TestCaseC9S(image="anaconda-iso"), TestCaseC10S(image="anaconda-iso"), From 3c842b26092a360a9de0f391529717587a919345 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 25 Aug 2025 12:46:05 +0200 Subject: [PATCH 121/254] test: update test_iso_manifest_smoke to include rootfs Include the testcase rootfs in the `test_iso_manifest_smoke` test. This allows us to smoke test fedora ISOs that do not have a hardcoded rootfs. --- test/test_manifest.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/test_manifest.py b/test/test_manifest.py index bf275401f..91b99b861 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -58,7 +58,9 @@ def test_iso_manifest_smoke(build_container, tc): *testutil.podman_run_common, build_container, "manifest", - "--type=anaconda-iso", f"{tc.container_ref}", + *tc.bib_rootfs_args(), + "--type=anaconda-iso", + f"{tc.container_ref}", ]) manifest = json.loads(output) # just some basic validation From f01168cddff8c421d7da3ab2e0e7b397084eb64e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 25 Aug 2025 12:51:26 +0200 Subject: [PATCH 122/254] bib: fix AWS upload with empty target-arch This commit fixes the issue that with an unset --target-arch the code will try to convert an empty string to an arch.Arch which then fails. This is a regression from https://github.com/osbuild/bootc-image-builder/pull/1017 that was not caught. Closes: https://github.com/osbuild/bootc-image-builder/issues/1029 --- bib/cmd/bootc-image-builder/main.go | 10 +++++++--- bib/cmd/upload/main.go | 8 ++++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 097f26b07..db1ee508d 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -386,9 +386,13 @@ func handleAWSFlags(cmd *cobra.Command) (cloud.Uploader, error) { } // check as many permission prerequisites as possible before starting - targetArch, err := arch.FromString(targetArchStr) - if err != nil { - return nil, err + targetArch := arch.Current() + if targetArchStr != "" { + var err error + targetArch, err = arch.FromString(targetArchStr) + if err != nil { + return nil, err + } } uploaderOpts := &awscloud.UploaderOptions{ TargetArch: targetArch, diff --git a/bib/cmd/upload/main.go b/bib/cmd/upload/main.go index c75df5bbd..c0b25f5e1 100644 --- a/bib/cmd/upload/main.go +++ b/bib/cmd/upload/main.go @@ -33,8 +33,12 @@ func uploadAMI(cmd *cobra.Command, args []string) { targetArchStr, err := flags.GetString("target-arch") check(err) - targetArch, err := arch.FromString(targetArchStr) - check(err) + targetArch := arch.Current() + if targetArchStr != "" { + var err error + targetArch, err = arch.FromString(targetArchStr) + check(err) + } opts := &awscloud.UploaderOptions{ TargetArch: targetArch, } From 80cccd20f8b5cccebd96e7f8fe6f7f9e587bfb4c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 25 Aug 2025 15:11:10 +0200 Subject: [PATCH 123/254] go.mod: update for images v0.179.0 --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index c9d151544..c06261ddd 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -7,7 +7,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.13.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.177.0 + github.com/osbuild/images v0.179.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 diff --git a/bib/go.sum b/bib/go.sum index e657f4918..f8e4ed121 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,8 +245,8 @@ github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32Wyu github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.177.0 h1:oubjOaYmrI0STPnJmtxuDPNRQmV2nR9JI0g42u+yShw= -github.com/osbuild/images v0.177.0/go.mod h1:7CfDwGb8YA4erIzvMnqJysVpSu52i6l/f3h82usGPTg= +github.com/osbuild/images v0.179.0 h1:E0CkI/UVuiVmgq0BIhzanjaOkf4auFSSDNXiy9jwDl4= +github.com/osbuild/images v0.179.0/go.mod h1:7CfDwGb8YA4erIzvMnqJysVpSu52i6l/f3h82usGPTg= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From e9bc3214ac96076c7f05b77713873040144cfa11 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 25 Aug 2025 15:33:10 +0200 Subject: [PATCH 124/254] bib: move bib to new platform.Data{} In images https://github.com/osbuild/images/pull/1739 we dropped the hardcoded platforms. Bib needs to follow suite and this commit does it now. --- bib/cmd/bootc-image-builder/image.go | 80 +++++++--------------------- 1 file changed, 18 insertions(+), 62 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 7a91f2039..8ea203191 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -385,40 +385,18 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest "console=ttyS0", } + img.Platform = &platform.Data{ + Arch: c.Architecture, + UEFIVendor: c.SourceInfo.UEFIVendor, + QCOW2Compat: "1.1", + } switch c.Architecture { case arch.ARCH_X86_64: - img.Platform = &platform.X86{ - BasePlatform: platform.BasePlatform{}, - BIOS: true, - } - case arch.ARCH_AARCH64: - img.Platform = &platform.Aarch64{ - UEFIVendor: "fedora", - BasePlatform: platform.BasePlatform{ - QCOW2Compat: "1.1", - }, - } - case arch.ARCH_S390X: - img.Platform = &platform.S390X{ - BasePlatform: platform.BasePlatform{ - QCOW2Compat: "1.1", - }, - Zipl: true, - } + img.Platform.(*platform.Data).BIOSPlatform = "i386-pc" case arch.ARCH_PPC64LE: - img.Platform = &platform.PPC64LE{ - BasePlatform: platform.BasePlatform{ - QCOW2Compat: "1.1", - }, - BIOS: true, - } - case arch.ARCH_RISCV64: - img.Platform = &platform.RISCV64{ - UEFIVendor: "fedora", - BasePlatform: platform.BasePlatform{ - QCOW2Compat: "1.1", - }, - } + img.Platform.(*platform.Data).BIOSPlatform = "powerpc-ieee1275" + case arch.ARCH_S390X: + img.Platform.(*platform.Data).ZiplSupport = true } if kopts := customizations.GetKernel(); kopts != nil && kopts.Append != "" { @@ -559,48 +537,26 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro } img.InstallerCustomizations.UseRHELLoraxTemplates = needsRHELLoraxTemplates(c.SourceInfo.OSRelease) + img.Platform = &platform.Data{ + Arch: c.Architecture, + ImageFormat: platform.FORMAT_ISO, + UEFIVendor: c.SourceInfo.UEFIVendor, + } switch c.Architecture { case arch.ARCH_X86_64: - img.Platform = &platform.X86{ - BasePlatform: platform.BasePlatform{ - ImageFormat: platform.FORMAT_ISO, - }, - BIOS: true, - UEFIVendor: c.SourceInfo.UEFIVendor, - } + img.Platform.(*platform.Data).BIOSPlatform = "i386-pc" img.InstallerCustomizations.ISOBoot = manifest.Grub2ISOBoot case arch.ARCH_AARCH64: // aarch64 always uses UEFI, so let's enforce the vendor if c.SourceInfo.UEFIVendor == "" { return nil, fmt.Errorf("UEFI vendor must be set for aarch64 ISO") } - img.Platform = &platform.Aarch64{ - BasePlatform: platform.BasePlatform{ - ImageFormat: platform.FORMAT_ISO, - }, - UEFIVendor: c.SourceInfo.UEFIVendor, - } case arch.ARCH_S390X: - img.Platform = &platform.S390X{ - Zipl: true, - BasePlatform: platform.BasePlatform{ - ImageFormat: platform.FORMAT_ISO, - }, - } + img.Platform.(*platform.Data).ZiplSupport = true case arch.ARCH_PPC64LE: - img.Platform = &platform.PPC64LE{ - BIOS: true, - BasePlatform: platform.BasePlatform{ - ImageFormat: platform.FORMAT_ISO, - }, - } + img.Platform.(*platform.Data).BIOSPlatform = "powerpc-ieee1275" case arch.ARCH_RISCV64: - img.Platform = &platform.RISCV64{ - BasePlatform: platform.BasePlatform{ - ImageFormat: platform.FORMAT_ISO, - }, - UEFIVendor: c.SourceInfo.UEFIVendor, - } + // nothing special needed default: return nil, fmt.Errorf("unsupported architecture %v", c.Architecture) } From 63a91ef167c8bd2e4f0bf6db2a2b6e3c90821de2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Aug 2025 18:46:04 +0000 Subject: [PATCH 125/254] build(deps): bump the go-deps group across 1 directory with 2 updates Bumps the go-deps group with 2 updates in the /bib directory: [github.com/osbuild/images](https://github.com/osbuild/images) and [github.com/stretchr/testify](https://github.com/stretchr/testify). Updates `github.com/osbuild/images` from 0.177.0 to 0.178.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.177.0...v0.178.0) Updates `github.com/stretchr/testify` from 1.10.0 to 1.11.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.10.0...v1.11.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.178.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/stretchr/testify dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 40 +++++++++++++-------------- bib/go.sum | 80 +++++++++++++++++++++++++++--------------------------- 2 files changed, 60 insertions(+), 60 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index c06261ddd..4a1cda27b 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -7,11 +7,11 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.13.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.179.0 + github.com/osbuild/images v0.180.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 - github.com/stretchr/testify v1.10.0 + github.com/stretchr/testify v1.11.0 golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 gopkg.in/yaml.v3 v3.0.1 ) @@ -23,25 +23,25 @@ require ( github.com/Microsoft/hcsshim v0.13.0 // indirect github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect - github.com/aws/aws-sdk-go-v2 v1.38.0 // indirect + github.com/aws/aws-sdk-go-v2 v1.38.1 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 // indirect - github.com/aws/aws-sdk-go-v2/config v1.31.0 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.18.4 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 // indirect - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.18.4 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3 // indirect + github.com/aws/aws-sdk-go-v2/config v1.31.2 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.18.6 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4 // indirect + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.0 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.4 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.4 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.3 // indirect - github.com/aws/aws-sdk-go-v2/service/ec2 v1.244.0 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.4 // indirect + github.com/aws/aws-sdk-go-v2/service/ec2 v1.245.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.3 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.87.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.28.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.37.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.4 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.87.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 // indirect github.com/aws/smithy-go v1.22.5 // indirect github.com/containerd/cgroups/v3 v3.0.5 // indirect github.com/containerd/errdefs v1.0.0 // indirect @@ -127,8 +127,8 @@ require ( golang.org/x/sys v0.35.0 // indirect golang.org/x/term v0.34.0 // indirect golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect google.golang.org/grpc v1.74.2 // indirect google.golang.org/protobuf v1.36.7 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index f8e4ed121..ac6b499f8 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -14,44 +14,44 @@ github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1o github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= -github.com/aws/aws-sdk-go-v2 v1.38.0 h1:UCRQ5mlqcFk9HJDIqENSLR3wiG1VTWlyUfLDEvY7RxU= -github.com/aws/aws-sdk-go-v2 v1.38.0/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg= +github.com/aws/aws-sdk-go-v2 v1.38.1 h1:j7sc33amE74Rz0M/PoCpsZQ6OunLqys/m5antM0J+Z8= +github.com/aws/aws-sdk-go-v2 v1.38.1/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 h1:6GMWV6CNpA/6fbFHnoAjrv4+LGfyTqZz2LtCHnspgDg= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0/go.mod h1:/mXlTIVG9jbxkqDnr5UQNQxW1HRYxeGklkM9vAFeabg= -github.com/aws/aws-sdk-go-v2/config v1.31.0 h1:9yH0xiY5fUnVNLRWO0AtayqwU1ndriZdN78LlhruJR4= -github.com/aws/aws-sdk-go-v2/config v1.31.0/go.mod h1:VeV3K72nXnhbe4EuxxhzsDc/ByrCSlZwUnWH52Nde/I= -github.com/aws/aws-sdk-go-v2/credentials v1.18.4 h1:IPd0Algf1b+Qy9BcDp0sCUcIWdCQPSzDoMK3a8pcbUM= -github.com/aws/aws-sdk-go-v2/credentials v1.18.4/go.mod h1:nwg78FjH2qvsRM1EVZlX9WuGUJOL5od+0qvm0adEzHk= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 h1:GicIdnekoJsjq9wqnvyi2elW6CGMSYKhdozE7/Svh78= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3/go.mod h1:R7BIi6WNC5mc1kfRM7XM/VHC3uRWkjc396sfabq4iOo= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.18.4 h1:0SzCLoPRSK3qSydsaFQWugP+lOBCTPwfcBOm6222+UA= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.18.4/go.mod h1:JAet9FsBHjfdI+TnMBX4ModNNaQHAd3dc/Bk+cNsxeM= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3 h1:o9RnO+YZ4X+kt5Z7Nvcishlz0nksIt2PIzDglLMP0vA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3/go.mod h1:+6aLJzOG1fvMOyzIySYjOFjcguGvVRL68R+uoRencN4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3 h1:joyyUFhiTQQmVK6ImzNU9TQSNRNeD9kOklqTzyk5v6s= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3/go.mod h1:+vNIyZQP3b3B1tSLI0lxvrU9cfM7gpdRXMFfm67ZcPc= +github.com/aws/aws-sdk-go-v2/config v1.31.2 h1:NOaSZpVGEH2Np/c1toSeW0jooNl+9ALmsUTZ8YvkJR0= +github.com/aws/aws-sdk-go-v2/config v1.31.2/go.mod h1:17ft42Yb2lF6OigqSYiDAiUcX4RIkEMY6XxEMJsrAes= +github.com/aws/aws-sdk-go-v2/credentials v1.18.6 h1:AmmvNEYrru7sYNJnp3pf57lGbiarX4T9qU/6AZ9SucU= +github.com/aws/aws-sdk-go-v2/credentials v1.18.6/go.mod h1:/jdQkh1iVPa01xndfECInp1v1Wnp70v3K4MvtlLGVEc= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4 h1:lpdMwTzmuDLkgW7086jE94HweHCqG+uOJwHf3LZs7T0= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4/go.mod h1:9xzb8/SV62W6gHQGC/8rrvgNXU6ZoYM3sAIJCIrXJxY= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.0 h1:2FFgK3oFA8PTNBjprLFfcmkgg7U9YuSimBvR64RUmiA= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.0/go.mod h1:xdxj6nC1aU/jAO80RIlIj3fU40MOSqutEA9N2XFct04= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.4 h1:IdCLsiiIj5YJ3AFevsewURCPV+YWUlOW8JiPhoAy8vg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.4/go.mod h1:l4bdfCD7XyyZA9BolKBo1eLqgaJxl0/x91PL4Yqe0ao= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.4 h1:j7vjtr1YIssWQOMeOWRbh3z8g2oY/xPjnZH2gLY4sGw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.4/go.mod h1:yDmJgqOiH4EA8Hndnv4KwAo8jCGTSnM5ASG1nBI+toA= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.3 h1:ZV2XK2L3HBq9sCKQiQ/MdhZJppH/rH0vddEAamsHUIs= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.3/go.mod h1:b9F9tk2HdHpbf3xbN7rUZcfmJI26N6NcJu/8OsBFI/0= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.244.0 h1:KfETrpt7yv2nkSrjOltgmKyAl8scbzYc4TFtZeoV6uc= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.244.0/go.mod h1:EeWmteKqZjaMj45MUmPET1SisFI+HkqWIRQoyjMivcc= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.4 h1:BE/MNQ86yzTINrfxPPFS86QCBNQeLKY2A0KhDh47+wI= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.4/go.mod h1:SPBBhkJxjcrzJBc+qY85e83MQ2q3qdra8fghhkkyrJg= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.245.2 h1:P94OfRObDwjklbvdJTGuRZXeGYF7Bv5NNUo+I628kKQ= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.245.2/go.mod h1:D8Wb993SJuFQ10Lp95Vod8VTpYjJz4v0LeW4rEI471c= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 h1:6+lZi2JeGKtCraAj1rpoZfKqnQ9SptseRZioejfUOLM= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0/go.mod h1:eb3gfbVIxIoGgJsi9pGne19dhCBpK6opTYpQqAmdy44= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.3 h1:3ZKmesYBaFX33czDl6mbrcHb6jeheg6LqjJhQdefhsY= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.3/go.mod h1:7ryVb78GLCnjq7cw45N6oUb9REl7/vNUwjvIqC5UgdY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 h1:ieRzyHXypu5ByllM7Sp4hC5f/1Fy5wqxqY0yB85hC7s= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3/go.mod h1:O5ROz8jHiOAKAwx179v+7sHMhfobFVi6nZt8DEyiYoM= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.3 h1:SE/e52dq9a05RuxzLcjT+S5ZpQobj3ie3UTaSf2NnZc= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.3/go.mod h1:zkpvBTsR020VVr8TOrwK2TrUW9pOir28sH5ECHpnAfo= -github.com/aws/aws-sdk-go-v2/service/s3 v1.87.0 h1:egoDf+Geuuntmw79Mz6mk9gGmELCPzg5PFEABOHB+6Y= -github.com/aws/aws-sdk-go-v2/service/s3 v1.87.0/go.mod h1:t9MDi29H+HDbkolTSQtbI0HP9DemAWQzUjmWC7LGMnE= -github.com/aws/aws-sdk-go-v2/service/sso v1.28.0 h1:Mc/MKBf2m4VynyJkABoVEN+QzkfLqGj0aiJuEe7cMeM= -github.com/aws/aws-sdk-go-v2/service/sso v1.28.0/go.mod h1:iS5OmxEcN4QIPXARGhavH7S8kETNL11kym6jhoS7IUQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.0 h1:6csaS/aJmqZQbKhi1EyEMM7yBW653Wy/B9hnBofW+sw= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.0/go.mod h1:59qHWaY5B+Rs7HGTuVGaC32m0rdpQ68N8QCN3khYiqs= -github.com/aws/aws-sdk-go-v2/service/sts v1.37.0 h1:MG9VFW43M4A8BYeAfaJJZWrroinxeTi2r3+SnmLQfSA= -github.com/aws/aws-sdk-go-v2/service/sts v1.37.0/go.mod h1:JdeBDPgpJfuS6rU/hNglmOigKhyEZtBmbraLE4GK1J8= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.4 h1:Beh9oVgtQnBgR4sKKzkUBRQpf1GnL4wt0l4s8h2VCJ0= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.4/go.mod h1:b17At0o8inygF+c6FOD3rNyYZufPw62o9XJbSfQPgbo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4 h1:ueB2Te0NacDMnaC+68za9jLwkjzxGWm0KB5HTUHjLTI= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4/go.mod h1:nLEfLnVMmLvyIG58/6gsSA03F1voKGaCfHV7+lR8S7s= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.4 h1:HVSeukL40rHclNcUqVcBwE1YoZhOkoLeBfhUqR3tjIU= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.4/go.mod h1:DnbBOv4FlIXHj2/xmrUQYtawRFC9L9ZmQPz+DBc6X5I= +github.com/aws/aws-sdk-go-v2/service/s3 v1.87.1 h1:2n6Pd67eJwAb/5KCX62/8RTU0aFAAW7V5XIGSghiHrw= +github.com/aws/aws-sdk-go-v2/service/s3 v1.87.1/go.mod h1:w5PC+6GHLkvMJKasYGVloB3TduOtROEMqm15HSuIbw4= +github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 h1:ve9dYBB8CfJGTFqcQ3ZLAAb/KXWgYlgu/2R2TZL2Ko0= +github.com/aws/aws-sdk-go-v2/service/sso v1.28.2/go.mod h1:n9bTZFZcBa9hGGqVz3i/a6+NG0zmZgtkB9qVVFDqPA8= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.2 h1:pd9G9HQaM6UZAZh19pYOkpKSQkyQQ9ftnl/LttQOcGI= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.2/go.mod h1:eknndR9rU8UpE/OmFpqU78V1EcXPKFTTm5l/buZYgvM= +github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 h1:iV1Ko4Em/lkJIsoKyGfc0nQySi+v0Udxr6Igq+y9JZc= +github.com/aws/aws-sdk-go-v2/service/sts v1.38.0/go.mod h1:bEPcjW7IbolPfK67G1nilqWyoxYMSPrDiIQ3RdIdKgo= github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw= github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -245,8 +245,8 @@ github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32Wyu github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.179.0 h1:E0CkI/UVuiVmgq0BIhzanjaOkf4auFSSDNXiy9jwDl4= -github.com/osbuild/images v0.179.0/go.mod h1:7CfDwGb8YA4erIzvMnqJysVpSu52i6l/f3h82usGPTg= +github.com/osbuild/images v0.180.0 h1:/gao9lYa9XVatuU/apI9rJbkpw/cbmmoNis5iStVDeU= +github.com/osbuild/images v0.180.0/go.mod h1:K3tFDIds0BrdV545Vm8Xm9jiwH6kRKh+RsWLkhlVjD0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -302,8 +302,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.0 h1:ib4sjIrwZKxE5u/Japgo/7SJV3PvgjGiRNAvTVGqQl8= +github.com/stretchr/testify v1.11.0/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/sylabs/sif/v2 v2.21.1 h1:GZ0b5//AFAqJEChd8wHV/uSKx/l1iuGYwjR8nx+4wPI= github.com/sylabs/sif/v2 v2.21.1/go.mod h1:YoqEGQnb5x/ItV653bawXHZJOXQaEWpGwHsSD3YePJI= github.com/tchap/go-patricia/v2 v2.3.3 h1:xfNEsODumaEcCcY3gI0hYPZ/PcpVv5ju6RMAhgwZDDc= @@ -463,10 +463,10 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b h1:ULiyYQ0FdsJhwwZUwbaXpZF5yUE3h+RA+gxvBu37ucc= -google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:oDOGiMSXHL4sDTJvFvIB9nRQCGdLP1o/iVaqQK8zB+M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b h1:zPKJod4w6F1+nRGDI9ubnXYhU9NSWoFAijkHkUXeTK8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= +google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= From 6461a64a8f8d24df98a9c16c6de78aa34f71ae0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Aug 2025 06:05:27 +0000 Subject: [PATCH 126/254] build(deps): bump github.com/stretchr/testify Bumps the go-deps group in /bib with 1 update: [github.com/stretchr/testify](https://github.com/stretchr/testify). Updates `github.com/stretchr/testify` from 1.11.0 to 1.11.1 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.11.0...v1.11.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-version: 1.11.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 4a1cda27b..192d1e07e 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -11,7 +11,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 - github.com/stretchr/testify v1.11.0 + github.com/stretchr/testify v1.11.1 golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 gopkg.in/yaml.v3 v3.0.1 ) diff --git a/bib/go.sum b/bib/go.sum index ac6b499f8..3cf7aed1a 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -302,8 +302,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.11.0 h1:ib4sjIrwZKxE5u/Japgo/7SJV3PvgjGiRNAvTVGqQl8= -github.com/stretchr/testify v1.11.0/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/sylabs/sif/v2 v2.21.1 h1:GZ0b5//AFAqJEChd8wHV/uSKx/l1iuGYwjR8nx+4wPI= github.com/sylabs/sif/v2 v2.21.1/go.mod h1:YoqEGQnb5x/ItV653bawXHZJOXQaEWpGwHsSD3YePJI= github.com/tchap/go-patricia/v2 v2.3.3 h1:xfNEsODumaEcCcY3gI0hYPZ/PcpVv5ju6RMAhgwZDDc= From 359860200816c18e1b8168fb637660a9743d91c0 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 21 Aug 2025 15:56:25 +0200 Subject: [PATCH 127/254] Write boot partition for aboot images If the target image contains an aboot.img, then we automatically write it to the A slot boot partition. --- bib/cmd/bootc-image-builder/image.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 8ea203191..8f31d6578 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -7,6 +7,7 @@ import ( "math" "math/big" "math/rand" + "path/filepath" "slices" "strconv" "strings" @@ -251,6 +252,28 @@ func genPartitionTable(c *ManifestConfig, customizations *blueprint.Customizatio } } + if c.SourceInfo != nil && c.SourceInfo.KernelInfo != nil && c.SourceInfo.KernelInfo.HasAbootImg { + idx := slices.IndexFunc(partitionTable.Partitions, func(part disk.Partition) bool { + // The aboot support in ostree supports both traditional android verified boot and + // ukiboot. For aboot, the partition is labeled "boot_a", as described in + // https://source.android.com/docs/core/ota/ab/ab_implement + // For ukibooot (https://gitlab.com/CentOS/automotive/src/ukiboot) the partition + // either has label ukiboot_a (GPT) or type 0x46 (MBR). + return part.Label == "boot_a" || part.Label == "ukiboot_a" || part.Type == "46" + }) + if idx >= 0 { + sourcePipeline := "build" + if c.BuildSourceInfo != nil { + sourcePipeline = "target" + } + + partitionTable.Partitions[idx].Payload = &disk.Raw{ + SourcePipeline: sourcePipeline, + SourcePath: filepath.Join("/usr/lib/modules/", c.SourceInfo.KernelInfo.Version, "aboot.img"), + } + } + } + return partitionTable, nil } From bee702b1d41ee31477bc477e7d992299a28c80da Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 27 Aug 2025 17:55:10 +0200 Subject: [PATCH 128/254] Add test for aboot support This adds a test that a write-device stage is correctly generated if the partition table contains the right partition and an aboot.img in the modules dir. --- test/test_manifest.py | 80 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 74 insertions(+), 6 deletions(-) diff --git a/test/test_manifest.py b/test/test_manifest.py index 91b99b861..347c64fe5 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -1,3 +1,5 @@ +# pylint: disable=too-many-lines + import base64 import hashlib import json @@ -651,7 +653,7 @@ def test_manifest_disk_customization_dos(tmp_path, build_container): build_container, "manifest", f"{container_ref}", ]) - st = find_sfdisk_stage_from(output) + st = find_stage_options_from(output, "org.osbuild.sfdisk") assert st["label"] == "dos" @@ -852,14 +854,14 @@ def test_manifest_customization_custom_file_smoke(tmp_path, build_container): ',"options":{"filename":"disk.raw"') in output -def find_sfdisk_stage_from(manifest_str): +def find_stage_options_from(manifest_str, stage_type): manifest = json.loads(manifest_str) for pipl in manifest["pipelines"]: if pipl["name"] == "image": for st in pipl["stages"]: - if st["type"] == "org.osbuild.sfdisk": + if st["type"] == stage_type: return st["options"] - raise ValueError(f"cannot find sfdisk stage manifest:\n{manifest_str}") + raise ValueError(f"cannot find {stage_type} stage manifest:\n{manifest_str}") def test_manifest_image_customize_filesystem(tmp_path, build_container): @@ -900,7 +902,7 @@ def test_manifest_image_customize_filesystem(tmp_path, build_container): "manifest", f"localhost/{container_tag}", ], encoding="utf8") - sfdisk_options = find_sfdisk_stage_from(manifest_str) + sfdisk_options = find_stage_options_from(manifest_str, "org.osbuild.sfdisk") assert sfdisk_options["partitions"][2]["size"] == 3 * 1024 * 1024 * 1024 / 512 @@ -946,5 +948,71 @@ def test_manifest_image_customize_disk(tmp_path, build_container): "manifest", f"localhost/{container_tag}", ], encoding="utf8") - sfdisk_options = find_sfdisk_stage_from(manifest_str) + sfdisk_options = find_stage_options_from(manifest_str, "org.osbuild.sfdisk") assert sfdisk_options["partitions"][2]["size"] == 3 * 1024 * 1024 * 1024 / 512 + + +def test_manifest_image_aboot(tmp_path, build_container): + # no need to parameterize this test, overrides behaves same for all containers + container_ref = "quay.io/centos-bootc/centos-bootc:stream9" + testutil.pull_container(container_ref) + + cfg = { + "blueprint": { + "customizations": { + "disk": { + "partitions": [ + { + "part_label": "ukiboot_a", + "part_uuid": "DF331E4D-BE00-463F-B4A7-8B43E18FB53A", + "fs_type": "none", + "minsize": "1 GiB", + }, + { + "part_label": "ukiboot_b", + "part_uuid": "DF331E4D-BE00-463F-B4A7-8B43E18FB53A", + "fs_type": "none", + "minsize": "1 GiB", + }, + { + "part_label": "ukibootctl", + "part_uuid": "FEFD9070-346F-4C9A-85E6-17F07F922773", + "fs_type": "none", + "minsize": "1 GiB", + }, + ], + }, + }, + }, + } + + config_json_path = tmp_path / "config.json" + config_json_path.write_text(json.dumps(cfg), encoding="utf-8") + + testdata_path = tmp_path / "testdata" + testdata_path.write_text("some test data", encoding="utf-8") + + # Create derived container with the custom partitioning with an aboot + # partition and a kernel module dir with an aboot.img file + cntf_path = tmp_path / "Containerfile" + cntf_path.write_text(textwrap.dedent(f"""\n + FROM {container_ref} + RUN mkdir -p -m 0755 /usr/lib/bootc-image-builder + COPY config.json /usr/lib/bootc-image-builder/ + RUN rm -rf /usr/lib/modules/* + RUN mkdir -p -m 0755 /usr/lib/modules/5.0-x86_64/ + COPY testdata /usr/lib/modules/5.0-x86_64/vmlinuz + COPY testdata /usr/lib/modules/5.0-x86_64/aboot.img + """), encoding="utf8") + + print(f"building filesystem customize container from {container_ref}") + with make_container(tmp_path) as container_tag: + print(f"using {container_tag}") + manifest_str = subprocess.check_output([ + *testutil.podman_run_common, + build_container, + "manifest", + f"localhost/{container_tag}", + ], encoding="utf8") + write_device_options = find_stage_options_from(manifest_str, "org.osbuild.write-device") + assert write_device_options["from"] == "input://tree/usr/lib/modules/5.0-x86_64/aboot.img" From 015f05fce7e5ffe78c2afd0569a23b60c30e63f0 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 3 Sep 2025 09:28:42 +0200 Subject: [PATCH 129/254] go.mod: update to v0.183.0 --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 192d1e07e..077681244 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -7,7 +7,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.13.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.180.0 + github.com/osbuild/images v0.183.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 diff --git a/bib/go.sum b/bib/go.sum index 3cf7aed1a..4b8d17221 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,8 +245,8 @@ github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32Wyu github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.180.0 h1:/gao9lYa9XVatuU/apI9rJbkpw/cbmmoNis5iStVDeU= -github.com/osbuild/images v0.180.0/go.mod h1:K3tFDIds0BrdV545Vm8Xm9jiwH6kRKh+RsWLkhlVjD0= +github.com/osbuild/images v0.183.0 h1:OGdtSKvZ8NL7ZnTp0Ud/BF8VhgfBtr50SedTn7Yp+Io= +github.com/osbuild/images v0.183.0/go.mod h1:qbGjthiOmiZr1xCJEYMHv5oPNXXcxkJyvj7dky4/ibw= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From 37bd6e7b2d013deeeeb453c4d3cb8d9790f99828 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 3 Sep 2025 09:33:20 +0200 Subject: [PATCH 130/254] bib: update to the images v0.183.0 API changes Some small API changes happend for images v0.183.0 version. Adjust bib to handle them (mostly mechanical). --- bib/cmd/bootc-image-builder/image.go | 98 ++++++++++++++-------------- 1 file changed, 50 insertions(+), 48 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 8f31d6578..df670c37d 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -391,7 +391,24 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest customizations = c.Config.Customizations } - img := image.NewBootcDiskImage(containerSource, buildContainerSource) + platform := &platform.Data{ + Arch: c.Architecture, + UEFIVendor: c.SourceInfo.UEFIVendor, + QCOW2Compat: "1.1", + } + switch c.Architecture { + case arch.ARCH_X86_64: + platform.BIOSPlatform = "i386-pc" + case arch.ARCH_PPC64LE: + platform.BIOSPlatform = "powerpc-ieee1275" + case arch.ARCH_S390X: + platform.ZiplSupport = true + } + // For the bootc-disk image, the filename is the basename and the extension + // is added automatically for each disk format + filename := "disk" + + img := image.NewBootcDiskImage(platform, filename, containerSource, buildContainerSource) img.OSCustomizations.Users = users.UsersFromBP(customizations.GetUsers()) img.OSCustomizations.Groups = users.GroupsFromBP(customizations.GetGroups()) img.OSCustomizations.SELinux = c.SourceInfo.SELinuxPolicy @@ -408,20 +425,6 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest "console=ttyS0", } - img.Platform = &platform.Data{ - Arch: c.Architecture, - UEFIVendor: c.SourceInfo.UEFIVendor, - QCOW2Compat: "1.1", - } - switch c.Architecture { - case arch.ARCH_X86_64: - img.Platform.(*platform.Data).BIOSPlatform = "i386-pc" - case arch.ARCH_PPC64LE: - img.Platform.(*platform.Data).BIOSPlatform = "powerpc-ieee1275" - case arch.ARCH_S390X: - img.Platform.(*platform.Data).ZiplSupport = true - } - if kopts := customizations.GetKernel(); kopts != nil && kopts.Append != "" { img.OSCustomizations.KernelOptionsAppend = append(img.OSCustomizations.KernelOptionsAppend, kopts.Append) } @@ -453,10 +456,6 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest return nil, err } - // For the bootc-disk image, the filename is the basename and the extension - // is added automatically for each disk format - img.Filename = "disk" - mf := manifest.New() mf.Distro = manifest.DISTRO_FEDORA runner := &runner.Linux{} @@ -506,21 +505,48 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro Local: true, } + platform := &platform.Data{ + Arch: c.Architecture, + ImageFormat: platform.FORMAT_ISO, + UEFIVendor: c.SourceInfo.UEFIVendor, + } + switch c.Architecture { + case arch.ARCH_X86_64: + platform.BIOSPlatform = "i386-pc" + case arch.ARCH_AARCH64: + // aarch64 always uses UEFI, so let's enforce the vendor + if c.SourceInfo.UEFIVendor == "" { + return nil, fmt.Errorf("UEFI vendor must be set for aarch64 ISO") + } + case arch.ARCH_S390X: + platform.ZiplSupport = true + case arch.ARCH_PPC64LE: + platform.BIOSPlatform = "powerpc-ieee1275" + case arch.ARCH_RISCV64: + // nothing special needed + default: + return nil, fmt.Errorf("unsupported architecture %v", c.Architecture) + } + filename := "install.iso" + // The ref is not needed and will be removed from the ctor later // in time - img := image.NewAnacondaContainerInstaller(containerSource, "") + img := image.NewAnacondaContainerInstaller(platform, filename, containerSource, "") img.ContainerRemoveSignatures = true img.RootfsCompression = "zstd" - img.Product = c.SourceInfo.OSRelease.Name - img.OSVersion = c.SourceInfo.OSRelease.VersionID + if c.Architecture == arch.ARCH_X86_64 { + img.InstallerCustomizations.ISOBoot = manifest.Grub2ISOBoot + } + + img.InstallerCustomizations.Product = c.SourceInfo.OSRelease.Name + img.InstallerCustomizations.OSVersion = c.SourceInfo.OSRelease.VersionID + img.InstallerCustomizations.ISOLabel = labelForISO(&c.SourceInfo.OSRelease, &c.Architecture) img.ExtraBasePackages = rpmmd.PackageSet{ Include: imageDef.Packages, } - img.ISOLabel = labelForISO(&c.SourceInfo.OSRelease, &c.Architecture) - var customizations *blueprint.Customizations if c.Config != nil { customizations = c.Config.Customizations @@ -560,32 +586,8 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro } img.InstallerCustomizations.UseRHELLoraxTemplates = needsRHELLoraxTemplates(c.SourceInfo.OSRelease) - img.Platform = &platform.Data{ - Arch: c.Architecture, - ImageFormat: platform.FORMAT_ISO, - UEFIVendor: c.SourceInfo.UEFIVendor, - } - switch c.Architecture { - case arch.ARCH_X86_64: - img.Platform.(*platform.Data).BIOSPlatform = "i386-pc" - img.InstallerCustomizations.ISOBoot = manifest.Grub2ISOBoot - case arch.ARCH_AARCH64: - // aarch64 always uses UEFI, so let's enforce the vendor - if c.SourceInfo.UEFIVendor == "" { - return nil, fmt.Errorf("UEFI vendor must be set for aarch64 ISO") - } - case arch.ARCH_S390X: - img.Platform.(*platform.Data).ZiplSupport = true - case arch.ARCH_PPC64LE: - img.Platform.(*platform.Data).BIOSPlatform = "powerpc-ieee1275" - case arch.ARCH_RISCV64: - // nothing special needed - default: - return nil, fmt.Errorf("unsupported architecture %v", c.Architecture) - } // see https://github.com/osbuild/bootc-image-builder/issues/733 img.InstallerCustomizations.ISORootfsType = manifest.SquashfsRootfs - img.Filename = "install.iso" installRootfsType, err := disk.NewFSType(c.RootFSType) if err != nil { From 77724c4d2536c3b0c87e196151eadca7215d3f15 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Wed, 3 Sep 2025 15:33:34 +0200 Subject: [PATCH 131/254] github: add CODEOWNERS Add the osbuild-reviewers team as code owners for automatic review assignment. --- .github/CODEOWNERS | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 000000000..b74e40703 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,4 @@ +# These owners will be the default owners for everything in +# the repo. Unless a later match takes precedence. +* @osbuild/osbuild-reviewers + From ed1de079ded2a3223bdc2265515822b5c23ad23f Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sun, 7 Sep 2025 08:13:23 +0000 Subject: [PATCH 132/254] fix(deps): update github.com/osbuild/image-builder-cli digest to 481a120 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 4 ++-- bib/go.sum | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 077681244..323d4e2fb 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,7 +6,7 @@ require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.13.0 - github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 + github.com/osbuild/image-builder-cli v0.0.0-20250904233321-481a120c0bee github.com/osbuild/images v0.183.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 @@ -59,7 +59,7 @@ require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v28.3.2+incompatible // indirect + github.com/docker/docker v28.3.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.9.3 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index 4b8d17221..4f62aacd4 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -104,8 +104,8 @@ github.com/docker/cli v28.3.2+incompatible h1:mOt9fcLE7zaACbxW1GeS65RI67wIJrTnqS github.com/docker/cli v28.3.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v28.3.2+incompatible h1:wn66NJ6pWB1vBZIilP8G3qQPqHy5XymfYn5vsqeA5oA= -github.com/docker/docker v28.3.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI= +github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -243,8 +243,8 @@ github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplU github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32WyuymA= github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= -github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= -github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= +github.com/osbuild/image-builder-cli v0.0.0-20250904233321-481a120c0bee h1:aftsPyzos7hDky0bbzoHcSg4HGTRDmeWTw0zS3ou3HM= +github.com/osbuild/image-builder-cli v0.0.0-20250904233321-481a120c0bee/go.mod h1:Jep5i3xM9yY6S6BoYM+moMsh8viN4v8C2EqP7k6F/8k= github.com/osbuild/images v0.183.0 h1:OGdtSKvZ8NL7ZnTp0Ud/BF8VhgfBtr50SedTn7Yp+Io= github.com/osbuild/images v0.183.0/go.mod h1:qbGjthiOmiZr1xCJEYMHv5oPNXXcxkJyvj7dky4/ibw= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -254,8 +254,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/proglottis/gpgme v0.1.4 h1:3nE7YNA70o2aLjcg63tXMOhPD7bplfE5CBdV+hLAm2M= github.com/proglottis/gpgme v0.1.4/go.mod h1:5LoXMgpE4bttgwwdv9bLs/vwqv3qV7F4glEEZ7mRKrM= -github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= -github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= +github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc= +github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= From a57fb96ae9e7e66f36b0f58e59385399b1c01e62 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sun, 7 Sep 2025 08:12:57 +0000 Subject: [PATCH 133/254] chore(deps): update google.golang.org/genproto/googleapis/api digest to ef028d9 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 8 +++++--- bib/go.sum | 8 ++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 323d4e2fb..0e427b3fa 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -1,6 +1,8 @@ module github.com/osbuild/bootc-image-builder/bib -go 1.23.9 +go 1.24.0 + +toolchain go1.24.6 require ( github.com/cheggaaa/pb/v3 v3.1.7 @@ -127,9 +129,9 @@ require ( golang.org/x/sys v0.35.0 // indirect golang.org/x/term v0.34.0 // indirect golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect google.golang.org/grpc v1.74.2 // indirect - google.golang.org/protobuf v1.36.7 // indirect + google.golang.org/protobuf v1.36.8 // indirect gopkg.in/ini.v1 v1.67.0 // indirect ) diff --git a/bib/go.sum b/bib/go.sum index 4f62aacd4..31eaed48e 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -463,8 +463,8 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= +google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1 h1:APHvLLYBhtZvsbnpkfknDZ7NyH4z5+ub/I0u8L3Oz6g= +google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1/go.mod h1:xUjFWUnWDpZ/C0Gu0qloASKFb6f8/QXiiXhSPFsD668= google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -483,8 +483,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= -google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= +google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= From 5f5e1afee1d2cb883b70aa06ef0acf6ea40f2776 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sun, 7 Sep 2025 08:13:44 +0000 Subject: [PATCH 134/254] chore(deps): update aws-sdk-go-v2 monorepo Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 38 +++++++++++++-------------- bib/go.sum | 76 +++++++++++++++++++++++++++--------------------------- 2 files changed, 57 insertions(+), 57 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 0e427b3fa..fdeab189b 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -25,26 +25,26 @@ require ( github.com/Microsoft/hcsshim v0.13.0 // indirect github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect - github.com/aws/aws-sdk-go-v2 v1.38.1 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 // indirect - github.com/aws/aws-sdk-go-v2/config v1.31.2 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.18.6 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4 // indirect - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.4 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.4 // indirect + github.com/aws/aws-sdk-go-v2 v1.38.3 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 // indirect + github.com/aws/aws-sdk-go-v2/config v1.31.6 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.18.10 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.6 // indirect + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.4 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.4 // indirect - github.com/aws/aws-sdk-go-v2/service/ec2 v1.245.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.4 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.87.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 // indirect - github.com/aws/smithy-go v1.22.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.6 // indirect + github.com/aws/aws-sdk-go-v2/service/ec2 v1.251.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.6 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.6 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.6 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.29.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.38.2 // indirect + github.com/aws/smithy-go v1.23.0 // indirect github.com/containerd/cgroups/v3 v3.0.5 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index 31eaed48e..97f5b4687 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -14,46 +14,46 @@ github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1o github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= -github.com/aws/aws-sdk-go-v2 v1.38.1 h1:j7sc33amE74Rz0M/PoCpsZQ6OunLqys/m5antM0J+Z8= -github.com/aws/aws-sdk-go-v2 v1.38.1/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 h1:6GMWV6CNpA/6fbFHnoAjrv4+LGfyTqZz2LtCHnspgDg= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0/go.mod h1:/mXlTIVG9jbxkqDnr5UQNQxW1HRYxeGklkM9vAFeabg= -github.com/aws/aws-sdk-go-v2/config v1.31.2 h1:NOaSZpVGEH2Np/c1toSeW0jooNl+9ALmsUTZ8YvkJR0= -github.com/aws/aws-sdk-go-v2/config v1.31.2/go.mod h1:17ft42Yb2lF6OigqSYiDAiUcX4RIkEMY6XxEMJsrAes= -github.com/aws/aws-sdk-go-v2/credentials v1.18.6 h1:AmmvNEYrru7sYNJnp3pf57lGbiarX4T9qU/6AZ9SucU= -github.com/aws/aws-sdk-go-v2/credentials v1.18.6/go.mod h1:/jdQkh1iVPa01xndfECInp1v1Wnp70v3K4MvtlLGVEc= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4 h1:lpdMwTzmuDLkgW7086jE94HweHCqG+uOJwHf3LZs7T0= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4/go.mod h1:9xzb8/SV62W6gHQGC/8rrvgNXU6ZoYM3sAIJCIrXJxY= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.0 h1:2FFgK3oFA8PTNBjprLFfcmkgg7U9YuSimBvR64RUmiA= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.0/go.mod h1:xdxj6nC1aU/jAO80RIlIj3fU40MOSqutEA9N2XFct04= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.4 h1:IdCLsiiIj5YJ3AFevsewURCPV+YWUlOW8JiPhoAy8vg= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.4/go.mod h1:l4bdfCD7XyyZA9BolKBo1eLqgaJxl0/x91PL4Yqe0ao= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.4 h1:j7vjtr1YIssWQOMeOWRbh3z8g2oY/xPjnZH2gLY4sGw= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.4/go.mod h1:yDmJgqOiH4EA8Hndnv4KwAo8jCGTSnM5ASG1nBI+toA= +github.com/aws/aws-sdk-go-v2 v1.38.3 h1:B6cV4oxnMs45fql4yRH+/Po/YU+597zgWqvDpYMturk= +github.com/aws/aws-sdk-go-v2 v1.38.3/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 h1:i8p8P4diljCr60PpJp6qZXNlgX4m2yQFpYk+9ZT+J4E= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1/go.mod h1:ddqbooRZYNoJ2dsTwOty16rM+/Aqmk/GOXrK8cg7V00= +github.com/aws/aws-sdk-go-v2/config v1.31.6 h1:a1t8fXY4GT4xjyJExz4knbuoxSCacB5hT/WgtfPyLjo= +github.com/aws/aws-sdk-go-v2/config v1.31.6/go.mod h1:5ByscNi7R+ztvOGzeUaIu49vkMk2soq5NaH5PYe33MQ= +github.com/aws/aws-sdk-go-v2/credentials v1.18.10 h1:xdJnXCouCx8Y0NncgoptztUocIYLKeQxrCgN6x9sdhg= +github.com/aws/aws-sdk-go-v2/credentials v1.18.10/go.mod h1:7tQk08ntj914F/5i9jC4+2HQTAuJirq7m1vZVIhEkWs= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.6 h1:wbjnrrMnKew78/juW7I2BtKQwa1qlf6EjQgS69uYY14= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.6/go.mod h1:AtiqqNrDioJXuUgz3+3T0mBWN7Hro2n9wll2zRUc0ww= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.4 h1:BTl+TXrpnrpPWb/J3527GsJ/lMkn7z3GO12j6OlsbRg= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.4/go.mod h1:cG2tenc/fscpChiZE29a2crG9uo2t6nQGflFllFL8M8= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 h1:uF68eJA6+S9iVr9WgX1NaRGyQ/6MdIyc4JNUo6TN1FA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6/go.mod h1:qlPeVZCGPiobx8wb1ft0GHT5l+dc6ldnwInDFaMvC7Y= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 h1:pa1DEC6JoI0zduhZePp3zmhWvk/xxm4NB8Hy/Tlsgos= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6/go.mod h1:gxEjPebnhWGJoaDdtDkA0JX46VRg1wcTHYe63OfX5pE= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.4 h1:BE/MNQ86yzTINrfxPPFS86QCBNQeLKY2A0KhDh47+wI= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.4/go.mod h1:SPBBhkJxjcrzJBc+qY85e83MQ2q3qdra8fghhkkyrJg= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.245.2 h1:P94OfRObDwjklbvdJTGuRZXeGYF7Bv5NNUo+I628kKQ= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.245.2/go.mod h1:D8Wb993SJuFQ10Lp95Vod8VTpYjJz4v0LeW4rEI471c= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 h1:6+lZi2JeGKtCraAj1rpoZfKqnQ9SptseRZioejfUOLM= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0/go.mod h1:eb3gfbVIxIoGgJsi9pGne19dhCBpK6opTYpQqAmdy44= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.4 h1:Beh9oVgtQnBgR4sKKzkUBRQpf1GnL4wt0l4s8h2VCJ0= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.4/go.mod h1:b17At0o8inygF+c6FOD3rNyYZufPw62o9XJbSfQPgbo= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4 h1:ueB2Te0NacDMnaC+68za9jLwkjzxGWm0KB5HTUHjLTI= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4/go.mod h1:nLEfLnVMmLvyIG58/6gsSA03F1voKGaCfHV7+lR8S7s= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.4 h1:HVSeukL40rHclNcUqVcBwE1YoZhOkoLeBfhUqR3tjIU= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.4/go.mod h1:DnbBOv4FlIXHj2/xmrUQYtawRFC9L9ZmQPz+DBc6X5I= -github.com/aws/aws-sdk-go-v2/service/s3 v1.87.1 h1:2n6Pd67eJwAb/5KCX62/8RTU0aFAAW7V5XIGSghiHrw= -github.com/aws/aws-sdk-go-v2/service/s3 v1.87.1/go.mod h1:w5PC+6GHLkvMJKasYGVloB3TduOtROEMqm15HSuIbw4= -github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 h1:ve9dYBB8CfJGTFqcQ3ZLAAb/KXWgYlgu/2R2TZL2Ko0= -github.com/aws/aws-sdk-go-v2/service/sso v1.28.2/go.mod h1:n9bTZFZcBa9hGGqVz3i/a6+NG0zmZgtkB9qVVFDqPA8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.2 h1:pd9G9HQaM6UZAZh19pYOkpKSQkyQQ9ftnl/LttQOcGI= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.2/go.mod h1:eknndR9rU8UpE/OmFpqU78V1EcXPKFTTm5l/buZYgvM= -github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 h1:iV1Ko4Em/lkJIsoKyGfc0nQySi+v0Udxr6Igq+y9JZc= -github.com/aws/aws-sdk-go-v2/service/sts v1.38.0/go.mod h1:bEPcjW7IbolPfK67G1nilqWyoxYMSPrDiIQ3RdIdKgo= -github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw= -github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.6 h1:R0tNFJqfjHL3900cqhXuwQ+1K4G0xc9Yf8EDbFXCKEw= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.6/go.mod h1:y/7sDdu+aJvPtGXr4xYosdpq9a6T9Z0jkXfugmti0rI= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.251.0 h1:hGHSNZDTFnhLGUpRkQORM8uBY9R/FOkxCkuUUJBEOQ4= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.251.0/go.mod h1:SmMqzfS4HVsOD58lwLZ79oxF58f8zVe5YdK3o+/o1Ck= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.6 h1:hncKj/4gR+TPauZgTAsxOxNcvBayhUlYZ6LO/BYiQ30= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.6/go.mod h1:OiIh45tp6HdJDDJGnja0mw8ihQGz3VGrUflLqSL0SmM= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.6 h1:LHS1YAIJXJ4K9zS+1d/xa9JAA9sL2QyXIQCQFQW/X08= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.6/go.mod h1:c9PCiTEuh0wQID5/KqA32J+HAgZxN9tOGXKCiYJjTZI= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.6 h1:nEXUSAwyUfLTgnc9cxlDWy637qsq4UWwp3sNAfl0Z3Y= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.6/go.mod h1:HGzIULx4Ge3Do2V0FaiYKcyKzOqwrhUZgCI77NisswQ= +github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3 h1:ETkfWcXP2KNPLecaDa++5bsQhCRa5M5sLUJa5DWYIIg= +github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3/go.mod h1:+/3ZTqoYb3Ur7DObD00tarKMLMuKg8iqz5CHEanqTnw= +github.com/aws/aws-sdk-go-v2/service/sso v1.29.1 h1:8OLZnVJPvjnrxEwHFg9hVUof/P4sibH+Ea4KKuqAGSg= +github.com/aws/aws-sdk-go-v2/service/sso v1.29.1/go.mod h1:27M3BpVi0C02UiQh1w9nsBEit6pLhlaH3NHna6WUbDE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2 h1:gKWSTnqudpo8dAxqBqZnDoDWCiEh/40FziUjr/mo6uA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2/go.mod h1:x7+rkNmRoEN1U13A6JE2fXne9EWyJy54o3n6d4mGaXQ= +github.com/aws/aws-sdk-go-v2/service/sts v1.38.2 h1:YZPjhyaGzhDQEvsffDEcpycq49nl7fiGcfJTIo8BszI= +github.com/aws/aws-sdk-go-v2/service/sts v1.38.2/go.mod h1:2dIN8qhQfv37BdUYGgEC8Q3tteM3zFxTI1MLO2O3J3c= +github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE= +github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= From 9886d7a185c84833df7da8ae3cdc08b3b59ea2bf Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 5 Aug 2025 13:24:59 +0200 Subject: [PATCH 135/254] many: switch to use manifests from the "images" library This commit removes most of the code that deals with generating the osbuild manifest and imports the new support for this from the images library instead. Only disk images are supported for now. --- bib/cmd/bootc-image-builder/image.go | 411 --------------------------- bib/cmd/bootc-image-builder/main.go | 92 +++--- 2 files changed, 59 insertions(+), 444 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index df670c37d..78d3b9d7e 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -2,12 +2,10 @@ package main import ( cryptorand "crypto/rand" - "errors" "fmt" "math" "math/big" "math/rand" - "path/filepath" "slices" "strconv" "strings" @@ -18,15 +16,11 @@ import ( "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/customizations/anaconda" "github.com/osbuild/images/pkg/customizations/kickstart" - "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/disk" - "github.com/osbuild/images/pkg/disk/partition" "github.com/osbuild/images/pkg/image" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/osbuild" - "github.com/osbuild/images/pkg/pathpolicy" "github.com/osbuild/images/pkg/platform" - "github.com/osbuild/images/pkg/policies" "github.com/osbuild/images/pkg/rpmmd" "github.com/osbuild/images/pkg/runner" "github.com/sirupsen/logrus" @@ -35,9 +29,6 @@ import ( "github.com/osbuild/bootc-image-builder/bib/internal/imagetypes" ) -// TODO: Auto-detect this from container image metadata -const DEFAULT_SIZE = uint64(10 * GibiByte) - type ManifestConfig struct { // OCI image path (without the transport, that is always docker://) Imgref string @@ -51,10 +42,6 @@ type ManifestConfig struct { // CPU architecture of the image Architecture arch.Arch - // The minimum size required for the root fs in order to fit the container - // contents - RootfsMinsize uint64 - // Paths to the directory with the distro definitions DistroDefPaths []string @@ -69,404 +56,6 @@ type ManifestConfig struct { UseLibrepo bool } -func Manifest(c *ManifestConfig) (*manifest.Manifest, error) { - rng := createRand() - - if c.ImageTypes.BuildsISO() { - return manifestForISO(c, rng) - } - return manifestForDiskImage(c, rng) -} - -var ( - // The mountpoint policy for bootc images is more restrictive than the - // ostree mountpoint policy defined in osbuild/images. It only allows / - // (for sizing the root partition) and custom mountpoints under /var but - // not /var itself. - - // Since our policy library doesn't support denying a path while allowing - // its subpaths (only the opposite), we augment the standard policy check - // with a simple search through the custom mountpoints to deny /var - // specifically. - mountpointPolicy = pathpolicy.NewPathPolicies(map[string]pathpolicy.PathPolicy{ - // allow all existing mountpoints (but no subdirs) to support size customizations - "/": {Deny: false, Exact: true}, - "/boot": {Deny: false, Exact: true}, - - // /var is not allowed, but we need to allow any subdirectories that - // are not denied below, so we allow it initially and then check it - // separately (in checkMountpoints()) - "/var": {Deny: false}, - - // /var subdir denials - "/var/home": {Deny: true}, - "/var/lock": {Deny: true}, // symlink to ../run/lock which is on tmpfs - "/var/mail": {Deny: true}, // symlink to spool/mail - "/var/mnt": {Deny: true}, - "/var/roothome": {Deny: true}, - "/var/run": {Deny: true}, // symlink to ../run which is on tmpfs - "/var/srv": {Deny: true}, - "/var/usrlocal": {Deny: true}, - }) - - mountpointMinimalPolicy = pathpolicy.NewPathPolicies(map[string]pathpolicy.PathPolicy{ - // allow all existing mountpoints to support size customizations - "/": {Deny: false, Exact: true}, - "/boot": {Deny: false, Exact: true}, - }) -) - -func checkMountpoints(filesystems []blueprint.FilesystemCustomization, policy *pathpolicy.PathPolicies) error { - errs := []error{} - for _, fs := range filesystems { - if err := policy.Check(fs.Mountpoint); err != nil { - errs = append(errs, err) - } - if fs.Mountpoint == "/var" { - // this error message is consistent with the errors returned by policy.Check() - // TODO: remove trailing space inside the quoted path when the function is fixed in osbuild/images. - errs = append(errs, fmt.Errorf(`path "/var" is not allowed`)) - } - } - if len(errs) > 0 { - return fmt.Errorf("the following errors occurred while validating custom mountpoints:\n%w", errors.Join(errs...)) - } - return nil -} - -func checkFilesystemCustomizations(fsCustomizations []blueprint.FilesystemCustomization, ptmode partition.PartitioningMode) error { - var policy *pathpolicy.PathPolicies - switch ptmode { - case partition.BtrfsPartitioningMode: - // btrfs subvolumes are not supported at build time yet, so we only - // allow / and /boot to be customized when building a btrfs disk (the - // minimal policy) - policy = mountpointMinimalPolicy - default: - policy = mountpointPolicy - } - if err := checkMountpoints(fsCustomizations, policy); err != nil { - return err - } - return nil -} - -// updateFilesystemSizes updates the size of the root filesystem customization -// based on the minRootSize. The new min size whichever is larger between the -// existing size and the minRootSize. If the root filesystem is not already -// configured, a new customization is added. -func updateFilesystemSizes(fsCustomizations []blueprint.FilesystemCustomization, minRootSize uint64) []blueprint.FilesystemCustomization { - updated := make([]blueprint.FilesystemCustomization, len(fsCustomizations), len(fsCustomizations)+1) - hasRoot := false - for idx, fsc := range fsCustomizations { - updated[idx] = fsc - if updated[idx].Mountpoint == "/" { - updated[idx].MinSize = max(updated[idx].MinSize, minRootSize) - hasRoot = true - } - } - - if !hasRoot { - // no root customization found: add it - updated = append(updated, blueprint.FilesystemCustomization{Mountpoint: "/", MinSize: minRootSize}) - } - return updated -} - -// setFSTypes sets the filesystem types for all mountable entities to match the -// selected rootfs type. -// If rootfs is 'btrfs', the function will keep '/boot' to its default. -func setFSTypes(pt *disk.PartitionTable, rootfs string) error { - if rootfs == "" { - return fmt.Errorf("root filesystem type is empty") - } - - return pt.ForEachMountable(func(mnt disk.Mountable, _ []disk.Entity) error { - switch mnt.GetMountpoint() { - case "/boot/efi": - // never change the efi partition's type - return nil - case "/boot": - // change only if we're not doing btrfs - if rootfs == "btrfs" { - return nil - } - fallthrough - default: - switch elem := mnt.(type) { - case *disk.Filesystem: - elem.Type = rootfs - case *disk.BtrfsSubvolume: - // nothing to do - default: - return fmt.Errorf("the mountable disk entity for %q of the base partition table is not an ordinary filesystem but %T", mnt.GetMountpoint(), mnt) - } - return nil - } - }) -} - -func genPartitionTable(c *ManifestConfig, customizations *blueprint.Customizations, rng *rand.Rand) (*disk.PartitionTable, error) { - fsCust := customizations.GetFilesystems() - diskCust, err := customizations.GetPartitioning() - if err != nil { - return nil, fmt.Errorf("error reading disk customizations: %w", err) - } - - // Embedded disk customization applies if there was no local customization - if fsCust == nil && diskCust == nil && c.SourceInfo != nil && c.SourceInfo.ImageCustomization != nil { - imageCustomizations := c.SourceInfo.ImageCustomization - - fsCust = imageCustomizations.GetFilesystems() - diskCust, err = imageCustomizations.GetPartitioning() - if err != nil { - return nil, fmt.Errorf("error reading disk customizations: %w", err) - } - } - - var partitionTable *disk.PartitionTable - switch { - // XXX: move into images library - case fsCust != nil && diskCust != nil: - return nil, fmt.Errorf("cannot combine disk and filesystem customizations") - case diskCust != nil: - partitionTable, err = genPartitionTableDiskCust(c, diskCust, rng) - if err != nil { - return nil, err - } - default: - partitionTable, err = genPartitionTableFsCust(c, fsCust, rng) - if err != nil { - return nil, err - } - } - - // Ensure ext4 rootfs has fs-verity enabled - rootfs := partitionTable.FindMountable("/") - if rootfs != nil { - switch elem := rootfs.(type) { - case *disk.Filesystem: - if elem.Type == "ext4" { - elem.MkfsOptions = append(elem.MkfsOptions, []disk.MkfsOption{disk.MkfsVerity}...) - } - } - } - - if c.SourceInfo != nil && c.SourceInfo.KernelInfo != nil && c.SourceInfo.KernelInfo.HasAbootImg { - idx := slices.IndexFunc(partitionTable.Partitions, func(part disk.Partition) bool { - // The aboot support in ostree supports both traditional android verified boot and - // ukiboot. For aboot, the partition is labeled "boot_a", as described in - // https://source.android.com/docs/core/ota/ab/ab_implement - // For ukibooot (https://gitlab.com/CentOS/automotive/src/ukiboot) the partition - // either has label ukiboot_a (GPT) or type 0x46 (MBR). - return part.Label == "boot_a" || part.Label == "ukiboot_a" || part.Type == "46" - }) - if idx >= 0 { - sourcePipeline := "build" - if c.BuildSourceInfo != nil { - sourcePipeline = "target" - } - - partitionTable.Partitions[idx].Payload = &disk.Raw{ - SourcePipeline: sourcePipeline, - SourcePath: filepath.Join("/usr/lib/modules/", c.SourceInfo.KernelInfo.Version, "aboot.img"), - } - } - } - - return partitionTable, nil -} - -// calcRequiredDirectorySizes will calculate the minimum sizes for / -// for disk customizations. We need this because with advanced partitioning -// we never grow the rootfs to the size of the disk (unlike the tranditional -// filesystem customizations). -// -// So we need to go over the customizations and ensure the min-size for "/" -// is at least rootfsMinSize. -// -// Note that a custom "/usr" is not supported in image mode so splitting -// rootfsMinSize between / and /usr is not a concern. -func calcRequiredDirectorySizes(distCust *blueprint.DiskCustomization, rootfsMinSize uint64) (map[string]uint64, error) { - // XXX: this has *way* too much low-level knowledge about the - // inner workings of blueprint.DiskCustomizations plus when - // a new type it needs to get added here too, think about - // moving into "images" instead (at least partly) - mounts := map[string]uint64{} - for _, part := range distCust.Partitions { - switch part.Type { - case "", "plain": - mounts[part.Mountpoint] = part.MinSize - case "lvm": - for _, lv := range part.LogicalVolumes { - mounts[lv.Mountpoint] = part.MinSize - } - case "btrfs": - for _, subvol := range part.Subvolumes { - mounts[subvol.Mountpoint] = part.MinSize - } - default: - return nil, fmt.Errorf("unknown disk customization type %q", part.Type) - } - } - // ensure rootfsMinSize is respected - return map[string]uint64{ - "/": max(rootfsMinSize, mounts["/"]), - }, nil -} - -func genPartitionTableDiskCust(c *ManifestConfig, diskCust *blueprint.DiskCustomization, rng *rand.Rand) (*disk.PartitionTable, error) { - if err := diskCust.ValidateLayoutConstraints(); err != nil { - return nil, fmt.Errorf("cannot use disk customization: %w", err) - } - - diskCust.MinSize = max(diskCust.MinSize, c.RootfsMinsize) - - basept, ok := partitionTables[c.Architecture.String()] - if !ok { - return nil, fmt.Errorf("pipelines: no partition tables defined for %s", c.Architecture) - } - defaultFSType, err := disk.NewFSType(c.RootFSType) - if err != nil { - return nil, err - } - requiredMinSizes, err := calcRequiredDirectorySizes(diskCust, c.RootfsMinsize) - if err != nil { - return nil, err - } - partOptions := &disk.CustomPartitionTableOptions{ - PartitionTableType: basept.Type, - // XXX: not setting/defaults will fail to boot with btrfs/lvm - BootMode: platform.BOOT_HYBRID, - DefaultFSType: defaultFSType, - RequiredMinSizes: requiredMinSizes, - Architecture: c.Architecture, - } - return disk.NewCustomPartitionTable(diskCust, partOptions, rng) -} - -func genPartitionTableFsCust(c *ManifestConfig, fsCust []blueprint.FilesystemCustomization, rng *rand.Rand) (*disk.PartitionTable, error) { - basept, ok := partitionTables[c.Architecture.String()] - if !ok { - return nil, fmt.Errorf("pipelines: no partition tables defined for %s", c.Architecture) - } - - partitioningMode := partition.RawPartitioningMode - if c.RootFSType == "btrfs" { - partitioningMode = partition.BtrfsPartitioningMode - } - if err := checkFilesystemCustomizations(fsCust, partitioningMode); err != nil { - return nil, err - } - fsCustomizations := updateFilesystemSizes(fsCust, c.RootfsMinsize) - - pt, err := disk.NewPartitionTable(&basept, fsCustomizations, DEFAULT_SIZE, partitioningMode, c.Architecture, nil, rng) - if err != nil { - return nil, err - } - - if err := setFSTypes(pt, c.RootFSType); err != nil { - return nil, fmt.Errorf("error setting root filesystem type: %w", err) - } - return pt, nil -} - -func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, error) { - if c.Imgref == "" { - return nil, fmt.Errorf("pipeline: no base image defined") - } - containerSource := container.SourceSpec{ - Source: c.Imgref, - Name: c.Imgref, - Local: true, - } - buildContainerSource := container.SourceSpec{ - Source: c.BuildImgref, - Name: c.BuildImgref, - Local: true, - } - - var customizations *blueprint.Customizations - if c.Config != nil { - customizations = c.Config.Customizations - } - - platform := &platform.Data{ - Arch: c.Architecture, - UEFIVendor: c.SourceInfo.UEFIVendor, - QCOW2Compat: "1.1", - } - switch c.Architecture { - case arch.ARCH_X86_64: - platform.BIOSPlatform = "i386-pc" - case arch.ARCH_PPC64LE: - platform.BIOSPlatform = "powerpc-ieee1275" - case arch.ARCH_S390X: - platform.ZiplSupport = true - } - // For the bootc-disk image, the filename is the basename and the extension - // is added automatically for each disk format - filename := "disk" - - img := image.NewBootcDiskImage(platform, filename, containerSource, buildContainerSource) - img.OSCustomizations.Users = users.UsersFromBP(customizations.GetUsers()) - img.OSCustomizations.Groups = users.GroupsFromBP(customizations.GetGroups()) - img.OSCustomizations.SELinux = c.SourceInfo.SELinuxPolicy - img.OSCustomizations.BuildSELinux = img.OSCustomizations.SELinux - if c.BuildSourceInfo != nil { - img.OSCustomizations.BuildSELinux = c.BuildSourceInfo.SELinuxPolicy - } - - img.OSCustomizations.KernelOptionsAppend = []string{ - "rw", - // TODO: Drop this as we expect kargs to come from the container image, - // xref https://github.com/CentOS/centos-bootc-layered/blob/main/cloud/usr/lib/bootc/install/05-cloud-kargs.toml - "console=tty0", - "console=ttyS0", - } - - if kopts := customizations.GetKernel(); kopts != nil && kopts.Append != "" { - img.OSCustomizations.KernelOptionsAppend = append(img.OSCustomizations.KernelOptionsAppend, kopts.Append) - } - - pt, err := genPartitionTable(c, customizations, rng) - if err != nil { - return nil, err - } - img.PartitionTable = pt - - // Check Directory/File Customizations are valid - dc := customizations.GetDirectories() - fc := customizations.GetFiles() - if err := blueprint.ValidateDirFileCustomizations(dc, fc); err != nil { - return nil, err - } - if err := blueprint.CheckDirectoryCustomizationsPolicy(dc, policies.OstreeCustomDirectoriesPolicies); err != nil { - return nil, err - } - if err := blueprint.CheckFileCustomizationsPolicy(fc, policies.OstreeCustomFilesPolicies); err != nil { - return nil, err - } - img.OSCustomizations.Files, err = blueprint.FileCustomizationsToFsNodeFiles(fc) - if err != nil { - return nil, err - } - img.OSCustomizations.Directories, err = blueprint.DirectoryCustomizationsToFsNodeDirectories(dc) - if err != nil { - return nil, err - } - - mf := manifest.New() - mf.Distro = manifest.DISTRO_FEDORA - runner := &runner.Linux{} - - if err := img.InstantiateManifestFromContainers(&mf, []container.SourceSpec{containerSource}, runner, rng); err != nil { - return nil, err - } - - return &mf, nil -} - func labelForISO(os *osinfo.OSRelease, arch *arch.Arch) string { switch os.ID { case "fedora": diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index db1ee508d..2e2993005 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -1,10 +1,12 @@ package main import ( + "bytes" "encoding/json" "errors" "fmt" "io" + "io/fs" "log" "os" "os/exec" @@ -18,15 +20,19 @@ import ( "github.com/spf13/pflag" "golang.org/x/exp/slices" + repos "github.com/osbuild/images/data/repositories" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/bib/blueprintload" "github.com/osbuild/images/pkg/cloud" "github.com/osbuild/images/pkg/cloud/awscloud" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/distro/bootc" "github.com/osbuild/images/pkg/dnfjson" "github.com/osbuild/images/pkg/experimentalflags" "github.com/osbuild/images/pkg/manifest" + "github.com/osbuild/images/pkg/manifestgen" "github.com/osbuild/images/pkg/osbuild" + "github.com/osbuild/images/pkg/reporegistry" "github.com/osbuild/images/pkg/rpmmd" "github.com/osbuild/bootc-image-builder/bib/internal/imagetypes" @@ -35,15 +41,6 @@ import ( "github.com/osbuild/image-builder-cli/pkg/progress" "github.com/osbuild/image-builder-cli/pkg/setup" - "github.com/osbuild/image-builder-cli/pkg/util" -) - -const ( - // As a baseline heuristic we double the size of - // the input container to support in-place updates. - // This is planned to be more configurable in the - // future. - containerSizeToDiskSizeMultiplier = 2 ) // all possible locations for the bib's distro definitions @@ -96,23 +93,9 @@ func inContainerOrUnknown() bool { return err == nil } -// getContainerSize returns the size of an already pulled container image in bytes -func getContainerSize(imgref string) (uint64, error) { - output, err := exec.Command("podman", "image", "inspect", imgref, "--format", "{{.Size}}").Output() - if err != nil { - return 0, fmt.Errorf("failed inspect image: %w", util.OutputErr(err)) - } - size, err := strconv.ParseUint(strings.TrimSpace(string(output)), 10, 64) - if err != nil { - return 0, fmt.Errorf("cannot parse image size: %w", err) - } - - logrus.Debugf("container size: %v", size) - return size, nil -} - func makeManifest(c *ManifestConfig, solver *dnfjson.Solver, cacheRoot string) (manifest.OSBuildManifest, map[string][]rpmmd.RepoConfig, error) { - mani, err := Manifest(c) + rng := createRand() + mani, err := manifestForISO(c, rng) if err != nil { return nil, nil, fmt.Errorf("cannot get manifest: %w", err) } @@ -245,23 +228,67 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress if err != nil { return nil, nil, fmt.Errorf("cannot detect build types %v: %w", imgTypes, err) } - config, err := blueprintload.LoadWithFallback(userConfigFile) if err != nil { return nil, nil, fmt.Errorf("cannot read config: %w", err) } - pbar.SetPulseMsgf("Manifest generation step") - pbar.Start() - if err := setup.ValidateHasContainerTags(imgref); err != nil { return nil, nil, err } - cntSize, err := getContainerSize(imgref) - if err != nil { - return nil, nil, fmt.Errorf("cannot get container size: %w", err) + pbar.SetPulseMsgf("Manifest generation step") + pbar.Start() + + // For now shortcut here and build ding "images" for anything + // that is not the iso + if !imageTypes.BuildsISO() { + distro, err := bootc.NewBootcDistro(imgref) + if err != nil { + return nil, nil, err + } + if err := distro.SetBuildContainer(buildImgref); err != nil { + return nil, nil, err + } + if err := distro.SetDefaultFs(rootFs); err != nil { + return nil, nil, err + } + // XXX: consider target-arch + archi, err := distro.GetArch(cntArch.String()) + if err != nil { + return nil, nil, err + } + // XXX: how to generate for all image types + imgType, err := archi.GetImageType(imgTypes[0]) + if err != nil { + return nil, nil, err + } + + var buf bytes.Buffer + repos, err := reporegistry.New(nil, []fs.FS{repos.FS}) + if err != nil { + return nil, nil, err + } + mg, err := manifestgen.New(repos, &manifestgen.Options{ + Output: &buf, + // XXX: hack to skip repo loading for the bootc image. + // We need to add a SkipRepositories or similar to + // manifestgen instead to make this clean + OverrideRepos: []rpmmd.RepoConfig{ + { + BaseURLs: []string{"https://example.com/not-used"}, + }, + }, + }) + if err != nil { + return nil, nil, err + } + if err := mg.Generate(config, distro, imgType, archi, nil); err != nil { + return nil, nil, err + } + return buf.Bytes(), nil, nil } + container, err := podman_container.New(imgref) if err != nil { return nil, nil, err @@ -334,7 +361,6 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress ImageTypes: imageTypes, Imgref: imgref, BuildImgref: buildImgref, - RootfsMinsize: cntSize * containerSizeToDiskSizeMultiplier, DistroDefPaths: distroDefPaths, SourceInfo: sourceinfo, BuildSourceInfo: buildSourceinfo, From e0e7bb80421fbd56a40d56cb16c25a7b5fa72dc6 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 7 Aug 2025 21:08:45 +0200 Subject: [PATCH 136/254] test: update architecutre mismatch error string --- test/test_manifest.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/test_manifest.py b/test/test_manifest.py index 347c64fe5..c628c6783 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -153,7 +153,8 @@ def test_manifest_cross_arch_check(tmp_path, build_container): "manifest", "--target-arch=aarch64", f"localhost/{container_tag}" ], check=True, capture_output=True, encoding="utf8") - assert 'image found is for unexpected architecture "x86_64"' in exc.value.stderr + assert 'cannot generate manifest: requested container architecture '\ + 'does not match resolved container: "x86_64" !=' in exc.value.stderr def find_rootfs_type_from(manifest_str): From 02161d81bb4448f6aa9c7e126c4aaa13d3854fd6 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 27 Aug 2025 18:56:42 +0200 Subject: [PATCH 137/254] bib: remove partition_table.go -> moved to images --- .../bootc-image-builder/partition_tables.go | 139 ------------------ 1 file changed, 139 deletions(-) delete mode 100644 bib/cmd/bootc-image-builder/partition_tables.go diff --git a/bib/cmd/bootc-image-builder/partition_tables.go b/bib/cmd/bootc-image-builder/partition_tables.go deleted file mode 100644 index 9ce5468c5..000000000 --- a/bib/cmd/bootc-image-builder/partition_tables.go +++ /dev/null @@ -1,139 +0,0 @@ -package main - -import ( - "github.com/osbuild/images/pkg/arch" - "github.com/osbuild/images/pkg/disk" - "github.com/osbuild/images/pkg/distro" -) - -const ( - MebiByte = 1024 * 1024 // MiB - GibiByte = 1024 * 1024 * 1024 // GiB - // BootOptions defines the mountpoint options for /boot - // See https://github.com/containers/bootc/pull/341 for the rationale for - // using `ro` by default. Briefly it protects against corruption - // by non-ostree aware tools. - BootOptions = "ro" - // And we default to `ro` for the rootfs too, because we assume the input - // container image is using composefs. For more info, see - // https://github.com/containers/bootc/pull/417 and - // https://github.com/ostreedev/ostree/issues/3193 - RootOptions = "ro" -) - -// diskUuidOfUnknownOrigin is used by default for disk images, -// picked by someone in the past for unknown reasons. More in -// e.g. https://github.com/osbuild/bootc-image-builder/pull/568 and -// https://github.com/osbuild/images/pull/823 -const diskUuidOfUnknownOrigin = "D209C89E-EA5E-4FBD-B161-B461CCE297E0" - -// efiPartition defines the default ESP. See also -// https://en.wikipedia.org/wiki/EFI_system_partition -var efiPartition = disk.Partition{ - Size: 501 * MebiByte, - Type: disk.EFISystemPartitionGUID, - UUID: disk.EFISystemPartitionUUID, - Payload: &disk.Filesystem{ - Type: "vfat", - UUID: disk.EFIFilesystemUUID, - Mountpoint: "/boot/efi", - Label: "EFI-SYSTEM", - FSTabOptions: "umask=0077,shortname=winnt", - FSTabFreq: 0, - FSTabPassNo: 2, - }, -} - -// bootPartition defines a distinct filesystem for /boot -// which is needed for e.g. LVM or LUKS when using GRUB -// (which this project doesn't support today...) -// See also https://github.com/containers/bootc/pull/529/commits/e5548d8765079171e6ed39a3ab0479bc8681a1c9 -var bootPartition = disk.Partition{ - Size: 1 * GibiByte, - Type: disk.FilesystemDataGUID, - UUID: disk.DataPartitionUUID, - Payload: &disk.Filesystem{ - Type: "ext4", - Mountpoint: "/boot", - Label: "boot", - FSTabOptions: BootOptions, - FSTabFreq: 1, - FSTabPassNo: 2, - }, -} - -// rootPartition holds the root filesystem; however note -// that while the type here defines "ext4" because the data -// type requires something there, in practice we pull -// the rootfs type from the container image by default. -// See https://containers.github.io/bootc/bootc-install.html -var rootPartition = disk.Partition{ - Size: 2 * GibiByte, - Type: disk.FilesystemDataGUID, - UUID: disk.RootPartitionUUID, - Payload: &disk.Filesystem{ - Type: "ext4", - Label: "root", - Mountpoint: "/", - FSTabOptions: RootOptions, - FSTabFreq: 1, - FSTabPassNo: 1, - }, -} - -var partitionTables = distro.BasePartitionTableMap{ - arch.ARCH_X86_64.String(): disk.PartitionTable{ - UUID: diskUuidOfUnknownOrigin, - Type: disk.PT_GPT, - Partitions: []disk.Partition{ - { - Size: 1 * MebiByte, - Bootable: true, - Type: disk.BIOSBootPartitionGUID, - UUID: disk.BIOSBootPartitionUUID, - }, - efiPartition, - bootPartition, - rootPartition, - }, - }, - arch.ARCH_AARCH64.String(): disk.PartitionTable{ - UUID: diskUuidOfUnknownOrigin, - Type: disk.PT_GPT, - Partitions: []disk.Partition{ - efiPartition, - bootPartition, - rootPartition, - }, - }, - arch.ARCH_S390X.String(): disk.PartitionTable{ - UUID: diskUuidOfUnknownOrigin, - Type: disk.PT_GPT, - Partitions: []disk.Partition{ - bootPartition, - rootPartition, - }, - }, - arch.ARCH_PPC64LE.String(): disk.PartitionTable{ - UUID: diskUuidOfUnknownOrigin, - Type: disk.PT_GPT, - Partitions: []disk.Partition{ - { - Size: 4 * MebiByte, - Type: disk.PRePartitionGUID, - Bootable: true, - }, - bootPartition, - rootPartition, - }, - }, - arch.ARCH_RISCV64.String(): disk.PartitionTable{ - UUID: diskUuidOfUnknownOrigin, - Type: disk.PT_GPT, - Partitions: []disk.Partition{ - efiPartition, - bootPartition, - rootPartition, - }, - }, -} From 29f07f5e13490577e2b17e57ac7f9dcb855df671 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 27 Aug 2025 19:12:43 +0200 Subject: [PATCH 138/254] bib: drop tests that moved to "images/pkg/distro/bootc" --- bib/cmd/bootc-image-builder/export_test.go | 14 +- bib/cmd/bootc-image-builder/image_test.go | 660 --------------------- bib/cmd/bootc-image-builder/main_test.go | 472 --------------- 3 files changed, 4 insertions(+), 1142 deletions(-) diff --git a/bib/cmd/bootc-image-builder/export_test.go b/bib/cmd/bootc-image-builder/export_test.go index ae62449d2..8dcbaef91 100644 --- a/bib/cmd/bootc-image-builder/export_test.go +++ b/bib/cmd/bootc-image-builder/export_test.go @@ -1,16 +1,10 @@ package main var ( - CanChownInPath = canChownInPath - CheckFilesystemCustomizations = checkFilesystemCustomizations - GetDistroAndRunner = getDistroAndRunner - CheckMountpoints = checkMountpoints - PartitionTables = partitionTables - UpdateFilesystemSizes = updateFilesystemSizes - GenPartitionTable = genPartitionTable - CreateRand = createRand - BuildCobraCmdline = buildCobraCmdline - CalcRequiredDirectorySizes = calcRequiredDirectorySizes + CanChownInPath = canChownInPath + GetDistroAndRunner = getDistroAndRunner + CreateRand = createRand + BuildCobraCmdline = buildCobraCmdline ) func MockOsGetuid(new func() int) (restore func()) { diff --git a/bib/cmd/bootc-image-builder/image_test.go b/bib/cmd/bootc-image-builder/image_test.go index acddc18fe..a204b1811 100644 --- a/bib/cmd/bootc-image-builder/image_test.go +++ b/bib/cmd/bootc-image-builder/image_test.go @@ -7,11 +7,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/osbuild/blueprint/pkg/blueprint" - "github.com/osbuild/images/pkg/arch" - "github.com/osbuild/images/pkg/datasizes" - "github.com/osbuild/images/pkg/disk" - "github.com/osbuild/images/pkg/disk/partition" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/runner" @@ -61,658 +56,3 @@ func TestGetDistroAndRunner(t *testing.T) { }) } } - -func TestCheckFilesystemCustomizationsValidates(t *testing.T) { - for _, tc := range []struct { - fsCust []blueprint.FilesystemCustomization - ptmode partition.PartitioningMode - expectedErr string - }{ - // happy - { - fsCust: []blueprint.FilesystemCustomization{}, - expectedErr: "", - }, - { - fsCust: []blueprint.FilesystemCustomization{}, - ptmode: partition.BtrfsPartitioningMode, - expectedErr: "", - }, - { - fsCust: []blueprint.FilesystemCustomization{ - {Mountpoint: "/"}, {Mountpoint: "/boot"}, - }, - ptmode: partition.RawPartitioningMode, - expectedErr: "", - }, - { - fsCust: []blueprint.FilesystemCustomization{ - {Mountpoint: "/"}, {Mountpoint: "/boot"}, - }, - ptmode: partition.BtrfsPartitioningMode, - expectedErr: "", - }, - { - fsCust: []blueprint.FilesystemCustomization{ - {Mountpoint: "/"}, - {Mountpoint: "/boot"}, - {Mountpoint: "/var/log"}, - {Mountpoint: "/var/data"}, - }, - expectedErr: "", - }, - // sad - { - fsCust: []blueprint.FilesystemCustomization{ - {Mountpoint: "/"}, - {Mountpoint: "/ostree"}, - }, - ptmode: partition.RawPartitioningMode, - expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/ostree\" is not allowed", - }, - { - fsCust: []blueprint.FilesystemCustomization{ - {Mountpoint: "/"}, - {Mountpoint: "/var"}, - }, - ptmode: partition.RawPartitioningMode, - expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/var\" is not allowed", - }, - { - fsCust: []blueprint.FilesystemCustomization{ - {Mountpoint: "/"}, - {Mountpoint: "/var/data"}, - }, - ptmode: partition.BtrfsPartitioningMode, - expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/var/data\" is not allowed", - }, - { - fsCust: []blueprint.FilesystemCustomization{ - {Mountpoint: "/"}, - {Mountpoint: "/boot/"}, - }, - ptmode: partition.BtrfsPartitioningMode, - expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/boot/\" must be canonical", - }, - { - fsCust: []blueprint.FilesystemCustomization{ - {Mountpoint: "/"}, - {Mountpoint: "/boot/"}, - {Mountpoint: "/opt"}, - }, - ptmode: partition.BtrfsPartitioningMode, - expectedErr: "the following errors occurred while validating custom mountpoints:\npath \"/boot/\" must be canonical\npath \"/opt\" is not allowed", - }, - } { - if tc.expectedErr == "" { - assert.NoError(t, bib.CheckFilesystemCustomizations(tc.fsCust, tc.ptmode)) - } else { - assert.ErrorContains(t, bib.CheckFilesystemCustomizations(tc.fsCust, tc.ptmode), tc.expectedErr) - } - } -} - -func TestLocalMountpointPolicy(t *testing.T) { - // extended testing of the general mountpoint policy (non-minimal) - type testCase struct { - path string - allowed bool - } - - testCases := []testCase{ - // existing mountpoints / and /boot are fine for sizing - {"/", true}, - {"/boot", true}, - - // root mountpoints are not allowed - {"/data", false}, - {"/opt", false}, - {"/stuff", false}, - {"/usr", false}, - - // /var explicitly is not allowed - {"/var", false}, - - // subdirs of /boot are not allowed - {"/boot/stuff", false}, - {"/boot/loader", false}, - - // /var subdirectories are allowed - {"/var/data", true}, - {"/var/scratch", true}, - {"/var/log", true}, - {"/var/opt", true}, - {"/var/opt/application", true}, - - // but not these - {"/var/home", false}, - {"/var/lock", false}, // symlink to ../run/lock which is on tmpfs - {"/var/mail", false}, // symlink to spool/mail - {"/var/mnt", false}, - {"/var/roothome", false}, - {"/var/run", false}, // symlink to ../run which is on tmpfs - {"/var/srv", false}, - {"/var/usrlocal", false}, - - // nor their subdirs - {"/var/run/subrun", false}, - {"/var/srv/test", false}, - {"/var/home/user", false}, - {"/var/usrlocal/bin", false}, - } - - for _, tc := range testCases { - t.Run(tc.path, func(t *testing.T) { - err := bib.CheckFilesystemCustomizations([]blueprint.FilesystemCustomization{{Mountpoint: tc.path}}, partition.RawPartitioningMode) - if err != nil && tc.allowed { - t.Errorf("expected %s to be allowed, but got error: %v", tc.path, err) - } else if err == nil && !tc.allowed { - t.Errorf("expected %s to be denied, but got no error", tc.path) - } - }) - } -} - -func TestBasePartitionTablesHaveRoot(t *testing.T) { - // make sure that all base partition tables have at least a root partition defined - for arch, pt := range bib.PartitionTables { - rootMountable := pt.FindMountable("/") - if rootMountable == nil { - t.Errorf("partition table %q does not define a root filesystem", arch) - } - _, isFS := rootMountable.(*disk.Filesystem) - if !isFS { - t.Errorf("root mountable for %q is not an ordinary filesystem", arch) - } - } - -} - -func TestUpdateFilesystemSizes(t *testing.T) { - type testCase struct { - customizations []blueprint.FilesystemCustomization - minRootSize uint64 - expected []blueprint.FilesystemCustomization - } - - testCases := map[string]testCase{ - "simple": { - customizations: nil, - minRootSize: 999, - expected: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/", - MinSize: 999, - }, - }, - }, - "container-is-larger": { - customizations: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/", - MinSize: 10, - }, - }, - minRootSize: 999, - expected: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/", - MinSize: 999, - }, - }, - }, - "container-is-smaller": { - customizations: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/", - MinSize: 1000, - }, - }, - minRootSize: 892, - expected: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/", - MinSize: 1000, - }, - }, - }, - "customizations-noroot": { - customizations: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/var/data", - MinSize: 1_000_000, - }, - }, - minRootSize: 9000, - expected: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/var/data", - MinSize: 1_000_000, - }, - { - Mountpoint: "/", - MinSize: 9000, - }, - }, - }, - "customizations-withroot-smallcontainer": { - customizations: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/var/data", - MinSize: 1_000_000, - }, - { - Mountpoint: "/", - MinSize: 2_000_000, - }, - }, - minRootSize: 9000, - expected: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/var/data", - MinSize: 1_000_000, - }, - { - Mountpoint: "/", - MinSize: 2_000_000, - }, - }, - }, - "customizations-withroot-largecontainer": { - customizations: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/var/data", - MinSize: 1_000_000, - }, - { - Mountpoint: "/", - MinSize: 2_000_000, - }, - }, - minRootSize: 9_000_000, - expected: []blueprint.FilesystemCustomization{ - { - Mountpoint: "/var/data", - MinSize: 1_000_000, - }, - { - Mountpoint: "/", - MinSize: 9_000_000, - }, - }, - }, - } - - for name, tc := range testCases { - t.Run(name, func(t *testing.T) { - assert.ElementsMatch(t, bib.UpdateFilesystemSizes(tc.customizations, tc.minRootSize), tc.expected) - }) - } - -} - -func findMountableSizeableFor(pt *disk.PartitionTable, needle string) (disk.Mountable, disk.Sizeable) { - var foundMnt disk.Mountable - var foundParent disk.Sizeable - err := pt.ForEachMountable(func(mnt disk.Mountable, path []disk.Entity) error { - if mnt.GetMountpoint() == needle { - foundMnt = mnt - for idx := len(path) - 1; idx >= 0; idx-- { - if sz, ok := path[idx].(disk.Sizeable); ok { - foundParent = sz - break - } - } - } - return nil - }) - if err != nil { - panic(err) - } - return foundMnt, foundParent -} - -func TestGenPartitionTableSetsRootfsForAllFilesystemsXFS(t *testing.T) { - rng := bib.CreateRand() - - cnf := &bib.ManifestConfig{ - Architecture: arch.ARCH_X86_64, - RootFSType: "xfs", - } - cus := &blueprint.Customizations{ - Filesystem: []blueprint.FilesystemCustomization{ - {Mountpoint: "/var/data", MinSize: 2_000_000}, - {Mountpoint: "/var/stuff", MinSize: 10_000_000}, - }, - } - pt, err := bib.GenPartitionTable(cnf, cus, rng) - assert.NoError(t, err) - - for _, mntPoint := range []string{"/", "/boot", "/var/data"} { - mnt, _ := findMountableSizeableFor(pt, mntPoint) - assert.Equal(t, "xfs", mnt.GetFSType()) - } - _, parent := findMountableSizeableFor(pt, "/var/data") - assert.True(t, parent.GetSize() >= 2_000_000) - - _, parent = findMountableSizeableFor(pt, "/var/stuff") - assert.True(t, parent.GetSize() >= 10_000_000) - - // ESP is always vfat - mnt, _ := findMountableSizeableFor(pt, "/boot/efi") - assert.Equal(t, "vfat", mnt.GetFSType()) -} - -func TestGenPartitionTableSetsRootfsForAllFilesystemsBtrfs(t *testing.T) { - rng := bib.CreateRand() - - cnf := &bib.ManifestConfig{ - Architecture: arch.ARCH_X86_64, - RootFSType: "btrfs", - } - cus := &blueprint.Customizations{} - pt, err := bib.GenPartitionTable(cnf, cus, rng) - assert.NoError(t, err) - - mnt, _ := findMountableSizeableFor(pt, "/") - assert.Equal(t, "btrfs", mnt.GetFSType()) - - // btrfs has a default (ext4) /boot - mnt, _ = findMountableSizeableFor(pt, "/boot") - assert.Equal(t, "ext4", mnt.GetFSType()) - - // ESP is always vfat - mnt, _ = findMountableSizeableFor(pt, "/boot/efi") - assert.Equal(t, "vfat", mnt.GetFSType()) -} - -func TestGenPartitionTableDiskCustomizationRunsValidateLayoutConstraints(t *testing.T) { - rng := bib.CreateRand() - - cnf := &bib.ManifestConfig{ - Architecture: arch.ARCH_X86_64, - RootFSType: "xfs", - } - cus := &blueprint.Customizations{ - Disk: &blueprint.DiskCustomization{ - Partitions: []blueprint.PartitionCustomization{ - { - Type: "lvm", - VGCustomization: blueprint.VGCustomization{}, - }, - { - Type: "lvm", - VGCustomization: blueprint.VGCustomization{}, - }, - }, - }, - } - _, err := bib.GenPartitionTable(cnf, cus, rng) - assert.EqualError(t, err, "cannot use disk customization: multiple LVM volume groups are not yet supported") -} - -func TestGenPartitionTableDiskCustomizationUnknownTypesError(t *testing.T) { - cus := &blueprint.Customizations{ - Disk: &blueprint.DiskCustomization{ - Partitions: []blueprint.PartitionCustomization{ - { - Type: "rando", - }, - }, - }, - } - _, err := bib.CalcRequiredDirectorySizes(cus.Disk, 5*datasizes.GiB) - assert.EqualError(t, err, `unknown disk customization type "rando"`) -} - -func TestGenPartitionTableDiskCustomizationSizes(t *testing.T) { - rng := bib.CreateRand() - - for _, tc := range []struct { - name string - rootfsMinSize uint64 - partitions []blueprint.PartitionCustomization - expectedMinRootSize uint64 - }{ - { - "empty disk customizaton, root expands to rootfsMinsize", - 2 * datasizes.GiB, - nil, - 2 * datasizes.GiB, - }, - // plain - { - "plain, no root minsize, expands to rootfsMinSize", - 5 * datasizes.GiB, - []blueprint.PartitionCustomization{ - { - MinSize: 10 * datasizes.GiB, - FilesystemTypedCustomization: blueprint.FilesystemTypedCustomization{ - Mountpoint: "/var", - FSType: "xfs", - }, - }, - }, - 5 * datasizes.GiB, - }, - { - "plain, small root minsize, expands to rootfsMnSize", - 5 * datasizes.GiB, - []blueprint.PartitionCustomization{ - { - MinSize: 1 * datasizes.GiB, - FilesystemTypedCustomization: blueprint.FilesystemTypedCustomization{ - Mountpoint: "/", - FSType: "xfs", - }, - }, - }, - 5 * datasizes.GiB, - }, - { - "plain, big root minsize", - 5 * datasizes.GiB, - []blueprint.PartitionCustomization{ - { - MinSize: 10 * datasizes.GiB, - FilesystemTypedCustomization: blueprint.FilesystemTypedCustomization{ - Mountpoint: "/", - FSType: "xfs", - }, - }, - }, - 10 * datasizes.GiB, - }, - // btrfs - { - "btrfs, no root minsize, expands to rootfsMinSize", - 5 * datasizes.GiB, - []blueprint.PartitionCustomization{ - { - Type: "btrfs", - MinSize: 10 * datasizes.GiB, - BtrfsVolumeCustomization: blueprint.BtrfsVolumeCustomization{ - Subvolumes: []blueprint.BtrfsSubvolumeCustomization{ - { - Mountpoint: "/var", - Name: "varvol", - }, - }, - }, - }, - }, - 5 * datasizes.GiB, - }, - { - "btrfs, small root minsize, expands to rootfsMnSize", - 5 * datasizes.GiB, - []blueprint.PartitionCustomization{ - { - Type: "btrfs", - MinSize: 1 * datasizes.GiB, - BtrfsVolumeCustomization: blueprint.BtrfsVolumeCustomization{ - Subvolumes: []blueprint.BtrfsSubvolumeCustomization{ - { - Mountpoint: "/", - Name: "rootvol", - }, - }, - }, - }, - }, - 5 * datasizes.GiB, - }, - { - "btrfs, big root minsize", - 5 * datasizes.GiB, - []blueprint.PartitionCustomization{ - { - Type: "btrfs", - MinSize: 10 * datasizes.GiB, - BtrfsVolumeCustomization: blueprint.BtrfsVolumeCustomization{ - Subvolumes: []blueprint.BtrfsSubvolumeCustomization{ - { - Mountpoint: "/", - Name: "rootvol", - }, - }, - }, - }, - }, - 10 * datasizes.GiB, - }, - // lvm - { - "lvm, no root minsize, expands to rootfsMinSize", - 5 * datasizes.GiB, - []blueprint.PartitionCustomization{ - { - Type: "lvm", - MinSize: 10 * datasizes.GiB, - VGCustomization: blueprint.VGCustomization{ - LogicalVolumes: []blueprint.LVCustomization{ - { - MinSize: 10 * datasizes.GiB, - FilesystemTypedCustomization: blueprint.FilesystemTypedCustomization{ - Mountpoint: "/var", - FSType: "xfs", - }, - }, - }, - }, - }, - }, - 5 * datasizes.GiB, - }, - { - "lvm, small root minsize, expands to rootfsMnSize", - 5 * datasizes.GiB, - []blueprint.PartitionCustomization{ - { - Type: "lvm", - MinSize: 1 * datasizes.GiB, - VGCustomization: blueprint.VGCustomization{ - LogicalVolumes: []blueprint.LVCustomization{ - { - MinSize: 1 * datasizes.GiB, - FilesystemTypedCustomization: blueprint.FilesystemTypedCustomization{ - Mountpoint: "/", - FSType: "xfs", - }, - }, - }, - }, - }, - }, - 5 * datasizes.GiB, - }, - { - "lvm, big root minsize", - 5 * datasizes.GiB, - []blueprint.PartitionCustomization{ - { - Type: "lvm", - MinSize: 10 * datasizes.GiB, - VGCustomization: blueprint.VGCustomization{ - LogicalVolumes: []blueprint.LVCustomization{ - { - MinSize: 10 * datasizes.GiB, - FilesystemTypedCustomization: blueprint.FilesystemTypedCustomization{ - Mountpoint: "/", - FSType: "xfs", - }, - }, - }, - }, - }, - }, - 10 * datasizes.GiB, - }, - } { - t.Run(tc.name, func(t *testing.T) { - cnf := &bib.ManifestConfig{ - Architecture: arch.ARCH_X86_64, - RootFSType: "xfs", - RootfsMinsize: tc.rootfsMinSize, - } - cus := &blueprint.Customizations{ - Disk: &blueprint.DiskCustomization{ - Partitions: tc.partitions, - }, - } - pt, err := bib.GenPartitionTable(cnf, cus, rng) - assert.NoError(t, err) - - var rootSize uint64 - err = pt.ForEachMountable(func(mnt disk.Mountable, path []disk.Entity) error { - if mnt.GetMountpoint() == "/" { - for idx := len(path) - 1; idx >= 0; idx-- { - if parent, ok := path[idx].(disk.Sizeable); ok { - rootSize = parent.GetSize() - break - } - } - } - return nil - }) - assert.NoError(t, err) - // expected size is within a reasonable limit - assert.True(t, rootSize >= tc.expectedMinRootSize && rootSize < tc.expectedMinRootSize+5*datasizes.MiB) - }) - } -} - -func TestManifestFilecustomizationsSad(t *testing.T) { - config := getBaseConfig() - config.ImageTypes = []string{"qcow2"} - config.Config = &blueprint.Blueprint{ - Customizations: &blueprint.Customizations{ - Files: []blueprint.FileCustomization{ - { - Path: "/not/allowed", - Data: "some-data", - }, - }, - }, - } - - _, err := bib.Manifest(config) - assert.EqualError(t, err, `the following custom files are not allowed: ["/not/allowed"]`) -} - -func TestManifestDirCustomizationsSad(t *testing.T) { - config := getBaseConfig() - config.ImageTypes = []string{"qcow2"} - config.Config = &blueprint.Blueprint{ - Customizations: &blueprint.Customizations{ - Directories: []blueprint.DirectoryCustomization{ - { - Path: "/dir/not/allowed", - }, - }, - }, - } - - _, err := bib.Manifest(config) - assert.EqualError(t, err, `the following custom directories are not allowed: ["/dir/not/allowed"]`) -} diff --git a/bib/cmd/bootc-image-builder/main_test.go b/bib/cmd/bootc-image-builder/main_test.go index 21bbd940c..9ee0b9333 100644 --- a/bib/cmd/bootc-image-builder/main_test.go +++ b/bib/cmd/bootc-image-builder/main_test.go @@ -1,8 +1,6 @@ package main_test import ( - "encoding/json" - "errors" "fmt" "os" "strings" @@ -14,16 +12,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/osbuild/blueprint/pkg/blueprint" - "github.com/osbuild/images/pkg/arch" - "github.com/osbuild/images/pkg/bib/osinfo" - "github.com/osbuild/images/pkg/container" - "github.com/osbuild/images/pkg/dnfjson" - "github.com/osbuild/images/pkg/manifest" - "github.com/osbuild/images/pkg/rpmmd" - main "github.com/osbuild/bootc-image-builder/bib/cmd/bootc-image-builder" - "github.com/osbuild/bootc-image-builder/bib/internal/imagetypes" ) func TestCanChownInPathHappy(t *testing.T) { @@ -60,467 +49,6 @@ func TestCanChownInPathCannotChange(t *testing.T) { assert.Equal(t, canChown, false) } -type manifestTestCase struct { - config *main.ManifestConfig - imageTypes imagetypes.ImageTypes - depsolved map[string]dnfjson.DepsolveResult - containers map[string][]container.Spec - expStages map[string][]string - notExpectedStages map[string][]string - err interface{} -} - -func getBaseConfig() *main.ManifestConfig { - return &main.ManifestConfig{ - Architecture: arch.ARCH_X86_64, - Imgref: "testempty", - SourceInfo: &osinfo.Info{ - OSRelease: osinfo.OSRelease{ - ID: "fedora", - VersionID: "40", - Name: "Fedora Linux", - PlatformID: "platform:f40", - }, - UEFIVendor: "fedora", - }, - - // We need the real path here, because we are creating real manifests - DistroDefPaths: []string{"../../data/defs"}, - - // RootFSType is required to create a Manifest - RootFSType: "ext4", - } -} - -func getUserConfig() *main.ManifestConfig { - // add a user - pass := "super-secret-password-42" - key := "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - return &main.ManifestConfig{ - Architecture: arch.ARCH_X86_64, - Imgref: "testuser", - Config: &blueprint.Blueprint{ - Customizations: &blueprint.Customizations{ - User: []blueprint.UserCustomization{ - { - Name: "tester", - Password: &pass, - Key: &key, - }, - }, - }, - }, - SourceInfo: &osinfo.Info{ - OSRelease: osinfo.OSRelease{ - ID: "fedora", - VersionID: "40", - Name: "Fedora Linux", - PlatformID: "platform:f40", - }, - UEFIVendor: "fedora", - }, - - // We need the real path here, because we are creating real manifests - DistroDefPaths: []string{"../../data/defs"}, - - // RootFSType is required to create a Manifest - RootFSType: "ext4", - } -} - -func TestManifestGenerationEmptyConfig(t *testing.T) { - baseConfig := getBaseConfig() - testCases := map[string]manifestTestCase{ - "ami-base": { - config: baseConfig, - imageTypes: []string{"ami"}, - }, - "raw-base": { - config: baseConfig, - imageTypes: []string{"raw"}, - }, - "qcow2-base": { - config: baseConfig, - imageTypes: []string{"qcow2"}, - }, - "iso-base": { - config: baseConfig, - imageTypes: []string{"iso"}, - }, - "empty-config": { - config: &main.ManifestConfig{}, - imageTypes: []string{"qcow2"}, - err: errors.New("pipeline: no base image defined"), - }, - } - - for name, tc := range testCases { - t.Run(name, func(t *testing.T) { - config := main.ManifestConfig(*tc.config) - config.ImageTypes = tc.imageTypes - _, err := main.Manifest(&config) - assert.Equal(t, err, tc.err) - }) - } -} - -func TestManifestGenerationUserConfig(t *testing.T) { - userConfig := getUserConfig() - testCases := map[string]manifestTestCase{ - "ami-user": { - config: userConfig, - imageTypes: []string{"ami"}, - }, - "raw-user": { - config: userConfig, - imageTypes: []string{"raw"}, - }, - "qcow2-user": { - config: userConfig, - imageTypes: []string{"qcow2"}, - }, - "iso-user": { - config: userConfig, - imageTypes: []string{"iso"}, - }, - } - - for name, tc := range testCases { - t.Run(name, func(t *testing.T) { - config := main.ManifestConfig(*tc.config) - config.ImageTypes = tc.imageTypes - _, err := main.Manifest(&config) - assert.NoError(t, err) - }) - } -} - -// Disk images require a container for the build/image pipelines -var containerSpec = container.Spec{ - Source: "test-container", - Digest: "sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd", - ImageID: "sha256:1111111111111111111111111111111111111111111111111111111111111111", -} - -// diskContainers can be passed to Serialize() to get a minimal disk image -var diskContainers = map[string][]container.Spec{ - "build": { - containerSpec, - }, - "image": { - containerSpec, - }, - "target": { - containerSpec, - }, -} - -// TODO: this tests at this layer is not ideal, it has too much knowledge -// over the implementation details of the "images" library and how an -// image.NewBootcDiskImage() works (i.e. what the pipeline names are and -// what key piplines to expect). These details should be tested in "images" -// and here we would just check (somehow) that image.NewBootcDiskImage() -// (or image.NewAnacondaContainerInstaller()) is called and the right -// customizations are passed. The existing layout makes this hard so this -// is fine for now but would be nice to revisit this. -func TestManifestSerialization(t *testing.T) { - // Tests that the manifest is generated without error and is serialized - // with expected key stages. - - // ISOs require a container for the bootiso-tree, build packages, and packages for the anaconda-tree (with a kernel). - var isoContainers = map[string][]container.Spec{ - "bootiso-tree": { - containerSpec, - }, - } - isoPackages := map[string]dnfjson.DepsolveResult{ - "build": { - Packages: []rpmmd.PackageSpec{ - { - Name: "package", - Version: "113", - Checksum: "sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", - }, - }, - }, - "anaconda-tree": { - Packages: []rpmmd.PackageSpec{ - { - Name: "kernel", - Version: "10.11", - Checksum: "sha256:cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc", - }, - { - Name: "package", - Version: "113", - Checksum: "sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", - }, - }, - }, - } - - pkgsNoBuild := map[string]dnfjson.DepsolveResult{ - "anaconda-tree": { - Packages: []rpmmd.PackageSpec{ - - { - Name: "kernel", - Version: "10.11", - Checksum: "sha256:cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc", - }, - { - Name: "package", - Version: "113", - Checksum: "sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", - }, - }, - }, - } - - baseConfig := getBaseConfig() - userConfig := getUserConfig() - testCases := map[string]manifestTestCase{ - "ami-base": { - config: baseConfig, - imageTypes: []string{"ami"}, - containers: diskContainers, - expStages: map[string][]string{ - "build": {"org.osbuild.container-deploy"}, - "image": { - "org.osbuild.bootc.install-to-filesystem", - }, - }, - notExpectedStages: map[string][]string{ - "build": {"org.osbuild.rpm"}, - "image": { - "org.osbuild.users", - }, - }, - }, - "raw-base": { - config: baseConfig, - imageTypes: []string{"raw"}, - containers: diskContainers, - expStages: map[string][]string{ - "build": {"org.osbuild.container-deploy"}, - "image": { - "org.osbuild.bootc.install-to-filesystem", - }, - }, - notExpectedStages: map[string][]string{ - "build": {"org.osbuild.rpm"}, - "image": { - "org.osbuild.users", - }, - }, - }, - "qcow2-base": { - config: baseConfig, - imageTypes: []string{"qcow2"}, - containers: diskContainers, - expStages: map[string][]string{ - "build": {"org.osbuild.container-deploy"}, - "image": { - "org.osbuild.bootc.install-to-filesystem", - }, - }, - notExpectedStages: map[string][]string{ - "build": {"org.osbuild.rpm"}, - "image": { - "org.osbuild.users", - }, - }, - }, - "ami-user": { - config: userConfig, - imageTypes: []string{"ami"}, - containers: diskContainers, - expStages: map[string][]string{ - "build": {"org.osbuild.container-deploy"}, - "image": { - "org.osbuild.users", - "org.osbuild.bootc.install-to-filesystem", - }, - }, - notExpectedStages: map[string][]string{ - "build": {"org.osbuild.rpm"}, - }, - }, - "raw-user": { - config: userConfig, - imageTypes: []string{"raw"}, - containers: diskContainers, - expStages: map[string][]string{ - "build": {"org.osbuild.container-deploy"}, - "image": { - "org.osbuild.users", // user creation stage when we add users - "org.osbuild.bootc.install-to-filesystem", - }, - }, - notExpectedStages: map[string][]string{ - "build": {"org.osbuild.rpm"}, - }, - }, - "qcow2-user": { - config: userConfig, - imageTypes: []string{"qcow2"}, - containers: diskContainers, - expStages: map[string][]string{ - "build": {"org.osbuild.container-deploy"}, - "image": { - "org.osbuild.users", // user creation stage when we add users - "org.osbuild.bootc.install-to-filesystem", - }, - }, - notExpectedStages: map[string][]string{ - "build": {"org.osbuild.rpm"}, - }, - }, - "iso-user": { - config: userConfig, - imageTypes: []string{"iso"}, - containers: isoContainers, - depsolved: isoPackages, - expStages: map[string][]string{ - "build": {"org.osbuild.rpm"}, - "bootiso-tree": {"org.osbuild.skopeo"}, // adds the container to the ISO tree - }, - }, - "iso-nobuildpkg": { - config: userConfig, - imageTypes: []string{"iso"}, - containers: isoContainers, - depsolved: pkgsNoBuild, - err: "serialization not started", - }, - "iso-nocontainer": { - config: userConfig, - imageTypes: []string{"iso"}, - depsolved: isoPackages, - err: "missing ostree, container, or ospipeline parameters in ISO tree pipeline", - }, - "ami-nocontainer": { - config: userConfig, - imageTypes: []string{"ami"}, - // errors come from BuildrootFromContainer() - // TODO: think about better error and testing here (not the ideal layer or err msg) - err: "serialization not started", - }, - "raw-nocontainer": { - config: userConfig, - imageTypes: []string{"raw"}, - // errors come from BuildrootFromContainer() - // TODO: think about better error and testing here (not the ideal layer or err msg) - err: "serialization not started", - }, - "qcow2-nocontainer": { - config: userConfig, - imageTypes: []string{"qcow2"}, - // errors come from BuildrootFromContainer() - // TODO: think about better error and testing here (not the ideal layer or err msg) - err: "serialization not started", - }, - } - - // Use an empty config: only the imgref is required - for name, tc := range testCases { - t.Run(name, func(t *testing.T) { - assert := assert.New(t) - config := main.ManifestConfig(*tc.config) - config.ImageTypes = tc.imageTypes - mf, err := main.Manifest(&config) - assert.NoError(err) // this isn't the error we're testing for - - if tc.err != nil { - assert.PanicsWithValue(tc.err, func() { - _, err := mf.Serialize(tc.depsolved, tc.containers, nil, nil) - assert.NoError(err) - }) - } else { - manifestJson, err := mf.Serialize(tc.depsolved, tc.containers, nil, nil) - assert.NoError(err) - assert.NoError(checkStages(manifestJson, tc.expStages, tc.notExpectedStages)) - } - }) - } - - { - // this one panics with a typed error and needs to be tested separately from the above (PanicsWithError()) - t.Run("iso-nopkgs", func(t *testing.T) { - assert := assert.New(t) - config := main.ManifestConfig(*userConfig) - config.ImageTypes, _ = imagetypes.New("iso") - manifest, err := main.Manifest(&config) - assert.NoError(err) // this isn't the error we're testing for - - expError := "package \"kernel\" not found in the PackageSpec list" - assert.PanicsWithError(expError, func() { - _, err := manifest.Serialize(nil, isoContainers, nil, nil) - assert.NoError(err) - }) - }) - } -} - -// simplified representation of a manifest -type testManifest struct { - Pipelines []pipeline `json:"pipelines"` -} -type pipeline struct { - Name string `json:"name"` - Stages []stage `json:"stages"` -} -type stage struct { - Type string `json:"type"` -} - -func checkStages(serialized manifest.OSBuildManifest, pipelineStages map[string][]string, missingStages map[string][]string) error { - mf := &testManifest{} - if err := json.Unmarshal(serialized, mf); err != nil { - return err - } - pipelineMap := map[string]pipeline{} - for _, pl := range mf.Pipelines { - pipelineMap[pl.Name] = pl - } - - for plname, stages := range pipelineStages { - pl, found := pipelineMap[plname] - if !found { - return fmt.Errorf("pipeline %q not found", plname) - } - - stageMap := map[string]bool{} - for _, stage := range pl.Stages { - stageMap[stage.Type] = true - } - for _, stage := range stages { - if _, found := stageMap[stage]; !found { - return fmt.Errorf("pipeline %q - stage %q - not found", plname, stage) - } - } - } - - for plname, stages := range missingStages { - pl, found := pipelineMap[plname] - if !found { - return fmt.Errorf("pipeline %q not found", plname) - } - - stageMap := map[string]bool{} - for _, stage := range pl.Stages { - stageMap[stage.Type] = true - } - for _, stage := range stages { - if _, found := stageMap[stage]; found { - return fmt.Errorf("pipeline %q - stage %q - found (but should not be)", plname, stage) - } - } - } - - return nil -} - func mockOsArgs(new []string) (restore func()) { saved := os.Args os.Args = append([]string{"argv0"}, new...) From 1d8b225a14285df86662626fa5952265d2dc4c08 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 5 Sep 2025 09:51:17 +0200 Subject: [PATCH 139/254] bib: update to images v0.186.0 --- bib/go.mod | 4 ++-- bib/go.sum | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index fdeab189b..681ddc3be 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -8,8 +8,8 @@ require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.13.0 - github.com/osbuild/image-builder-cli v0.0.0-20250904233321-481a120c0bee - github.com/osbuild/images v0.183.0 + github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 + github.com/osbuild/images v0.186.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 diff --git a/bib/go.sum b/bib/go.sum index 97f5b4687..e30ce767e 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -243,10 +243,10 @@ github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplU github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32WyuymA= github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= -github.com/osbuild/image-builder-cli v0.0.0-20250904233321-481a120c0bee h1:aftsPyzos7hDky0bbzoHcSg4HGTRDmeWTw0zS3ou3HM= -github.com/osbuild/image-builder-cli v0.0.0-20250904233321-481a120c0bee/go.mod h1:Jep5i3xM9yY6S6BoYM+moMsh8viN4v8C2EqP7k6F/8k= -github.com/osbuild/images v0.183.0 h1:OGdtSKvZ8NL7ZnTp0Ud/BF8VhgfBtr50SedTn7Yp+Io= -github.com/osbuild/images v0.183.0/go.mod h1:qbGjthiOmiZr1xCJEYMHv5oPNXXcxkJyvj7dky4/ibw= +github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= +github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= +github.com/osbuild/images v0.186.0 h1:7dG7hwprbvHiOfvE3LYLzN3GUETsImNaPoVjRssi0O0= +github.com/osbuild/images v0.186.0/go.mod h1:mRp0NKABLeJxFFuUKzWKw+qL5JktftMtn0hALDyxqHM= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -254,8 +254,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/proglottis/gpgme v0.1.4 h1:3nE7YNA70o2aLjcg63tXMOhPD7bplfE5CBdV+hLAm2M= github.com/proglottis/gpgme v0.1.4/go.mod h1:5LoXMgpE4bttgwwdv9bLs/vwqv3qV7F4glEEZ7mRKrM= -github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc= -github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE= +github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= +github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= From 9294d1202002d374cce276528d0fac0a96734ae1 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 5 Sep 2025 10:32:20 +0200 Subject: [PATCH 140/254] test: update test for new `/usr/lib/bootc-image-builder/disk.yaml` We decided to move away from the blueprint way to specify the partition tables for a bootc container and use the more descriptive `disk.yaml`. Adjust the test to check the same functionality (aboot.img writing) using the new mechanism. Thanks to Alex for the example disk.yaml. --- test/test_manifest.py | 89 +++++++++++++++++++++++++------------------ 1 file changed, 52 insertions(+), 37 deletions(-) diff --git a/test/test_manifest.py b/test/test_manifest.py index c628c6783..5cd578aeb 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -953,45 +953,61 @@ def test_manifest_image_customize_disk(tmp_path, build_container): assert sfdisk_options["partitions"][2]["size"] == 3 * 1024 * 1024 * 1024 / 512 -def test_manifest_image_aboot(tmp_path, build_container): +def test_manifest_image_disk_yaml(tmp_path, build_container): # no need to parameterize this test, overrides behaves same for all containers container_ref = "quay.io/centos-bootc/centos-bootc:stream9" testutil.pull_container(container_ref) - cfg = { - "blueprint": { - "customizations": { - "disk": { - "partitions": [ - { - "part_label": "ukiboot_a", - "part_uuid": "DF331E4D-BE00-463F-B4A7-8B43E18FB53A", - "fs_type": "none", - "minsize": "1 GiB", - }, - { - "part_label": "ukiboot_b", - "part_uuid": "DF331E4D-BE00-463F-B4A7-8B43E18FB53A", - "fs_type": "none", - "minsize": "1 GiB", - }, - { - "part_label": "ukibootctl", - "part_uuid": "FEFD9070-346F-4C9A-85E6-17F07F922773", - "fs_type": "none", - "minsize": "1 GiB", - }, - ], - }, - }, - }, - } + disk_yaml = textwrap.dedent("""--- + #enabled once https://github.com/osbuild/images/pull/1834 is in + #mount_configuration: none + partition_table: + size: '8589934592' + partitions: + - bootable: true + size: 1 MiB + type: 21686148-6449-6E6F-744E-656564454649 + uuid: fac7f1fb-3e8d-4137-a512-961de09a5549 + - bootable: false + label: efi + payload: + label: ESP + mountpoint: /boot/efi + type: vfat + payload_type: filesystem + size: '104857600' + type: c12a7328-f81f-11d2-ba4b-00a0c93ec93b + uuid: 68b2905b-df3e-4fb3-80fa-49d1e773aa33 + - label: ukiboot_a + size: '134217728' + type: df331e4d-be00-463f-b4a7-8b43e18fb53a + uuid: CD3B4BE3-0139-4A63-8060-658554C7273B + payload_type: raw + payload: + source_path: /usr/lib/modules/5.0-x86_64/aboot.img + - label: ukiboot_b + size: '134217728' + type: df331e4d-be00-463f-b4a7-8b43e18fb53a + uuid: E4D4DA50-7050-41AE-A5F9-DEF12B94DFB5 + - label: ukibootctl + size: '1048576' + type: fefd9070-346f-4c9a-85e6-17f07f922773 + uuid: 5A6F3ADE-EEB0-11EF-A838-E89C256C3906 + - label: root + payload: + label: root + mountpoint: / + type: ext4 + payload_type: filesystem + type: b921b045-1df0-41c3-af44-4c6f280d3fae + uuid: 6264d520-3fb9-423f-8ab8-7a0a8e3d3562 + """) - config_json_path = tmp_path / "config.json" - config_json_path.write_text(json.dumps(cfg), encoding="utf-8") + disk_yaml_path = tmp_path / "disk.yaml" + disk_yaml_path.write_text(disk_yaml, encoding="utf-8") - testdata_path = tmp_path / "testdata" - testdata_path.write_text("some test data", encoding="utf-8") + testdata_path = tmp_path / "fake-aboot.img" + testdata_path.write_text("fake aboot.img content", encoding="utf-8") # Create derived container with the custom partitioning with an aboot # partition and a kernel module dir with an aboot.img file @@ -999,11 +1015,10 @@ def test_manifest_image_aboot(tmp_path, build_container): cntf_path.write_text(textwrap.dedent(f"""\n FROM {container_ref} RUN mkdir -p -m 0755 /usr/lib/bootc-image-builder - COPY config.json /usr/lib/bootc-image-builder/ - RUN rm -rf /usr/lib/modules/* + COPY disk.yaml /usr/lib/bootc-image-builder/ + # add a preditable aboot.img for the write-device tes RUN mkdir -p -m 0755 /usr/lib/modules/5.0-x86_64/ - COPY testdata /usr/lib/modules/5.0-x86_64/vmlinuz - COPY testdata /usr/lib/modules/5.0-x86_64/aboot.img + COPY fake-aboot.img /usr/lib/modules/5.0-x86_64/aboot.img """), encoding="utf8") print(f"building filesystem customize container from {container_ref}") From 29771e50f521078d3458a58db6d21661f858966a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 5 Sep 2025 11:02:07 +0200 Subject: [PATCH 141/254] test: remove roots home customizations for ISOs The root user cannot be customized much with anaconda and with https://github.com/osbuild/images/pull/1806 we got stricter about it. Unfortunately our own test manifest sets the root home for ISOs (because we need it for disks and use the same blueprint) and it panic()s now. Fix this by removing the problematic option for ISOs from the blueprint. --- test/test_build_disk.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/test_build_disk.py b/test/test_build_disk.py index eaf2138cf..497c592fb 100644 --- a/test/test_build_disk.py +++ b/test/test_build_disk.py @@ -379,6 +379,11 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ } testutil.maybe_create_filesystem_customizations(cfg, tc) testutil.maybe_create_disk_customizations(cfg, tc) + # if we build an iso we cannot have the "home" customization for + # user root or images will panic(), c.f. + # https://github.com/osbuild/images/pull/1806 + if not image_types[0] in DISK_IMAGE_TYPES: + del cfg["customizations"]["user"][0]["home"] config_json_path = output_path / "config.json" config_json_path.write_text(json.dumps(cfg), encoding="utf-8") @@ -416,6 +421,7 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ if image_types[0] in DISK_IMAGE_TYPES: types_arg = [f"--type={it}" for it in DISK_IMAGE_TYPES] else: + # building an iso types_arg = [f"--type={image_types[0]}"] # run container to deploy an image into a bootable disk and upload to a cloud service if applicable From 206dba5d625e622fe3e04cdce97d4a15350474ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 15:53:03 +0000 Subject: [PATCH 142/254] build(deps): bump the go-deps group across 1 directory with 3 updates Bumps the go-deps group with 2 updates in the /bib directory: [github.com/osbuild/images](https://github.com/osbuild/images) and [github.com/spf13/cobra](https://github.com/spf13/cobra). Updates `github.com/osbuild/images` from 0.183.0 to 0.186.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.183.0...v0.186.0) Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.9.1...v1.10.1) Updates `github.com/spf13/pflag` from 1.0.7 to 1.0.9 - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](https://github.com/spf13/pflag/compare/v1.0.7...v1.0.9) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.186.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/spf13/cobra dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/spf13/pflag dependency-version: 1.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 6 +++--- bib/go.sum | 13 ++++++------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 681ddc3be..1d24918af 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,10 +9,10 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.13.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.186.0 + github.com/osbuild/images v0.189.0 github.com/sirupsen/logrus v1.9.3 - github.com/spf13/cobra v1.9.1 - github.com/spf13/pflag v1.0.7 + github.com/spf13/cobra v1.10.1 + github.com/spf13/pflag v1.0.9 github.com/stretchr/testify v1.11.1 golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 gopkg.in/yaml.v3 v3.0.1 diff --git a/bib/go.sum b/bib/go.sum index e30ce767e..d7d3769b5 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,8 +245,8 @@ github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32Wyu github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.186.0 h1:7dG7hwprbvHiOfvE3LYLzN3GUETsImNaPoVjRssi0O0= -github.com/osbuild/images v0.186.0/go.mod h1:mRp0NKABLeJxFFuUKzWKw+qL5JktftMtn0hALDyxqHM= +github.com/osbuild/images v0.189.0 h1:fG9J9bxhdzkKkZ2EpW/LzT0YQBXY/kKiT99UpEzZhCo= +github.com/osbuild/images v0.189.0/go.mod h1:KPiYBF0VrOXz5NAw6Lv4X170uN8wnOHpWuBzKT4jPrU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -287,11 +287,10 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU= github.com/smallstep/pkcs7 v0.1.1/go.mod h1:dL6j5AIz9GHjVEBTXtW+QliALcgM19RtXaTeyxI+AfA= -github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= -github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= -github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M= -github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= +github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= +github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY= +github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= From b0d6c74457b469ad5d1dbf60c1f08dcbf122fcde Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Sep 2025 04:12:42 +0000 Subject: [PATCH 143/254] build(deps): bump github.com/spf13/pflag in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/spf13/pflag](https://github.com/spf13/pflag). Updates `github.com/spf13/pflag` from 1.0.9 to 1.0.10 - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10) --- updated-dependencies: - dependency-name: github.com/spf13/pflag dependency-version: 1.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 1d24918af..e17a46535 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -12,7 +12,7 @@ require ( github.com/osbuild/images v0.189.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 - github.com/spf13/pflag v1.0.9 + github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 gopkg.in/yaml.v3 v3.0.1 diff --git a/bib/go.sum b/bib/go.sum index d7d3769b5..ac6a91671 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -289,8 +289,9 @@ github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU github.com/smallstep/pkcs7 v0.1.1/go.mod h1:dL6j5AIz9GHjVEBTXtW+QliALcgM19RtXaTeyxI+AfA= github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= -github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY= github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= +github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= From deb1d350390c41a159ae9bf4a8489b6617c2bff8 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 19 Sep 2025 11:08:11 +0200 Subject: [PATCH 144/254] test: disable cross arch test for now This commit drops the cross arch test for now. It keeps failing in the GH action with: ``` ERROR paramiko.transport:transport.py:1904 Exception (client): Error reading SSH protocol banner ERROR paramiko.transport:transport.py:1902 Traceback (most recent call last): ERROR paramiko.transport:transport.py:1902 File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2320, in _check_banner ERROR paramiko.transport:transport.py:1902 buf = self.packetizer.readline(timeout) ERROR paramiko.transport:transport.py:1902 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ERROR paramiko.transport:transport.py:1902 File "/usr/lib/python3/dist-packages/paramiko/packet.py", line 387, in readline ERROR paramiko.transport:transport.py:1902 buf += self._read_timeout(timeout) ERROR paramiko.transport:transport.py:1902 ^^^^^^^^^^^^^^^^^^^^^^^^^^^ ERROR paramiko.transport:transport.py:1902 File "/usr/lib/python3/dist-packages/paramiko/packet.py", line 624, in _read_timeout ERROR paramiko.transport:transport.py:1902 raise EOFError() ERROR paramiko.transport:transport.py:1902 EOFError ERROR paramiko.transport:transport.py:1902 ERROR paramiko.transport:transport.py:1902 During handling of the above exception, another exception occurred: ERROR paramiko.transport:transport.py:1902 ERROR paramiko.transport:transport.py:1902 Traceback (most recent call last): ERROR paramiko.transport:transport.py:1902 File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2138, in run ERROR paramiko.transport:transport.py:1902 self._check_banner() ERROR paramiko.transport:transport.py:1902 File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2324, in _check_banner ERROR paramiko.transport:transport.py:1902 raise SSHException( ERROR paramiko.transport:transport.py:1902 paramiko.ssh_exception.SSHException: Error reading SSH protocol banner ERROR paramiko.transport:transport.py:1902 ``` and its unclear what is going on. As the cross arch is best effort and this failure is blocking our releases we drop it for now. --- test/testcases.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/testcases.py b/test/testcases.py index e48755e34..f565e1dce 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -104,8 +104,11 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements if what == "qemu-cross": test_cases = [] if platform.machine() == "x86_64": - test_cases.append( - TestCaseC9S(image="raw", target_arch="arm64")) + # 2025-09-19: disabled because CI hangs, see + # https://github.com/osbuild/bootc-image-builder/actions/runs/17821609665 + # test_cases.append( + # TestCaseC9S(image="raw", target_arch="arm64")) + pass elif platform.machine() == "arm64": # TODO: add arm64->x86_64 cross build test too pass From 3efa47fb1629cfc4ea62822ad6b7793ed04eafa9 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 16 Sep 2025 14:53:42 +0200 Subject: [PATCH 145/254] test: run df with --all When df runs it will hide duplicated mountpoints. This can mean that /sysroot is not available in the df output because the underlying disk is also mounted in multiple places. So pass `df --all` to ensure all mountpoints are available for the test to inspect. --- test/test_build_disk.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/test_build_disk.py b/test/test_build_disk.py index 497c592fb..5d3a67107 100644 --- a/test/test_build_disk.py +++ b/test/test_build_disk.py @@ -685,13 +685,16 @@ def assert_fs_customizations(image_type, test_vm): """ # check the minsize specified in the build configuration for each mountpoint against the sizes in the image # TODO: replace 'df' call with 'parted --json' and find the partition size for each mountpoint - exit_status, output = test_vm.run("df --output=target,size", user="root", + exit_status, output = test_vm.run("df --all --output=target,size", user="root", keyfile=image_type.ssh_keyfile_private_path) assert exit_status == 0 # parse the output of 'df' to a mountpoint -> size dict for convenience mountpoint_sizes = {} for line in output.splitlines()[1:]: fields = line.split() + # some filesystems to not report a size with --all + if fields[1] == "-": + continue # Note that df output is in 1k blocks, not bytes mountpoint_sizes[fields[0]] = int(fields[1]) * 2 ** 10 # in bytes From 36c6042be3730dca6c10273264aef224158eb547 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Tue, 16 Sep 2025 09:39:17 +0200 Subject: [PATCH 146/254] deps: images 0.191.0 Bump the images dependency to 0.191.0 and handle the rename of `dnfjson` to `depsolvednf`. Signed-off-by: Simon de Vlieger --- bib/cmd/bootc-image-builder/main.go | 6 +++--- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 2e2993005..357b7dce8 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -27,7 +27,7 @@ import ( "github.com/osbuild/images/pkg/cloud/awscloud" "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/distro/bootc" - "github.com/osbuild/images/pkg/dnfjson" + "github.com/osbuild/images/pkg/depsolvednf" "github.com/osbuild/images/pkg/experimentalflags" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/manifestgen" @@ -93,7 +93,7 @@ func inContainerOrUnknown() bool { return err == nil } -func makeManifest(c *ManifestConfig, solver *dnfjson.Solver, cacheRoot string) (manifest.OSBuildManifest, map[string][]rpmmd.RepoConfig, error) { +func makeManifest(c *ManifestConfig, solver *depsolvednf.Solver, cacheRoot string) (manifest.OSBuildManifest, map[string][]rpmmd.RepoConfig, error) { rng := createRand() mani, err := manifestForISO(c, rng) if err != nil { @@ -101,7 +101,7 @@ func makeManifest(c *ManifestConfig, solver *dnfjson.Solver, cacheRoot string) ( } // depsolve packages - depsolvedSets := make(map[string]dnfjson.DepsolveResult) + depsolvedSets := make(map[string]depsolvednf.DepsolveResult) depsolvedRepos := make(map[string][]rpmmd.RepoConfig) for name, pkgSet := range mani.GetPackageSetChains() { res, err := solver.Depsolve(pkgSet, 0) diff --git a/bib/go.mod b/bib/go.mod index e17a46535..6be4b03ac 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.13.0 github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.189.0 + github.com/osbuild/images v0.191.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index ac6a91671..f321eff31 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,8 +245,8 @@ github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32Wyu github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.189.0 h1:fG9J9bxhdzkKkZ2EpW/LzT0YQBXY/kKiT99UpEzZhCo= -github.com/osbuild/images v0.189.0/go.mod h1:KPiYBF0VrOXz5NAw6Lv4X170uN8wnOHpWuBzKT4jPrU= +github.com/osbuild/images v0.191.0 h1:nhTIAf0JJTEf1gIUsU1II0BVIYBj537BvDpBBXCLYig= +github.com/osbuild/images v0.191.0/go.mod h1:KPiYBF0VrOXz5NAw6Lv4X170uN8wnOHpWuBzKT4jPrU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From f82aff983ca76214982c114416751ce9e5d97153 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 16 Sep 2025 10:51:44 +0200 Subject: [PATCH 147/254] test: tweak error message for new images error --- test/test_manifest.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/test_manifest.py b/test/test_manifest.py index 5cd578aeb..7af333b9c 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -153,8 +153,7 @@ def test_manifest_cross_arch_check(tmp_path, build_container): "manifest", "--target-arch=aarch64", f"localhost/{container_tag}" ], check=True, capture_output=True, encoding="utf8") - assert 'cannot generate manifest: requested container architecture '\ - 'does not match resolved container: "x86_64" !=' in exc.value.stderr + assert 'cannot generate manifest: invalid arch: aarch64' in exc.value.stderr def find_rootfs_type_from(manifest_str): From 7cbd50d95b6bc85cdce463288c24d6eaffa38d48 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 29 Sep 2025 15:15:17 +0200 Subject: [PATCH 148/254] bib: move helpers into util.go Tiny cleanup/refactor to move some code out of {main,images}.go so that those places are less cluttered. --- bib/cmd/bootc-image-builder/image.go | 14 ----- bib/cmd/bootc-image-builder/main.go | 54 +------------------- bib/cmd/bootc-image-builder/util.go | 76 ++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+), 67 deletions(-) create mode 100644 bib/cmd/bootc-image-builder/util.go diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 78d3b9d7e..42cceec35 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -1,10 +1,7 @@ package main import ( - cryptorand "crypto/rand" "fmt" - "math" - "math/big" "math/rand" "slices" "strconv" @@ -256,14 +253,3 @@ func getDistroAndRunner(osRelease osinfo.OSRelease) (manifest.Distro, runner.Run logrus.Warnf("Unknown distro %s, using default runner", osRelease.ID) return manifest.DISTRO_NULL, &runner.Linux{}, nil } - -func createRand() *rand.Rand { - seed, err := cryptorand.Int(cryptorand.Reader, big.NewInt(math.MaxInt64)) - if err != nil { - panic("Cannot generate an RNG seed.") - } - - // math/rand is good enough in this case - /* #nosec G404 */ - return rand.New(rand.NewSource(seed.Int64())) -} diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 357b7dce8..d64d6afa4 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -26,8 +26,8 @@ import ( "github.com/osbuild/images/pkg/cloud" "github.com/osbuild/images/pkg/cloud/awscloud" "github.com/osbuild/images/pkg/container" - "github.com/osbuild/images/pkg/distro/bootc" "github.com/osbuild/images/pkg/depsolvednf" + "github.com/osbuild/images/pkg/distro/bootc" "github.com/osbuild/images/pkg/experimentalflags" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/manifestgen" @@ -60,29 +60,6 @@ var ( osStderr = os.Stderr ) -// canChownInPath checks if the ownership of files can be set in a given path. -func canChownInPath(path string) (bool, error) { - info, err := os.Stat(path) - if err != nil { - return false, err - } - if !info.IsDir() { - return false, fmt.Errorf("%s is not a directory", path) - } - - checkFile, err := os.CreateTemp(path, ".writecheck") - if err != nil { - return false, err - } - defer func() { - if err := os.Remove(checkFile.Name()); err != nil { - // print the error message for info but don't error out - fmt.Fprintf(os.Stderr, "error deleting %s: %s\n", checkFile.Name(), err.Error()) - } - }() - return checkFile.Chown(osGetuid(), osGetgid()) == nil, nil -} - func inContainerOrUnknown() bool { // no systemd-detect-virt, err on the side of container if _, err := exec.LookPath("systemd-detect-virt"); err != nil { @@ -562,35 +539,6 @@ func cmdBuild(cmd *cobra.Command, args []string) error { return nil } -func chownR(path string, chown string) error { - if chown == "" { - return nil - } - errFmt := "cannot parse chown: %v" - - var gid int - uidS, gidS, _ := strings.Cut(chown, ":") - uid, err := strconv.Atoi(uidS) - if err != nil { - return fmt.Errorf(errFmt, err) - } - if gidS != "" { - gid, err = strconv.Atoi(gidS) - if err != nil { - return fmt.Errorf(errFmt, err) - } - } else { - gid = osGetgid() - } - - return filepath.Walk(path, func(name string, info os.FileInfo, err error) error { - if err == nil { - err = os.Chown(name, uid, gid) - } - return err - }) -} - var rootLogLevel string func rootPreRunE(cmd *cobra.Command, _ []string) error { diff --git a/bib/cmd/bootc-image-builder/util.go b/bib/cmd/bootc-image-builder/util.go new file mode 100644 index 000000000..d6b2bd989 --- /dev/null +++ b/bib/cmd/bootc-image-builder/util.go @@ -0,0 +1,76 @@ +package main + +import ( + cryptorand "crypto/rand" + "fmt" + "math" + "math/big" + "math/rand" + "os" + "path/filepath" + "strconv" + "strings" +) + +// canChownInPath checks if the ownership of files can be set in a given path. +func canChownInPath(path string) (bool, error) { + info, err := os.Stat(path) + if err != nil { + return false, err + } + if !info.IsDir() { + return false, fmt.Errorf("%s is not a directory", path) + } + + checkFile, err := os.CreateTemp(path, ".writecheck") + if err != nil { + return false, err + } + defer func() { + if err := os.Remove(checkFile.Name()); err != nil { + // print the error message for info but don't error out + fmt.Fprintf(os.Stderr, "error deleting %s: %s\n", checkFile.Name(), err.Error()) + } + }() + return checkFile.Chown(osGetuid(), osGetgid()) == nil, nil +} + +func chownR(path string, chown string) error { + if chown == "" { + return nil + } + errFmt := "cannot parse chown: %v" + + var gid int + uidS, gidS, _ := strings.Cut(chown, ":") + uid, err := strconv.Atoi(uidS) + if err != nil { + return fmt.Errorf(errFmt, err) + } + if gidS != "" { + gid, err = strconv.Atoi(gidS) + if err != nil { + return fmt.Errorf(errFmt, err) + } + } else { + gid = osGetgid() + } + + return filepath.Walk(path, func(name string, info os.FileInfo, err error) error { + if err == nil { + err = os.Chown(name, uid, gid) + } + return err + }) +} + +func createRand() *rand.Rand { + seed, err := cryptorand.Int(cryptorand.Reader, big.NewInt(math.MaxInt64)) + if err != nil { + panic("Cannot generate an RNG seed.") + } + + // math/rand is good enough in this case + /* #nosec G404 */ + return rand.New(rand.NewSource(seed.Int64())) +} From e114f85dc5f587fcc9c1e590458ec0e437355e71 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 29 Sep 2025 15:35:57 +0200 Subject: [PATCH 149/254] main: put ISO/disk code into proper functions During the refactor the `manifestFromCobra()` helper became quite messy. This commit cleans this up by moving the parts that deal with disk images into their own helper and the part that deals with iso the same. --- bib/cmd/bootc-image-builder/image.go | 3 - bib/cmd/bootc-image-builder/main.go | 104 ++++++++++++++------------- 2 files changed, 56 insertions(+), 51 deletions(-) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 42cceec35..948ce4ba3 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -23,7 +23,6 @@ import ( "github.com/sirupsen/logrus" "github.com/osbuild/bootc-image-builder/bib/internal/distrodef" - "github.com/osbuild/bootc-image-builder/bib/internal/imagetypes" ) type ManifestConfig struct { @@ -31,8 +30,6 @@ type ManifestConfig struct { Imgref string BuildImgref string - ImageTypes imagetypes.ImageTypes - // Build config Config *blueprint.Blueprint diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index d64d6afa4..b96f7dd97 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -20,6 +20,7 @@ import ( "github.com/spf13/pflag" "golang.org/x/exp/slices" + "github.com/osbuild/blueprint/pkg/blueprint" repos "github.com/osbuild/images/data/repositories" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/bib/blueprintload" @@ -70,7 +71,7 @@ func inContainerOrUnknown() bool { return err == nil } -func makeManifest(c *ManifestConfig, solver *depsolvednf.Solver, cacheRoot string) (manifest.OSBuildManifest, map[string][]rpmmd.RepoConfig, error) { +func makeISOManifest(c *ManifestConfig, solver *depsolvednf.Solver, cacheRoot string) (manifest.OSBuildManifest, map[string][]rpmmd.RepoConfig, error) { rng := createRand() mani, err := manifestForISO(c, rng) if err != nil { @@ -217,55 +218,63 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress pbar.SetPulseMsgf("Manifest generation step") pbar.Start() - // For now shortcut here and build ding "images" for anything - // that is not the iso - if !imageTypes.BuildsISO() { - distro, err := bootc.NewBootcDistro(imgref) - if err != nil { - return nil, nil, err - } - if err := distro.SetBuildContainer(buildImgref); err != nil { - return nil, nil, err - } - if err := distro.SetDefaultFs(rootFs); err != nil { - return nil, nil, err - } - // XXX: consider target-arch - archi, err := distro.GetArch(cntArch.String()) - if err != nil { - return nil, nil, err - } - // XXX: how to generate for all image types - imgType, err := archi.GetImageType(imgTypes[0]) - if err != nil { - return nil, nil, err - } + // Note that we only need to pass a single imgType here into the manifest generation because: + // 1. the bootc disk manifests contains exports for all supported image types + // 2. the bootc iso is always a single build + imgType := imgTypes[0] + if imageTypes.BuildsISO() { + return manifestFromCobraForISO(imgref, buildImgref, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch) + } + return manifestFromCobraForDisk(imgref, buildImgref, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch) +} - var buf bytes.Buffer - repos, err := reporegistry.New(nil, []fs.FS{repos.FS}) - if err != nil { - return nil, nil, err - } - mg, err := manifestgen.New(repos, &manifestgen.Options{ - Output: &buf, - // XXX: hack to skip repo loading for the bootc image. - // We need to add a SkipRepositories or similar to - // manifestgen instead to make this clean - OverrideRepos: []rpmmd.RepoConfig{ - { - BaseURLs: []string{"https://example.com/not-used"}, - }, +func manifestFromCobraForDisk(imgref, buildImgref, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch) ([]byte, *mTLSConfig, error) { + distro, err := bootc.NewBootcDistro(imgref) + if err != nil { + return nil, nil, err + } + if err := distro.SetBuildContainer(buildImgref); err != nil { + return nil, nil, err + } + if err := distro.SetDefaultFs(rootFs); err != nil { + return nil, nil, err + } + archi, err := distro.GetArch(cntArch.String()) + if err != nil { + return nil, nil, err + } + imgType, err := archi.GetImageType(imgTypeStr) + if err != nil { + return nil, nil, err + } + + var buf bytes.Buffer + repos, err := reporegistry.New(nil, []fs.FS{repos.FS}) + if err != nil { + return nil, nil, err + } + mg, err := manifestgen.New(repos, &manifestgen.Options{ + Output: &buf, + // XXX: hack to skip repo loading for the bootc image. + // We need to add a SkipRepositories or similar to + // manifestgen instead to make this clean + OverrideRepos: []rpmmd.RepoConfig{ + { + BaseURLs: []string{"https://example.com/not-used"}, }, - }) - if err != nil { - return nil, nil, err - } - if err := mg.Generate(config, distro, imgType, archi, nil); err != nil { - return nil, nil, err - } - return buf.Bytes(), nil, nil + }, + }) + if err != nil { + return nil, nil, err + } + if err := mg.Generate(config, distro, imgType, archi, nil); err != nil { + return nil, nil, err } + return buf.Bytes(), nil, nil + +} +func manifestFromCobraForISO(imgref, buildImgref, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch) ([]byte, *mTLSConfig, error) { container, err := podman_container.New(imgref) if err != nil { return nil, nil, err @@ -335,7 +344,6 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress manifestConfig := &ManifestConfig{ Architecture: cntArch, Config: config, - ImageTypes: imageTypes, Imgref: imgref, BuildImgref: buildImgref, DistroDefPaths: distroDefPaths, @@ -345,7 +353,7 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress UseLibrepo: useLibrepo, } - manifest, repos, err := makeManifest(manifestConfig, solver, rpmCacheRoot) + manifest, repos, err := makeISOManifest(manifestConfig, solver, rpmCacheRoot) if err != nil { return nil, nil, err } From 92ac06bc3a889c50991af872aceb884dd7920b25 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 29 Sep 2025 15:40:40 +0200 Subject: [PATCH 150/254] main: move legacy ISO code into legacy_iso.go This commit moves the rpm based ISO handling from images.go and main.go into the new legacy_iso.go file to make clear that the parts in there are only needed for the legacy (rpm) ISO handling and can be removed once we no longer need to support this. --- .../{image.go => legacy_iso.go} | 161 +++++++++++++++++ bib/cmd/bootc-image-builder/main.go | 168 +----------------- 2 files changed, 163 insertions(+), 166 deletions(-) rename bib/cmd/bootc-image-builder/{image.go => legacy_iso.go} (61%) diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/legacy_iso.go similarity index 61% rename from bib/cmd/bootc-image-builder/image.go rename to bib/cmd/bootc-image-builder/legacy_iso.go index 948ce4ba3..cff937c44 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -13,6 +13,7 @@ import ( "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/customizations/anaconda" "github.com/osbuild/images/pkg/customizations/kickstart" + "github.com/osbuild/images/pkg/depsolvednf" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/image" "github.com/osbuild/images/pkg/manifest" @@ -22,9 +23,20 @@ import ( "github.com/osbuild/images/pkg/runner" "github.com/sirupsen/logrus" + podman_container "github.com/osbuild/images/pkg/bib/container" + "github.com/osbuild/bootc-image-builder/bib/internal/distrodef" ) +// all possible locations for the bib's distro definitions +// ./data/defs and ./bib/data/defs are for development +// /usr/share/bootc-image-builder/defs is for the production, containerized version +var distroDefPaths = []string{ + "./data/defs", + "./bib/data/defs", + "/usr/share/bootc-image-builder/defs", +} + type ManifestConfig struct { // OCI image path (without the transport, that is always docker://) Imgref string @@ -50,6 +62,155 @@ type ManifestConfig struct { UseLibrepo bool } +func manifestFromCobraForLegacyISO(imgref, buildImgref, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch) ([]byte, *mTLSConfig, error) { + container, err := podman_container.New(imgref) + if err != nil { + return nil, nil, err + } + defer func() { + if err := container.Stop(); err != nil { + logrus.Warnf("error stopping container: %v", err) + } + }() + + var rootfsType string + if rootFs != "" { + rootfsType = rootFs + } else { + rootfsType, err = container.DefaultRootfsType() + if err != nil { + return nil, nil, fmt.Errorf("cannot get rootfs type for container: %w", err) + } + if rootfsType == "" { + return nil, nil, fmt.Errorf(`no default root filesystem type specified in container, please use "--rootfs" to set manually`) + } + } + + // Gather some data from the containers distro + sourceinfo, err := osinfo.Load(container.Root()) + if err != nil { + return nil, nil, err + } + + buildContainer := container + buildSourceinfo := sourceinfo + startedBuildContainer := false + defer func() { + if startedBuildContainer { + if err := buildContainer.Stop(); err != nil { + logrus.Warnf("error stopping container: %v", err) + } + } + }() + + if buildImgref != "" { + buildContainer, err = podman_container.New(buildImgref) + if err != nil { + return nil, nil, err + } + startedBuildContainer = true + + // Gather some data from the containers distro + buildSourceinfo, err = osinfo.Load(buildContainer.Root()) + if err != nil { + return nil, nil, err + } + } else { + buildImgref = imgref + } + + // This is needed just for RHEL and RHSM in most cases, but let's run it every time in case + // the image has some non-standard dnf plugins. + if err := buildContainer.InitDNF(); err != nil { + return nil, nil, err + } + solver, err := buildContainer.NewContainerSolver(rpmCacheRoot, cntArch, sourceinfo) + if err != nil { + return nil, nil, err + } + + manifestConfig := &ManifestConfig{ + Architecture: cntArch, + Config: config, + Imgref: imgref, + BuildImgref: buildImgref, + DistroDefPaths: distroDefPaths, + SourceInfo: sourceinfo, + BuildSourceInfo: buildSourceinfo, + RootFSType: rootfsType, + UseLibrepo: useLibrepo, + } + + manifest, repos, err := makeISOManifest(manifestConfig, solver, rpmCacheRoot) + if err != nil { + return nil, nil, err + } + + mTLS, err := extractTLSKeys(repos) + if err != nil { + return nil, nil, err + } + + return manifest, mTLS, nil +} + +func makeISOManifest(c *ManifestConfig, solver *depsolvednf.Solver, cacheRoot string) (manifest.OSBuildManifest, map[string][]rpmmd.RepoConfig, error) { + rng := createRand() + mani, err := manifestForISO(c, rng) + if err != nil { + return nil, nil, fmt.Errorf("cannot get manifest: %w", err) + } + + // depsolve packages + depsolvedSets := make(map[string]depsolvednf.DepsolveResult) + depsolvedRepos := make(map[string][]rpmmd.RepoConfig) + for name, pkgSet := range mani.GetPackageSetChains() { + res, err := solver.Depsolve(pkgSet, 0) + if err != nil { + return nil, nil, fmt.Errorf("cannot depsolve: %w", err) + } + depsolvedSets[name] = *res + depsolvedRepos[name] = res.Repos + } + + // Resolve container - the normal case is that host and target + // architecture are the same. However it is possible to build + // cross-arch images by using qemu-user. This will run everything + // (including the build-root) with the target arch then, it + // is fast enough (given that it's mostly I/O and all I/O is + // run naively via syscall translation) + + // XXX: should NewResolver() take "arch.Arch"? + resolver := container.NewResolver(c.Architecture.String()) + + containerSpecs := make(map[string][]container.Spec) + for plName, sourceSpecs := range mani.GetContainerSourceSpecs() { + for _, c := range sourceSpecs { + resolver.Add(c) + } + specs, err := resolver.Finish() + if err != nil { + return nil, nil, fmt.Errorf("cannot resolve containers: %w", err) + } + for _, spec := range specs { + if spec.Arch != c.Architecture { + return nil, nil, fmt.Errorf("image found is for unexpected architecture %q (expected %q), if that is intentional, please make sure --target-arch matches", spec.Arch, c.Architecture) + } + } + containerSpecs[plName] = specs + } + + var opts manifest.SerializeOptions + if c.UseLibrepo { + opts.RpmDownloader = osbuild.RpmDownloaderLibrepo + } + mf, err := mani.Serialize(depsolvedSets, containerSpecs, nil, &opts) + if err != nil { + return nil, nil, fmt.Errorf("[ERROR] manifest serialization failed: %s", err.Error()) + } + return mf, depsolvedRepos, nil +} + func labelForISO(os *osinfo.OSRelease, arch *arch.Arch) string { switch os.ID { case "fedora": diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index b96f7dd97..c1493f0d8 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -26,32 +26,18 @@ import ( "github.com/osbuild/images/pkg/bib/blueprintload" "github.com/osbuild/images/pkg/cloud" "github.com/osbuild/images/pkg/cloud/awscloud" - "github.com/osbuild/images/pkg/container" - "github.com/osbuild/images/pkg/depsolvednf" "github.com/osbuild/images/pkg/distro/bootc" "github.com/osbuild/images/pkg/experimentalflags" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/manifestgen" - "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/reporegistry" "github.com/osbuild/images/pkg/rpmmd" - "github.com/osbuild/bootc-image-builder/bib/internal/imagetypes" - podman_container "github.com/osbuild/images/pkg/bib/container" - "github.com/osbuild/images/pkg/bib/osinfo" - "github.com/osbuild/image-builder-cli/pkg/progress" "github.com/osbuild/image-builder-cli/pkg/setup" -) -// all possible locations for the bib's distro definitions -// ./data/defs and ./bib/data/defs are for development -// /usr/share/bootc-image-builder/defs is for the production, containerized version -var distroDefPaths = []string{ - "./data/defs", - "./bib/data/defs", - "/usr/share/bootc-image-builder/defs", -} + "github.com/osbuild/bootc-image-builder/bib/internal/imagetypes" +) var ( osGetuid = os.Getuid @@ -71,63 +57,6 @@ func inContainerOrUnknown() bool { return err == nil } -func makeISOManifest(c *ManifestConfig, solver *depsolvednf.Solver, cacheRoot string) (manifest.OSBuildManifest, map[string][]rpmmd.RepoConfig, error) { - rng := createRand() - mani, err := manifestForISO(c, rng) - if err != nil { - return nil, nil, fmt.Errorf("cannot get manifest: %w", err) - } - - // depsolve packages - depsolvedSets := make(map[string]depsolvednf.DepsolveResult) - depsolvedRepos := make(map[string][]rpmmd.RepoConfig) - for name, pkgSet := range mani.GetPackageSetChains() { - res, err := solver.Depsolve(pkgSet, 0) - if err != nil { - return nil, nil, fmt.Errorf("cannot depsolve: %w", err) - } - depsolvedSets[name] = *res - depsolvedRepos[name] = res.Repos - } - - // Resolve container - the normal case is that host and target - // architecture are the same. However it is possible to build - // cross-arch images by using qemu-user. This will run everything - // (including the build-root) with the target arch then, it - // is fast enough (given that it's mostly I/O and all I/O is - // run naively via syscall translation) - - // XXX: should NewResolver() take "arch.Arch"? - resolver := container.NewResolver(c.Architecture.String()) - - containerSpecs := make(map[string][]container.Spec) - for plName, sourceSpecs := range mani.GetContainerSourceSpecs() { - for _, c := range sourceSpecs { - resolver.Add(c) - } - specs, err := resolver.Finish() - if err != nil { - return nil, nil, fmt.Errorf("cannot resolve containers: %w", err) - } - for _, spec := range specs { - if spec.Arch != c.Architecture { - return nil, nil, fmt.Errorf("image found is for unexpected architecture %q (expected %q), if that is intentional, please make sure --target-arch matches", spec.Arch, c.Architecture) - } - } - containerSpecs[plName] = specs - } - - var opts manifest.SerializeOptions - if c.UseLibrepo { - opts.RpmDownloader = osbuild.RpmDownloaderLibrepo - } - mf, err := mani.Serialize(depsolvedSets, containerSpecs, nil, &opts) - if err != nil { - return nil, nil, fmt.Errorf("[ERROR] manifest serialization failed: %s", err.Error()) - } - return mf, depsolvedRepos, nil -} - func saveManifest(ms manifest.OSBuildManifest, fpath string) (err error) { b, err := json.MarshalIndent(ms, "", " ") if err != nil { @@ -271,99 +200,6 @@ func manifestFromCobraForDisk(imgref, buildImgref, imgTypeStr, rootFs, rpmCacheR return nil, nil, err } return buf.Bytes(), nil, nil - -} - -func manifestFromCobraForISO(imgref, buildImgref, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch) ([]byte, *mTLSConfig, error) { - container, err := podman_container.New(imgref) - if err != nil { - return nil, nil, err - } - defer func() { - if err := container.Stop(); err != nil { - logrus.Warnf("error stopping container: %v", err) - } - }() - - var rootfsType string - if rootFs != "" { - rootfsType = rootFs - } else { - rootfsType, err = container.DefaultRootfsType() - if err != nil { - return nil, nil, fmt.Errorf("cannot get rootfs type for container: %w", err) - } - if rootfsType == "" { - return nil, nil, fmt.Errorf(`no default root filesystem type specified in container, please use "--rootfs" to set manually`) - } - } - - // Gather some data from the containers distro - sourceinfo, err := osinfo.Load(container.Root()) - if err != nil { - return nil, nil, err - } - - buildContainer := container - buildSourceinfo := sourceinfo - startedBuildContainer := false - defer func() { - if startedBuildContainer { - if err := buildContainer.Stop(); err != nil { - logrus.Warnf("error stopping container: %v", err) - } - } - }() - - if buildImgref != "" { - buildContainer, err = podman_container.New(buildImgref) - if err != nil { - return nil, nil, err - } - startedBuildContainer = true - - // Gather some data from the containers distro - buildSourceinfo, err = osinfo.Load(buildContainer.Root()) - if err != nil { - return nil, nil, err - } - } else { - buildImgref = imgref - } - - // This is needed just for RHEL and RHSM in most cases, but let's run it every time in case - // the image has some non-standard dnf plugins. - if err := buildContainer.InitDNF(); err != nil { - return nil, nil, err - } - solver, err := buildContainer.NewContainerSolver(rpmCacheRoot, cntArch, sourceinfo) - if err != nil { - return nil, nil, err - } - - manifestConfig := &ManifestConfig{ - Architecture: cntArch, - Config: config, - Imgref: imgref, - BuildImgref: buildImgref, - DistroDefPaths: distroDefPaths, - SourceInfo: sourceinfo, - BuildSourceInfo: buildSourceinfo, - RootFSType: rootfsType, - UseLibrepo: useLibrepo, - } - - manifest, repos, err := makeISOManifest(manifestConfig, solver, rpmCacheRoot) - if err != nil { - return nil, nil, err - } - - mTLS, err := extractTLSKeys(repos) - if err != nil { - return nil, nil, err - } - - return manifest, mTLS, nil } func cmdManifest(cmd *cobra.Command, args []string) error { From 893a2831a6a258c89e0fa30a9a3018680e519189 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 29 Sep 2025 15:48:50 +0200 Subject: [PATCH 151/254] imagetypes: mark rpm based ISOs as `legacy` We want to move into a world where we build the anaconda image from bootc containers instead of our current RPM based construction [0] so lets mark the rpm based installer ISO image types as legacy. This should make it easy to support a potential new `bootc-iso` or `bootc-installer` image type [0] while still supporting the legacy mode for a while. --- bib/cmd/bootc-image-builder/main.go | 6 +++--- bib/internal/imagetypes/imagetypes.go | 30 ++++++++++++++++++++------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index c1493f0d8..4351b1a5e 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -149,10 +149,10 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress // Note that we only need to pass a single imgType here into the manifest generation because: // 1. the bootc disk manifests contains exports for all supported image types - // 2. the bootc iso is always a single build + // 2. the bootc legacy types (iso, anaconda-iso) always do a single build imgType := imgTypes[0] - if imageTypes.BuildsISO() { - return manifestFromCobraForISO(imgref, buildImgref, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch) + if imageTypes.Legacy() { + return manifestFromCobraForLegacyISO(imgref, buildImgref, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch) } return manifestFromCobraForDisk(imgref, buildImgref, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch) } diff --git a/bib/internal/imagetypes/imagetypes.go b/bib/internal/imagetypes/imagetypes.go index 8e788ae6b..de396ce4b 100644 --- a/bib/internal/imagetypes/imagetypes.go +++ b/bib/internal/imagetypes/imagetypes.go @@ -10,17 +10,22 @@ import ( type imageType struct { Export string ISO bool + Legacy bool } var supportedImageTypes = map[string]imageType{ - "ami": imageType{Export: "image"}, - "qcow2": imageType{Export: "qcow2"}, - "raw": imageType{Export: "image"}, - "vmdk": imageType{Export: "vmdk"}, - "vhd": imageType{Export: "vpc"}, - "gce": imageType{Export: "gce"}, - "anaconda-iso": imageType{Export: "bootiso", ISO: true}, - "iso": imageType{Export: "bootiso", ISO: true}, + // XXX: ideally we would look how to consolidate all + // knownledge about disk based image types into the images + // library + "ami": imageType{Export: "image"}, + "qcow2": imageType{Export: "qcow2"}, + "raw": imageType{Export: "image"}, + "vmdk": imageType{Export: "vmdk"}, + "vhd": imageType{Export: "vpc"}, + "gce": imageType{Export: "gce"}, + // the iso image types are RPM based and legacy/deprecated + "anaconda-iso": imageType{Export: "bootiso", ISO: true, Legacy: true}, + "iso": imageType{Export: "bootiso", ISO: true, Legacy: true}, } // Available() returns a comma-separated list of supported image types @@ -86,3 +91,12 @@ func (it ImageTypes) BuildsISO() bool { // XXX: this assumes a valid ImagTypes object return supportedImageTypes[it[0]].ISO } + +func (it ImageTypes) Legacy() bool { + for _, name := range it { + if supportedImageTypes[name].Legacy { + return true + } + } + return false +} From 4935f49450c238a5b65edc49c391954cb234db90 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 21 Aug 2025 10:53:39 +0200 Subject: [PATCH 152/254] Revert "test: disable centos9 iso test for now because kernel panic" This reverts commit 3f3b315cb8fbd1f31226bebf50efc9f18a91e291. --- test/testcases.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/testcases.py b/test/testcases.py index f565e1dce..973261580 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -97,8 +97,7 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements if what == "anaconda-iso": return [ TestCaseFedora(image="anaconda-iso", sign=True), - # 2025-08-21: disabled because of https://issues.redhat.com/browse/RHEL-109635 - # TestCaseC9S(image="anaconda-iso"), + TestCaseC9S(image="anaconda-iso"), TestCaseC10S(image="anaconda-iso"), ] if what == "qemu-cross": From 29e4572e6900eea8d6531c34460adb09ab6b5d55 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 25 Sep 2025 14:44:05 +0200 Subject: [PATCH 153/254] bib: update to images version v0.197.0 Update go.mod and do the required AI changes for v0.197.0 --- bib/cmd/bootc-image-builder/cloud.go | 6 ++++-- bib/cmd/bootc-image-builder/legacy_iso.go | 6 +++++- bib/cmd/bootc-image-builder/main.go | 8 +++----- bib/cmd/upload/main.go | 2 +- bib/go.mod | 4 ++-- bib/go.sum | 12 ++++++------ 6 files changed, 21 insertions(+), 17 deletions(-) diff --git a/bib/cmd/bootc-image-builder/cloud.go b/bib/cmd/bootc-image-builder/cloud.go index 483f4ae52..57feccc9d 100644 --- a/bib/cmd/bootc-image-builder/cloud.go +++ b/bib/cmd/bootc-image-builder/cloud.go @@ -33,12 +33,14 @@ func upload(uploader cloud.Uploader, path string, flags *pflag.FlagSet) error { defer file.Close() var r io.Reader = file + var size int64 if pbar != nil { st, err := file.Stat() if err != nil { return err } - pbar.SetTotal(st.Size()) + size = st.Size() + pbar.SetTotal(size) pbar.Set(pb.Bytes, true) pbar.SetWriter(osStdout) r = pbar.NewProxyReader(file) @@ -46,5 +48,5 @@ func upload(uploader cloud.Uploader, path string, flags *pflag.FlagSet) error { defer pbar.Finish() } - return uploader.UploadAndRegister(r, osStderr) + return uploader.UploadAndRegister(r, uint64(size), osStderr) } diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index cff937c44..d845a240b 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -164,7 +164,11 @@ func makeISOManifest(c *ManifestConfig, solver *depsolvednf.Solver, cacheRoot st // depsolve packages depsolvedSets := make(map[string]depsolvednf.DepsolveResult) depsolvedRepos := make(map[string][]rpmmd.RepoConfig) - for name, pkgSet := range mani.GetPackageSetChains() { + pkgSetChains, err := mani.GetPackageSetChains() + if err != nil { + return nil, nil, err + } + for name, pkgSet := range pkgSetChains { res, err := solver.Depsolve(pkgSet, 0) if err != nil { return nil, nil, fmt.Errorf("cannot depsolve: %w", err) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 4351b1a5e..a4191ea14 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -1,7 +1,6 @@ package main import ( - "bytes" "encoding/json" "errors" "fmt" @@ -177,13 +176,11 @@ func manifestFromCobraForDisk(imgref, buildImgref, imgTypeStr, rootFs, rpmCacheR return nil, nil, err } - var buf bytes.Buffer repos, err := reporegistry.New(nil, []fs.FS{repos.FS}) if err != nil { return nil, nil, err } mg, err := manifestgen.New(repos, &manifestgen.Options{ - Output: &buf, // XXX: hack to skip repo loading for the bootc image. // We need to add a SkipRepositories or similar to // manifestgen instead to make this clean @@ -196,10 +193,11 @@ func manifestFromCobraForDisk(imgref, buildImgref, imgTypeStr, rootFs, rpmCacheR if err != nil { return nil, nil, err } - if err := mg.Generate(config, distro, imgType, archi, nil); err != nil { + manifest, err := mg.Generate(config, imgType, nil) + if err != nil { return nil, nil, err } - return buf.Bytes(), nil, nil + return manifest, nil, nil } func cmdManifest(cmd *cobra.Command, args []string) error { diff --git a/bib/cmd/upload/main.go b/bib/cmd/upload/main.go index c0b25f5e1..8f7ddccd9 100644 --- a/bib/cmd/upload/main.go +++ b/bib/cmd/upload/main.go @@ -50,7 +50,7 @@ func uploadAMI(cmd *cobra.Command, args []string) { // nolint:errcheck defer f.Close() - check(uploader.UploadAndRegister(f, os.Stderr)) + check(uploader.UploadAndRegister(f, 0, os.Stderr)) } func setupCLI() *cobra.Command { diff --git a/bib/go.mod b/bib/go.mod index 6be4b03ac..52d9df608 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -8,8 +8,8 @@ require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.13.0 - github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 - github.com/osbuild/images v0.191.0 + github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 + github.com/osbuild/images v0.197.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index f321eff31..ba7cf0c3f 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -243,10 +243,10 @@ github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplU github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32WyuymA= github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= -github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3 h1:M3yYunKH4quwJLQrnFo7dEwCTKorafNC+AUqAo7m5Yo= -github.com/osbuild/image-builder-cli v0.0.0-20250331194259-63bb56e12db3/go.mod h1:0sEmiQiMo1ChSuOoeONN0RmsoZbQEvj2mlO2448gC5w= -github.com/osbuild/images v0.191.0 h1:nhTIAf0JJTEf1gIUsU1II0BVIYBj537BvDpBBXCLYig= -github.com/osbuild/images v0.191.0/go.mod h1:KPiYBF0VrOXz5NAw6Lv4X170uN8wnOHpWuBzKT4jPrU= +github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= +github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= +github.com/osbuild/images v0.197.0 h1:JSwivw9X2HLgGPq1NG407FrSbyNlfwdACwI0g6kUkjY= +github.com/osbuild/images v0.197.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -254,8 +254,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/proglottis/gpgme v0.1.4 h1:3nE7YNA70o2aLjcg63tXMOhPD7bplfE5CBdV+hLAm2M= github.com/proglottis/gpgme v0.1.4/go.mod h1:5LoXMgpE4bttgwwdv9bLs/vwqv3qV7F4glEEZ7mRKrM= -github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= -github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= +github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc= +github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= From ec32997f80db502544752cb98e0eda7ebd922a48 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 26 Sep 2025 08:45:41 +0200 Subject: [PATCH 154/254] test: update invalid cross arch test error msg The error message on mismatch of `--target-arch` with the actual container has changed (for the better) so we need to update the test for this. --- test/test_manifest.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/test_manifest.py b/test/test_manifest.py index 7af333b9c..7171bb0fe 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -153,7 +153,8 @@ def test_manifest_cross_arch_check(tmp_path, build_container): "manifest", "--target-arch=aarch64", f"localhost/{container_tag}" ], check=True, capture_output=True, encoding="utf8") - assert 'cannot generate manifest: invalid arch: aarch64' in exc.value.stderr + assert ('cannot generate manifest: requested bootc arch "aarch64" ' + 'does not match available arches [x86_64]') in exc.value.stderr def find_rootfs_type_from(manifest_str): From b315a23219741956a19d14ac2c65030a94aaa50a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 6 Oct 2025 09:09:39 +0200 Subject: [PATCH 155/254] go.mod: update to v201 --- bib/go.mod | 2 +- bib/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bib/go.mod b/bib/go.mod index 52d9df608..dad63d503 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.13.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.197.0 + github.com/osbuild/images v0.201.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index ba7cf0c3f..7540c03be 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -247,6 +247,8 @@ github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1ht github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= github.com/osbuild/images v0.197.0 h1:JSwivw9X2HLgGPq1NG407FrSbyNlfwdACwI0g6kUkjY= github.com/osbuild/images v0.197.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= +github.com/osbuild/images v0.201.0 h1:AOUslfK+TR0q4WA63+r/GNJIpdg5Ve1vStR72x+4awk= +github.com/osbuild/images v0.201.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From c281050ec863dfb47cc431997f114e2a96b1c22a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 6 Oct 2025 09:15:25 +0200 Subject: [PATCH 156/254] legacy_iso: update lorax handling for images PR#1886 With the merge of https://github.com/osbuild/images/pull/1886 the handling of the lorax templates changed. Ideally we would follow images here closer and use the distro YAML loader to load the metadata from images:data/distrodefs. But as a quick fix this just duplicates the logic we had before. --- bib/cmd/bootc-image-builder/legacy_iso.go | 33 ++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index d845a240b..faf4b3906 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -233,8 +233,34 @@ func labelForISO(os *osinfo.OSRelease, arch *arch.Arch) string { } } -func needsRHELLoraxTemplates(si osinfo.OSRelease) bool { - return si.ID == "rhel" || slices.Contains(si.IDLike, "rhel") || si.VersionID == "eln" +// from:https://github.com/osbuild/images/blob/v0.201.0/data/distrodefs/rhel-10/imagetypes.yaml#L169 +var loraxRhelTemplates = []string{ + "80-rhel/runtime-postinstall.tmpl", + "80-rhel/runtime-cleanup.tmpl", +} + +// from:https://github.com/osbuild/images/blob/v0.201.0/data/distrodefs/fedora/imagetypes.yaml#L408 +var loraxFedoraTemplates = []string{ + "99-generic/runtime-postinstall.tmpl", + "99-generic/runtime-cleanup.tmpl", +} + +func loraxTemplates(si osinfo.OSRelease) []string { + switch { + case si.ID == "rhel" || slices.Contains(si.IDLike, "rhel") || si.VersionID == "eln": + return loraxRhelTemplates + default: + return loraxFedoraTemplates + } +} + +func loraxTemplatePackage(si osinfo.OSRelease) string { + switch { + case si.ID == "rhel" || slices.Contains(si.IDLike, "rhel") || si.VersionID == "eln": + return "lorax-templates-rhel" + default: + return "lorax-templates-generic" + } } func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, error) { @@ -332,7 +358,8 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro img.Kickstart.OSTree = &kickstart.OSTree{ OSName: "default", } - img.InstallerCustomizations.UseRHELLoraxTemplates = needsRHELLoraxTemplates(c.SourceInfo.OSRelease) + img.InstallerCustomizations.LoraxTemplates = loraxTemplates(c.SourceInfo.OSRelease) + img.InstallerCustomizations.LoraxTemplatePackage = loraxTemplatePackage(c.SourceInfo.OSRelease) // see https://github.com/osbuild/bootc-image-builder/issues/733 img.InstallerCustomizations.ISORootfsType = manifest.SquashfsRootfs From 39fa22359e6f2c6792189e85e6f0fd86a16dc213 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 6 Oct 2025 16:55:59 +0200 Subject: [PATCH 157/254] go.mod: update to images version v0.202.0 --- bib/go.mod | 2 +- bib/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bib/go.mod b/bib/go.mod index dad63d503..a60617360 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.13.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.201.0 + github.com/osbuild/images v0.202.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index 7540c03be..68f0ee72a 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -249,6 +249,8 @@ github.com/osbuild/images v0.197.0 h1:JSwivw9X2HLgGPq1NG407FrSbyNlfwdACwI0g6kUkj github.com/osbuild/images v0.197.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= github.com/osbuild/images v0.201.0 h1:AOUslfK+TR0q4WA63+r/GNJIpdg5Ve1vStR72x+4awk= github.com/osbuild/images v0.201.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= +github.com/osbuild/images v0.202.0 h1:OPvfmr5RJHcOJgU8Win6kHyoCNQZEiILlgIDI64/YIM= +github.com/osbuild/images v0.202.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From 217cb6d1d1a949beb212fcf3cd3e7e2bf0166ad4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 17:59:06 +0000 Subject: [PATCH 158/254] build(deps): bump github.com/osbuild/blueprint Bumps the go-deps group with 1 update in the /bib directory: [github.com/osbuild/blueprint](https://github.com/osbuild/blueprint). Updates `github.com/osbuild/blueprint` from 1.13.0 to 1.16.0 - [Release notes](https://github.com/osbuild/blueprint/releases) - [Commits](https://github.com/osbuild/blueprint/compare/v1.13.0...v1.16.0) --- updated-dependencies: - dependency-name: github.com/osbuild/blueprint dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index a60617360..e195f60bb 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -7,7 +7,7 @@ toolchain go1.24.6 require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.13.0 + github.com/osbuild/blueprint v1.16.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 github.com/osbuild/images v0.202.0 github.com/sirupsen/logrus v1.9.3 diff --git a/bib/go.sum b/bib/go.sum index 68f0ee72a..05760279b 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -241,14 +241,10 @@ github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= -github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32WyuymA= -github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= +github.com/osbuild/blueprint v1.16.0 h1:f/kHih+xpeJ1v7wtIfzdHPZTsiXsqKeDQ1+rrue6298= +github.com/osbuild/blueprint v1.16.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= -github.com/osbuild/images v0.197.0 h1:JSwivw9X2HLgGPq1NG407FrSbyNlfwdACwI0g6kUkjY= -github.com/osbuild/images v0.197.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= -github.com/osbuild/images v0.201.0 h1:AOUslfK+TR0q4WA63+r/GNJIpdg5Ve1vStR72x+4awk= -github.com/osbuild/images v0.201.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= github.com/osbuild/images v0.202.0 h1:OPvfmr5RJHcOJgU8Win6kHyoCNQZEiILlgIDI64/YIM= github.com/osbuild/images v0.202.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 36586ddbfb7866208e637a7c576ebce0384ea37a Mon Sep 17 00:00:00 2001 From: "Viktor H. Ingre" Date: Sun, 28 Sep 2025 18:17:57 +0200 Subject: [PATCH 159/254] Add manifest for Rocky Linux 9 and 10 --- bib/data/defs/rocky-10.yaml | 1 + bib/data/defs/rocky-9.yaml | 1 + 2 files changed, 2 insertions(+) create mode 120000 bib/data/defs/rocky-10.yaml create mode 120000 bib/data/defs/rocky-9.yaml diff --git a/bib/data/defs/rocky-10.yaml b/bib/data/defs/rocky-10.yaml new file mode 120000 index 000000000..31ce3eb13 --- /dev/null +++ b/bib/data/defs/rocky-10.yaml @@ -0,0 +1 @@ +centos-10.yaml \ No newline at end of file diff --git a/bib/data/defs/rocky-9.yaml b/bib/data/defs/rocky-9.yaml new file mode 120000 index 000000000..f09a87265 --- /dev/null +++ b/bib/data/defs/rocky-9.yaml @@ -0,0 +1 @@ +centos-9.yaml \ No newline at end of file From f08d0ed23e7376a144b4ecfb806bea3ff0692a07 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Tue, 7 Oct 2025 16:51:42 +0200 Subject: [PATCH 160/254] deps: bump images to 0.203.0 This change includes the usage of `BootMode` that we missed in yesterdays release. Signed-off-by: Simon de Vlieger --- bib/go.mod | 2 +- bib/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bib/go.mod b/bib/go.mod index e195f60bb..0652cf21d 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.16.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.202.0 + github.com/osbuild/images v0.203.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index 05760279b..d86633eec 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -247,6 +247,8 @@ github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1ht github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= github.com/osbuild/images v0.202.0 h1:OPvfmr5RJHcOJgU8Win6kHyoCNQZEiILlgIDI64/YIM= github.com/osbuild/images v0.202.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= +github.com/osbuild/images v0.203.0 h1:G+aFUTY8cXXcptRQesKqEaZtxRr6TUlFGXlEGJycwBM= +github.com/osbuild/images v0.203.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From 7326a3da6a0bff1b84c6ed24cf2db86f45f4563e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Oct 2025 04:13:13 +0000 Subject: [PATCH 161/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.203.0 to 0.204.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.203.0...v0.204.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.204.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 0652cf21d..39581f7b6 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.16.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.203.0 + github.com/osbuild/images v0.204.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index d86633eec..d729af922 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,10 +245,8 @@ github.com/osbuild/blueprint v1.16.0 h1:f/kHih+xpeJ1v7wtIfzdHPZTsiXsqKeDQ1+rrue6 github.com/osbuild/blueprint v1.16.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= -github.com/osbuild/images v0.202.0 h1:OPvfmr5RJHcOJgU8Win6kHyoCNQZEiILlgIDI64/YIM= -github.com/osbuild/images v0.202.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= -github.com/osbuild/images v0.203.0 h1:G+aFUTY8cXXcptRQesKqEaZtxRr6TUlFGXlEGJycwBM= -github.com/osbuild/images v0.203.0/go.mod h1:xkXfw5CIy0bVNTNdB6GXiewu/IzBgpofkItDJPAzGA4= +github.com/osbuild/images v0.204.0 h1:vP/48Y/wqm0uFPXApZpOIJXKc0SAYeqjt1HCaUyUQ5M= +github.com/osbuild/images v0.204.0/go.mod h1:YhhDsTY4IARBvPCrDFqD4tMfiBtwoZ8jC5nPqXfBZ+M= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From cce2b81b5eb051e3427ec932c6e87f63f3d17d26 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Mon, 13 Oct 2025 07:43:15 +0200 Subject: [PATCH 162/254] iso: inhibit `gpt-auto` Workaround to prevent ISOs from failing to boot when used as disk images in combination with UEFI [1] [1]: https://github.com/osbuild/images/issues/1947#issuecomment-3395867961 Signed-off-by: Simon de Vlieger --- bib/cmd/bootc-image-builder/legacy_iso.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index faf4b3906..82da4e370 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -317,6 +317,10 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro img.InstallerCustomizations.OSVersion = c.SourceInfo.OSRelease.VersionID img.InstallerCustomizations.ISOLabel = labelForISO(&c.SourceInfo.OSRelease, &c.Architecture) + // XXX workaround for gpt-auto preventing ISO boot see [1] + // [1]: https://github.com/osbuild/images/issues/1947#issuecomment-3395867961 + img.InstallerCustomizations.KernelOptionsAppend = append(img.InstallerCustomizations.KernelOptionsAppend, "systemd.gpt_auto=0") + img.ExtraBasePackages = rpmmd.PackageSet{ Include: imageDef.Packages, } From 5e5ba4eae9bce9a9e06f2010d4a1212b5881bc55 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Fri, 10 Oct 2025 08:13:39 +0000 Subject: [PATCH 163/254] chore(deps): update google.golang.org/genproto/googleapis/api digest to 49b9836 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 6 +++--- bib/go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 39581f7b6..8b9af025c 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -129,9 +129,9 @@ require ( golang.org/x/sys v0.35.0 // indirect golang.org/x/term v0.34.0 // indirect golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251007200510-49b9836ed3ff // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 // indirect google.golang.org/grpc v1.74.2 // indirect - google.golang.org/protobuf v1.36.8 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/ini.v1 v1.67.0 // indirect ) diff --git a/bib/go.sum b/bib/go.sum index d729af922..8187f744b 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -463,10 +463,10 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1 h1:APHvLLYBhtZvsbnpkfknDZ7NyH4z5+ub/I0u8L3Oz6g= -google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1/go.mod h1:xUjFWUnWDpZ/C0Gu0qloASKFb6f8/QXiiXhSPFsD668= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= +google.golang.org/genproto/googleapis/api v0.0.0-20251007200510-49b9836ed3ff h1:8Zg5TdmcbU8A7CXGjGXF1Slqu/nIFCRaR3S5gT2plIA= +google.golang.org/genproto/googleapis/api v0.0.0-20251007200510-49b9836ed3ff/go.mod h1:dbWfpVPvW/RqafStmRWBUpMN14puDezDMHxNYiRfQu0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 h1:CirRxTOwnRWVLKzDNrs0CXAaVozJoR4G9xvdRecrdpk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= @@ -483,8 +483,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= From c440677c5f23a5d4f810f956a7832201363457bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Oct 2025 04:13:56 +0000 Subject: [PATCH 164/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.204.0 to 0.205.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.204.0...v0.205.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.205.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 8b9af025c..fbd7e97fc 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.16.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.204.0 + github.com/osbuild/images v0.205.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index 8187f744b..aca3b8618 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,8 +245,8 @@ github.com/osbuild/blueprint v1.16.0 h1:f/kHih+xpeJ1v7wtIfzdHPZTsiXsqKeDQ1+rrue6 github.com/osbuild/blueprint v1.16.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= -github.com/osbuild/images v0.204.0 h1:vP/48Y/wqm0uFPXApZpOIJXKc0SAYeqjt1HCaUyUQ5M= -github.com/osbuild/images v0.204.0/go.mod h1:YhhDsTY4IARBvPCrDFqD4tMfiBtwoZ8jC5nPqXfBZ+M= +github.com/osbuild/images v0.205.0 h1:uHRrqh/m2c0m3dzpUkLO+Hp2jwtkwNvAULBc1XxIzqA= +github.com/osbuild/images v0.205.0/go.mod h1:qCXSG1P5HA+Apy7eYRfaJDGdeRa9G+nYx1sRRLXXR/U= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From 5ada69e95b36496b95b8f59957cd4ff7a71a6a97 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sat, 18 Oct 2025 08:16:10 +0000 Subject: [PATCH 165/254] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- .tekton/bootc-image-builder-pull-request.yaml | 32 +++++++-------- .tekton/bootc-image-builder-push.yaml | 40 +++++++++---------- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.tekton/bootc-image-builder-pull-request.yaml b/.tekton/bootc-image-builder-pull-request.yaml index 94256c244..fedc4d912 100644 --- a/.tekton/bootc-image-builder-pull-request.yaml +++ b/.tekton/bootc-image-builder-pull-request.yaml @@ -46,7 +46,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1fa4b71e0e0ca51da1cb769a2e20bbf186235e36b03cd97998e042e6e15a0c67 + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:44b2e203f3f36664a7ef08b6428e091d5a5d5f3ed48064a7e06553d4ddc78679 - name: kind value: task resolver: bundles @@ -154,7 +154,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:ecec49de014d480e85a01b4351d7e20d9d9df44788758796da785e5be6da8881 + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:711c6ff93f653404601645ec82c42feb543954f4d58a976156308aa9b9f3a603 - name: kind value: task resolver: bundles @@ -171,7 +171,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b - name: kind value: task resolver: bundles @@ -199,7 +199,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b - name: kind value: task resolver: bundles @@ -227,7 +227,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b - name: kind value: task resolver: bundles @@ -253,7 +253,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b - name: kind value: task resolver: bundles @@ -290,7 +290,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.4@sha256:d8b81c27dd50e936c8140ef8225d814954f0b4fc11c1c23a0e5841af0a0cd168 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.6@sha256:aa8120544c1156addb9ba7a86fd9032f3a8fab5e817aba0eb3e1f0f9b9433031 - name: kind value: task resolver: bundles @@ -327,7 +327,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 - name: kind value: task resolver: bundles @@ -364,7 +364,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 - name: kind value: task resolver: bundles @@ -401,7 +401,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 - name: kind value: task resolver: bundles @@ -435,7 +435,7 @@ spec: - name: name value: build-image-manifest - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:bb2042f91b9b3f162fd3bcc2d3516dc8650128a6c8d60a590a8168e86b64ada0 + value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:f7e89ddff02a8f60274dc5d31e0150f7d5729455c8a0079cff3f25ea22d68dfe - name: kind value: task resolver: bundles @@ -480,7 +480,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:b68137ffd9362e950b2a60f3d7beec22ffc39561642b95e39f95e54596bceee1 + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:4d452338516ee1fe0f3243a38310aa8cba41c89c0fa4813dd8a3b5ad587542c6 - name: kind value: task resolver: bundles @@ -502,7 +502,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.2@sha256:cbb4a7c9f6d5591b74047a580f5199a91228a810df1c854e03ff049824b8a348 + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.3@sha256:e00a5b8372546b894386b3c9154ed2472887e7b014cdf1a77154a2fb3efefd82 - name: kind value: task resolver: bundles @@ -524,7 +524,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.4@sha256:eebe43b3223cbf7d1b6c95c8575c5bcbfd6fe6fb85261b1ad8cd018dff3f5f27 + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.4@sha256:93c9f73646740702d90a7a157a49fa55207f4edef700c81dbced824f7acac647 - name: kind value: task resolver: bundles @@ -549,7 +549,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:bb1bfcbe2514b8deb600e7eaf751f24f31a78f37788d838184760fb94fcc6c11 + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.3@sha256:941ad1e2a94d1bc28b9300a6036842f25dca1d69ffbefa6e090ee7d125e87c41 - name: kind value: task resolver: bundles @@ -571,7 +571,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:e16f95bbc57a92ea64e7eac004ced8f9e37262c702d46ca520b33a70bdbed7f3 + value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:ec5edfc57e7f278982214c23a0a339b94224eb2ae1841cc29f79bec673af2bd8 - name: kind value: task resolver: bundles diff --git a/.tekton/bootc-image-builder-push.yaml b/.tekton/bootc-image-builder-push.yaml index 79104d1e2..b9a5b0c9e 100644 --- a/.tekton/bootc-image-builder-push.yaml +++ b/.tekton/bootc-image-builder-push.yaml @@ -42,7 +42,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1fa4b71e0e0ca51da1cb769a2e20bbf186235e36b03cd97998e042e6e15a0c67 + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:44b2e203f3f36664a7ef08b6428e091d5a5d5f3ed48064a7e06553d4ddc78679 - name: kind value: task resolver: bundles @@ -150,7 +150,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:ecec49de014d480e85a01b4351d7e20d9d9df44788758796da785e5be6da8881 + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:711c6ff93f653404601645ec82c42feb543954f4d58a976156308aa9b9f3a603 - name: kind value: task resolver: bundles @@ -167,7 +167,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b - name: kind value: task resolver: bundles @@ -195,7 +195,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b - name: kind value: task resolver: bundles @@ -223,7 +223,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b - name: kind value: task resolver: bundles @@ -249,7 +249,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b99d377c3e28fad51009849f6ba3a1bc47d1dc4c46f470ea12ed7b1b444599d7 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b - name: kind value: task resolver: bundles @@ -274,7 +274,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:c5e7c270abceeab6764e0d15380fbf83311536606fb12b3542fbb1965d8b1df7 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:3eaef93163bfa5a30d184604537fc2513d3169d744f7c02a3ad8630feffa0db0 - name: kind value: task resolver: bundles @@ -297,7 +297,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:c5e7c270abceeab6764e0d15380fbf83311536606fb12b3542fbb1965d8b1df7 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:3eaef93163bfa5a30d184604537fc2513d3169d744f7c02a3ad8630feffa0db0 - name: kind value: task resolver: bundles @@ -320,7 +320,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:c5e7c270abceeab6764e0d15380fbf83311536606fb12b3542fbb1965d8b1df7 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:3eaef93163bfa5a30d184604537fc2513d3169d744f7c02a3ad8630feffa0db0 - name: kind value: task resolver: bundles @@ -343,7 +343,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:c5e7c270abceeab6764e0d15380fbf83311536606fb12b3542fbb1965d8b1df7 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:3eaef93163bfa5a30d184604537fc2513d3169d744f7c02a3ad8630feffa0db0 - name: kind value: task resolver: bundles @@ -378,7 +378,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.4@sha256:d8b81c27dd50e936c8140ef8225d814954f0b4fc11c1c23a0e5841af0a0cd168 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.6@sha256:aa8120544c1156addb9ba7a86fd9032f3a8fab5e817aba0eb3e1f0f9b9433031 - name: kind value: task resolver: bundles @@ -415,7 +415,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 - name: kind value: task resolver: bundles @@ -452,7 +452,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 - name: kind value: task resolver: bundles @@ -489,7 +489,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.4@sha256:a6afd7071e514dc3a43fa24a2eaeb862c844057b3d97cbe84007bf70f23e4802 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 - name: kind value: task resolver: bundles @@ -523,7 +523,7 @@ spec: - name: name value: build-image-manifest - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:bb2042f91b9b3f162fd3bcc2d3516dc8650128a6c8d60a590a8168e86b64ada0 + value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:f7e89ddff02a8f60274dc5d31e0150f7d5729455c8a0079cff3f25ea22d68dfe - name: kind value: task resolver: bundles @@ -568,7 +568,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:b68137ffd9362e950b2a60f3d7beec22ffc39561642b95e39f95e54596bceee1 + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:4d452338516ee1fe0f3243a38310aa8cba41c89c0fa4813dd8a3b5ad587542c6 - name: kind value: task resolver: bundles @@ -590,7 +590,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.2@sha256:cbb4a7c9f6d5591b74047a580f5199a91228a810df1c854e03ff049824b8a348 + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.3@sha256:e00a5b8372546b894386b3c9154ed2472887e7b014cdf1a77154a2fb3efefd82 - name: kind value: task resolver: bundles @@ -612,7 +612,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.4@sha256:eebe43b3223cbf7d1b6c95c8575c5bcbfd6fe6fb85261b1ad8cd018dff3f5f27 + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.4@sha256:93c9f73646740702d90a7a157a49fa55207f4edef700c81dbced824f7acac647 - name: kind value: task resolver: bundles @@ -637,7 +637,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:bb1bfcbe2514b8deb600e7eaf751f24f31a78f37788d838184760fb94fcc6c11 + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.3@sha256:941ad1e2a94d1bc28b9300a6036842f25dca1d69ffbefa6e090ee7d125e87c41 - name: kind value: task resolver: bundles @@ -659,7 +659,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:e16f95bbc57a92ea64e7eac004ced8f9e37262c702d46ca520b33a70bdbed7f3 + value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:ec5edfc57e7f278982214c23a0a339b94224eb2ae1841cc29f79bec673af2bd8 - name: kind value: task resolver: bundles From 3b33b8ea19525cd113ed02b88630b533d39376f7 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Mon, 20 Oct 2025 07:33:05 +0200 Subject: [PATCH 166/254] deps: update images to 0.207.0 This includes the fix for the ISOs [1] so we can revert the previous workaround [2]. [1]: https://github.com/osbuild/images/issues/1947 [2]: https://github.com/osbuild/bootc-image-builder/pull/1073 Signed-off-by: Simon de Vlieger --- bib/go.mod | 2 +- bib/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bib/go.mod b/bib/go.mod index fbd7e97fc..a07f9d76e 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.16.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.205.0 + github.com/osbuild/images v0.207.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index aca3b8618..203852663 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -247,6 +247,8 @@ github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1ht github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= github.com/osbuild/images v0.205.0 h1:uHRrqh/m2c0m3dzpUkLO+Hp2jwtkwNvAULBc1XxIzqA= github.com/osbuild/images v0.205.0/go.mod h1:qCXSG1P5HA+Apy7eYRfaJDGdeRa9G+nYx1sRRLXXR/U= +github.com/osbuild/images v0.207.0 h1:dr48SI+9LO5V6BZeVsln61wLltUoATW2OivV0PHNpPU= +github.com/osbuild/images v0.207.0/go.mod h1:iF6bTLzBtyp9l27fexsD5AzwHEn9+bXF5Jr4HHQecmI= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From 3d6d3ea8331e55b6adda8eb92d7cca94ed662138 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Mon, 20 Oct 2025 07:49:49 +0200 Subject: [PATCH 167/254] iso: images compatibility In images the Lorax templates are a struct since 0.206.0 [1]. [1]: https://github.com/osbuild/images/pull/1949 Signed-off-by: Simon de Vlieger --- bib/cmd/bootc-image-builder/legacy_iso.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index 82da4e370..f57b355a0 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -233,19 +233,19 @@ func labelForISO(os *osinfo.OSRelease, arch *arch.Arch) string { } } -// from:https://github.com/osbuild/images/blob/v0.201.0/data/distrodefs/rhel-10/imagetypes.yaml#L169 -var loraxRhelTemplates = []string{ - "80-rhel/runtime-postinstall.tmpl", - "80-rhel/runtime-cleanup.tmpl", +// from:https://github.com/osbuild/images/blob/v0.207.0/data/distrodefs/rhel-10/imagetypes.yaml#L169 +var loraxRhelTemplates = []manifest.InstallerLoraxTemplate{ + manifest.InstallerLoraxTemplate{Path: "80-rhel/runtime-postinstall.tmpl"}, + manifest.InstallerLoraxTemplate{Path: "80-rhel/runtime-cleanup.tmpl", AfterDracut: true}, } -// from:https://github.com/osbuild/images/blob/v0.201.0/data/distrodefs/fedora/imagetypes.yaml#L408 -var loraxFedoraTemplates = []string{ - "99-generic/runtime-postinstall.tmpl", - "99-generic/runtime-cleanup.tmpl", +// from:https://github.com/osbuild/images/blob/v0.207.0/data/distrodefs/fedora/imagetypes.yaml#L408 +var loraxFedoraTemplates = []manifest.InstallerLoraxTemplate{ + manifest.InstallerLoraxTemplate{Path: "99-generic/runtime-postinstall.tmpl"}, + manifest.InstallerLoraxTemplate{Path: "99-generic/runtime-cleanup.tmpl", AfterDracut: true}, } -func loraxTemplates(si osinfo.OSRelease) []string { +func loraxTemplates(si osinfo.OSRelease) []manifest.InstallerLoraxTemplate { switch { case si.ID == "rhel" || slices.Contains(si.IDLike, "rhel") || si.VersionID == "eln": return loraxRhelTemplates From 044e25f68a6497b45bad56eb9419b7354a2e730a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Oct 2025 04:14:28 +0000 Subject: [PATCH 168/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.207.0 to 0.208.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.207.0...v0.208.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.208.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index a07f9d76e..9059f526d 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.16.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.207.0 + github.com/osbuild/images v0.208.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index 203852663..d0e0d0c62 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,10 +245,8 @@ github.com/osbuild/blueprint v1.16.0 h1:f/kHih+xpeJ1v7wtIfzdHPZTsiXsqKeDQ1+rrue6 github.com/osbuild/blueprint v1.16.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= -github.com/osbuild/images v0.205.0 h1:uHRrqh/m2c0m3dzpUkLO+Hp2jwtkwNvAULBc1XxIzqA= -github.com/osbuild/images v0.205.0/go.mod h1:qCXSG1P5HA+Apy7eYRfaJDGdeRa9G+nYx1sRRLXXR/U= -github.com/osbuild/images v0.207.0 h1:dr48SI+9LO5V6BZeVsln61wLltUoATW2OivV0PHNpPU= -github.com/osbuild/images v0.207.0/go.mod h1:iF6bTLzBtyp9l27fexsD5AzwHEn9+bXF5Jr4HHQecmI= +github.com/osbuild/images v0.208.0 h1:7vkLGfu71v+9zORdgBfxFtpkhNnd2Z6ghw60Fj71vBE= +github.com/osbuild/images v0.208.0/go.mod h1:tZqcrs3eNUA0VPs1h3YCnbnpAskVVfo36CIi2USSfDs= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From 5418cb187f08bbba903ec0aa6444777779aa2f81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Oct 2025 04:11:38 +0000 Subject: [PATCH 169/254] build(deps): bump github.com/osbuild/images in /bib in the go-deps group Bumps the go-deps group in /bib with 1 update: [github.com/osbuild/images](https://github.com/osbuild/images). Updates `github.com/osbuild/images` from 0.208.0 to 0.209.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.208.0...v0.209.0) --- updated-dependencies: - dependency-name: github.com/osbuild/images dependency-version: 0.209.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 9059f526d..9af2d3502 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.16.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.208.0 + github.com/osbuild/images v0.209.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index d0e0d0c62..76776ceb4 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,8 +245,8 @@ github.com/osbuild/blueprint v1.16.0 h1:f/kHih+xpeJ1v7wtIfzdHPZTsiXsqKeDQ1+rrue6 github.com/osbuild/blueprint v1.16.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= -github.com/osbuild/images v0.208.0 h1:7vkLGfu71v+9zORdgBfxFtpkhNnd2Z6ghw60Fj71vBE= -github.com/osbuild/images v0.208.0/go.mod h1:tZqcrs3eNUA0VPs1h3YCnbnpAskVVfo36CIi2USSfDs= +github.com/osbuild/images v0.209.0 h1:9BRf+N0op1WbQkc+7zVRBZxg4dqS4lty3i2stF3G9lo= +github.com/osbuild/images v0.209.0/go.mod h1:tZqcrs3eNUA0VPs1h3YCnbnpAskVVfo36CIi2USSfDs= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From a478489017a19b130fdb170f8b311fadf9945fac Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Wed, 22 Oct 2025 20:13:09 +0000 Subject: [PATCH 170/254] chore(deps): update google.golang.org/genproto/googleapis/api digest to 3a174f9 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 4 ++-- bib/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 9af2d3502..6a9f83e16 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -129,8 +129,8 @@ require ( golang.org/x/sys v0.35.0 // indirect golang.org/x/term v0.34.0 // indirect golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20251007200510-49b9836ed3ff // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f // indirect google.golang.org/grpc v1.74.2 // indirect google.golang.org/protobuf v1.36.10 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index 76776ceb4..d427731cc 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -463,10 +463,10 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20251007200510-49b9836ed3ff h1:8Zg5TdmcbU8A7CXGjGXF1Slqu/nIFCRaR3S5gT2plIA= -google.golang.org/genproto/googleapis/api v0.0.0-20251007200510-49b9836ed3ff/go.mod h1:dbWfpVPvW/RqafStmRWBUpMN14puDezDMHxNYiRfQu0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 h1:CirRxTOwnRWVLKzDNrs0CXAaVozJoR4G9xvdRecrdpk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ= +google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 h1:mepRgnBZa07I4TRuomDE4sTIYieg/osKmzIf4USdWS4= +google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8/go.mod h1:fDMmzKV90WSg1NbozdqrE64fkuTv6mlq2zxo9ad+3yo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f h1:1FTH6cpXFsENbPR5Bu8NQddPSaUUE6NA2XdZdDSAJK4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= From c0604b1850b5d63edb199b1ba41e993255dc6829 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Tue, 14 Oct 2025 10:18:58 +0200 Subject: [PATCH 171/254] Revert "iso: inhibit `gpt-auto`" This reverts commit cce2b81b5eb051e3427ec932c6e87f63f3d17d26. When a new release of images is merged that contains [1] we can push this revert through after verification that the problem remains gone. [1]: https://github.com/osbuild/images/pull/1949 --- bib/cmd/bootc-image-builder/legacy_iso.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index f57b355a0..b5b84a77c 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -317,10 +317,6 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro img.InstallerCustomizations.OSVersion = c.SourceInfo.OSRelease.VersionID img.InstallerCustomizations.ISOLabel = labelForISO(&c.SourceInfo.OSRelease, &c.Architecture) - // XXX workaround for gpt-auto preventing ISO boot see [1] - // [1]: https://github.com/osbuild/images/issues/1947#issuecomment-3395867961 - img.InstallerCustomizations.KernelOptionsAppend = append(img.InstallerCustomizations.KernelOptionsAppend, "systemd.gpt_auto=0") - img.ExtraBasePackages = rpmmd.PackageSet{ Include: imageDef.Packages, } From 9c18abb1cadd30fd003139f317c38b895f7332fd Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Fri, 24 Oct 2025 00:11:37 +0000 Subject: [PATCH 172/254] fix(deps): update golang.org/x/exp digest to a4bb9ff Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 4 ++-- bib/go.sum | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 6a9f83e16..6c2f2892f 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -14,7 +14,7 @@ require ( github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 - golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 + golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 gopkg.in/yaml.v3 v3.0.1 ) @@ -125,7 +125,7 @@ require ( go.opentelemetry.io/otel/trace v1.36.0 // indirect golang.org/x/crypto v0.41.0 // indirect golang.org/x/net v0.43.0 // indirect - golang.org/x/sync v0.16.0 // indirect + golang.org/x/sync v0.17.0 // indirect golang.org/x/sys v0.35.0 // indirect golang.org/x/term v0.34.0 // indirect golang.org/x/text v0.28.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index d427731cc..5be61e294 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -352,8 +352,8 @@ golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ss golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 h1:9kj3STMvgqy3YA4VQXBrN7925ICMxD5wzMRcgA30588= -golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY= +golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -364,8 +364,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ= -golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -396,8 +396,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= +golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -452,8 +452,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg= -golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From ce517a50a05c85f6464cd8a77f696e4384993e2f Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sat, 25 Oct 2025 08:10:53 +0000 Subject: [PATCH 173/254] chore(deps): replace redhat-appstudio-tekton-catalog references redhat-appstudio-tekton-catalog is deprecated, replace the references with equivalent konflux-ci/tekton-catalog references --- .tekton/bootc-image-builder-pull-request.yaml | 36 +++++++-------- .tekton/bootc-image-builder-push.yaml | 44 +++++++++---------- 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.tekton/bootc-image-builder-pull-request.yaml b/.tekton/bootc-image-builder-pull-request.yaml index fedc4d912..3bbd7be56 100644 --- a/.tekton/bootc-image-builder-pull-request.yaml +++ b/.tekton/bootc-image-builder-pull-request.yaml @@ -46,7 +46,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:44b2e203f3f36664a7ef08b6428e091d5a5d5f3ed48064a7e06553d4ddc78679 + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7 - name: kind value: task resolver: bundles @@ -65,7 +65,7 @@ spec: - name: name value: summary - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:599d8b12c4f34ca3c386cb5c18af532cdc5f0773c0477044bbf4fe8591940725 + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:3f6e8513cbd70f0416eb6c6f2766973a754778526125ff33d8e3633def917091 - name: kind value: task resolver: bundles @@ -154,7 +154,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:711c6ff93f653404601645ec82c42feb543954f4d58a976156308aa9b9f3a603 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10 - name: kind value: task resolver: bundles @@ -171,7 +171,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:90d2d42d17e6276ef45505cbb5a78598e5f5186257d0ee2260b3d4835f1c2d6b - name: kind value: task resolver: bundles @@ -199,7 +199,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:90d2d42d17e6276ef45505cbb5a78598e5f5186257d0ee2260b3d4835f1c2d6b - name: kind value: task resolver: bundles @@ -227,7 +227,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:90d2d42d17e6276ef45505cbb5a78598e5f5186257d0ee2260b3d4835f1c2d6b - name: kind value: task resolver: bundles @@ -253,7 +253,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:90d2d42d17e6276ef45505cbb5a78598e5f5186257d0ee2260b3d4835f1c2d6b - name: kind value: task resolver: bundles @@ -290,7 +290,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.6@sha256:aa8120544c1156addb9ba7a86fd9032f3a8fab5e817aba0eb3e1f0f9b9433031 + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.6@sha256:4a18de4811fc4b5743b0073de2154db29d323312b93419dbd28b209ce495f042 - name: kind value: task resolver: bundles @@ -327,7 +327,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote:0.6@sha256:97c6088df2cb17239335e9722fec6de5d8bbf68a53c6489171993f55fd5be1fa - name: kind value: task resolver: bundles @@ -364,7 +364,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote:0.6@sha256:97c6088df2cb17239335e9722fec6de5d8bbf68a53c6489171993f55fd5be1fa - name: kind value: task resolver: bundles @@ -401,7 +401,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote:0.6@sha256:97c6088df2cb17239335e9722fec6de5d8bbf68a53c6489171993f55fd5be1fa - name: kind value: task resolver: bundles @@ -435,7 +435,7 @@ spec: - name: name value: build-image-manifest - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:f7e89ddff02a8f60274dc5d31e0150f7d5729455c8a0079cff3f25ea22d68dfe + value: quay.io/konflux-ci/tekton-catalog/task-build-image-manifest:0.1@sha256:1e49b4d7d350b8c43c284a57f3c3db789437bb3e2e28db205a990aae78c96022 - name: kind value: task resolver: bundles @@ -457,7 +457,7 @@ spec: - name: name value: inspect-image - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.2@sha256:01f4a7ac0ff27ef5d220b6d1e1057d2da6e8c1ba70b45262b14cf55bbf004098 + value: quay.io/konflux-ci/tekton-catalog/task-inspect-image:0.2@sha256:96677b43c900f1336938db3e1477bc49fb104ba3fa1e301e524a1ef704a4e754 - name: kind value: task resolver: bundles @@ -480,7 +480,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:4d452338516ee1fe0f3243a38310aa8cba41c89c0fa4813dd8a3b5ad587542c6 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f59175d9a0a60411738228dfe568af4684af4aa5e7e05c832927cb917801d489 - name: kind value: task resolver: bundles @@ -502,7 +502,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.3@sha256:e00a5b8372546b894386b3c9154ed2472887e7b014cdf1a77154a2fb3efefd82 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e - name: kind value: task resolver: bundles @@ -524,7 +524,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.4@sha256:93c9f73646740702d90a7a157a49fa55207f4edef700c81dbced824f7acac647 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:4b152eb931605b969c7a1ba15dd6a4d3c0231a20a1442ba5608e067160259e9d - name: kind value: task resolver: bundles @@ -549,7 +549,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.3@sha256:941ad1e2a94d1bc28b9300a6036842f25dca1d69ffbefa6e090ee7d125e87c41 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:f3d2d179cddcc07d0228d9f52959a233037a3afa2619d0a8b2effbb467db80c3 - name: kind value: task resolver: bundles @@ -571,7 +571,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:ec5edfc57e7f278982214c23a0a339b94224eb2ae1841cc29f79bec673af2bd8 + value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.2@sha256:c9ad826b8b412bb178713c3b49aa8cbec35df0458f34fa31721fe84d645f7996 - name: kind value: task resolver: bundles diff --git a/.tekton/bootc-image-builder-push.yaml b/.tekton/bootc-image-builder-push.yaml index b9a5b0c9e..637dd1f93 100644 --- a/.tekton/bootc-image-builder-push.yaml +++ b/.tekton/bootc-image-builder-push.yaml @@ -42,7 +42,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:44b2e203f3f36664a7ef08b6428e091d5a5d5f3ed48064a7e06553d4ddc78679 + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7 - name: kind value: task resolver: bundles @@ -61,7 +61,7 @@ spec: - name: name value: summary - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:599d8b12c4f34ca3c386cb5c18af532cdc5f0773c0477044bbf4fe8591940725 + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:3f6e8513cbd70f0416eb6c6f2766973a754778526125ff33d8e3633def917091 - name: kind value: task resolver: bundles @@ -150,7 +150,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:711c6ff93f653404601645ec82c42feb543954f4d58a976156308aa9b9f3a603 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10 - name: kind value: task resolver: bundles @@ -167,7 +167,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:90d2d42d17e6276ef45505cbb5a78598e5f5186257d0ee2260b3d4835f1c2d6b - name: kind value: task resolver: bundles @@ -195,7 +195,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:90d2d42d17e6276ef45505cbb5a78598e5f5186257d0ee2260b3d4835f1c2d6b - name: kind value: task resolver: bundles @@ -223,7 +223,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:90d2d42d17e6276ef45505cbb5a78598e5f5186257d0ee2260b3d4835f1c2d6b - name: kind value: task resolver: bundles @@ -249,7 +249,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:dea9911dc973ea13b2ecec728d34adf0fa41f70da2f5b0a5c829c400ef272c9b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:90d2d42d17e6276ef45505cbb5a78598e5f5186257d0ee2260b3d4835f1c2d6b - name: kind value: task resolver: bundles @@ -274,7 +274,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:3eaef93163bfa5a30d184604537fc2513d3169d744f7c02a3ad8630feffa0db0 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:a18a33aa577ac1b8f0c9ca6cd74c4c73a30cfd48a7b959c86390bc04066d1fb1 - name: kind value: task resolver: bundles @@ -297,7 +297,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:3eaef93163bfa5a30d184604537fc2513d3169d744f7c02a3ad8630feffa0db0 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:a18a33aa577ac1b8f0c9ca6cd74c4c73a30cfd48a7b959c86390bc04066d1fb1 - name: kind value: task resolver: bundles @@ -320,7 +320,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:3eaef93163bfa5a30d184604537fc2513d3169d744f7c02a3ad8630feffa0db0 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:a18a33aa577ac1b8f0c9ca6cd74c4c73a30cfd48a7b959c86390bc04066d1fb1 - name: kind value: task resolver: bundles @@ -343,7 +343,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.2@sha256:3eaef93163bfa5a30d184604537fc2513d3169d744f7c02a3ad8630feffa0db0 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:a18a33aa577ac1b8f0c9ca6cd74c4c73a30cfd48a7b959c86390bc04066d1fb1 - name: kind value: task resolver: bundles @@ -378,7 +378,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.6@sha256:aa8120544c1156addb9ba7a86fd9032f3a8fab5e817aba0eb3e1f0f9b9433031 + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.6@sha256:4a18de4811fc4b5743b0073de2154db29d323312b93419dbd28b209ce495f042 - name: kind value: task resolver: bundles @@ -415,7 +415,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote:0.6@sha256:97c6088df2cb17239335e9722fec6de5d8bbf68a53c6489171993f55fd5be1fa - name: kind value: task resolver: bundles @@ -452,7 +452,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote:0.6@sha256:97c6088df2cb17239335e9722fec6de5d8bbf68a53c6489171993f55fd5be1fa - name: kind value: task resolver: bundles @@ -489,7 +489,7 @@ spec: - name: name value: buildah-remote - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote:0.6@sha256:cc872f74d67103a6823ee87d6a10dd6a71adfe6230ba01c01864d32a85e7afb3 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote:0.6@sha256:97c6088df2cb17239335e9722fec6de5d8bbf68a53c6489171993f55fd5be1fa - name: kind value: task resolver: bundles @@ -523,7 +523,7 @@ spec: - name: name value: build-image-manifest - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:f7e89ddff02a8f60274dc5d31e0150f7d5729455c8a0079cff3f25ea22d68dfe + value: quay.io/konflux-ci/tekton-catalog/task-build-image-manifest:0.1@sha256:1e49b4d7d350b8c43c284a57f3c3db789437bb3e2e28db205a990aae78c96022 - name: kind value: task resolver: bundles @@ -545,7 +545,7 @@ spec: - name: name value: inspect-image - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.2@sha256:01f4a7ac0ff27ef5d220b6d1e1057d2da6e8c1ba70b45262b14cf55bbf004098 + value: quay.io/konflux-ci/tekton-catalog/task-inspect-image:0.2@sha256:96677b43c900f1336938db3e1477bc49fb104ba3fa1e301e524a1ef704a4e754 - name: kind value: task resolver: bundles @@ -568,7 +568,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.5@sha256:4d452338516ee1fe0f3243a38310aa8cba41c89c0fa4813dd8a3b5ad587542c6 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f59175d9a0a60411738228dfe568af4684af4aa5e7e05c832927cb917801d489 - name: kind value: task resolver: bundles @@ -590,7 +590,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.3@sha256:e00a5b8372546b894386b3c9154ed2472887e7b014cdf1a77154a2fb3efefd82 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e - name: kind value: task resolver: bundles @@ -612,7 +612,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.4@sha256:93c9f73646740702d90a7a157a49fa55207f4edef700c81dbced824f7acac647 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:4b152eb931605b969c7a1ba15dd6a4d3c0231a20a1442ba5608e067160259e9d - name: kind value: task resolver: bundles @@ -637,7 +637,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.3@sha256:941ad1e2a94d1bc28b9300a6036842f25dca1d69ffbefa6e090ee7d125e87c41 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:f3d2d179cddcc07d0228d9f52959a233037a3afa2619d0a8b2effbb467db80c3 - name: kind value: task resolver: bundles @@ -659,7 +659,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.2@sha256:ec5edfc57e7f278982214c23a0a339b94224eb2ae1841cc29f79bec673af2bd8 + value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.2@sha256:c9ad826b8b412bb178713c3b49aa8cbec35df0458f34fa31721fe84d645f7996 - name: kind value: task resolver: bundles From 29eaa413f9920158926d08570596320cb9711efc Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Mon, 27 Oct 2025 13:43:13 +0100 Subject: [PATCH 174/254] github: use pr.user.login to determine PR author Using github.actor to determine if a PR was created by dependabot and autoapprove it can be exploited using a "Confused Deputy" attack. Using github.event.pull_request.user.login instead verifies the actual author of the PR. --- .github/workflows/auto-merge-dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml index f5e014fbb..0626a6220 100644 --- a/.github/workflows/auto-merge-dependabot.yml +++ b/.github/workflows/auto-merge-dependabot.yml @@ -8,7 +8,7 @@ permissions: write-all jobs: dependabot: runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} + if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} steps: - name: Approve a PR run: gh pr review --approve "$PR_URL" From b415a4fe86b0900bb1203d7ae43807e2779fd1c1 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 7 Oct 2025 17:46:37 +0200 Subject: [PATCH 175/254] bib: expose new `ova` image type in bib This commit exposes the new `ova` image type and adds a basic smoke test. --- bib/internal/imagetypes/imagetypes.go | 1 + bib/internal/imagetypes/imagetypes_test.go | 6 ++--- test/test_manifest.py | 31 +++++++++++++++++++--- 3 files changed, 31 insertions(+), 7 deletions(-) diff --git a/bib/internal/imagetypes/imagetypes.go b/bib/internal/imagetypes/imagetypes.go index de396ce4b..98e601e5c 100644 --- a/bib/internal/imagetypes/imagetypes.go +++ b/bib/internal/imagetypes/imagetypes.go @@ -23,6 +23,7 @@ var supportedImageTypes = map[string]imageType{ "vmdk": imageType{Export: "vmdk"}, "vhd": imageType{Export: "vpc"}, "gce": imageType{Export: "gce"}, + "ova": imageType{Export: "archive"}, // the iso image types are RPM based and legacy/deprecated "anaconda-iso": imageType{Export: "bootiso", ISO: true, Legacy: true}, "iso": imageType{Export: "bootiso", ISO: true, Legacy: true}, diff --git a/bib/internal/imagetypes/imagetypes_test.go b/bib/internal/imagetypes/imagetypes_test.go index fe36ea0f6..efe7114b9 100644 --- a/bib/internal/imagetypes/imagetypes_test.go +++ b/bib/internal/imagetypes/imagetypes_test.go @@ -63,15 +63,15 @@ func TestImageTypes(t *testing.T) { }, "bad-image-type": { imageTypes: []string{"bad"}, - expectedErr: errors.New(`unsupported image type "bad", valid types are ami, anaconda-iso, gce, iso, qcow2, raw, vhd, vmdk`), + expectedErr: errors.New(`unsupported image type "bad", valid types are ami, anaconda-iso, gce, iso, ova, qcow2, raw, vhd, vmdk`), }, "bad-in-good": { imageTypes: []string{"ami", "raw", "vmdk", "qcow2", "something-else-what-is-this"}, - expectedErr: errors.New(`unsupported image type "something-else-what-is-this", valid types are ami, anaconda-iso, gce, iso, qcow2, raw, vhd, vmdk`), + expectedErr: errors.New(`unsupported image type "something-else-what-is-this", valid types are ami, anaconda-iso, gce, iso, ova, qcow2, raw, vhd, vmdk`), }, "all-bad": { imageTypes: []string{"bad1", "bad2", "bad3", "bad4", "bad5", "bad42"}, - expectedErr: errors.New(`unsupported image type "bad1", valid types are ami, anaconda-iso, gce, iso, qcow2, raw, vhd, vmdk`), + expectedErr: errors.New(`unsupported image type "bad1", valid types are ami, anaconda-iso, gce, iso, ova, qcow2, raw, vhd, vmdk`), }, } diff --git a/test/test_manifest.py b/test/test_manifest.py index 7171bb0fe..e312883a7 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -858,10 +858,9 @@ def test_manifest_customization_custom_file_smoke(tmp_path, build_container): def find_stage_options_from(manifest_str, stage_type): manifest = json.loads(manifest_str) for pipl in manifest["pipelines"]: - if pipl["name"] == "image": - for st in pipl["stages"]: - if st["type"] == stage_type: - return st["options"] + for st in pipl["stages"]: + if st["type"] == stage_type: + return st["options"] raise ValueError(f"cannot find {stage_type} stage manifest:\n{manifest_str}") @@ -1032,3 +1031,27 @@ def test_manifest_image_disk_yaml(tmp_path, build_container): ], encoding="utf8") write_device_options = find_stage_options_from(manifest_str, "org.osbuild.write-device") assert write_device_options["from"] == "input://tree/usr/lib/modules/5.0-x86_64/aboot.img" + + +@pytest.mark.parametrize("tc", gen_testcases("anaconda-iso")) +def test_ova_manifest_smoke(build_container, tc): + testutil.pull_container(tc.container_ref, tc.target_arch) + + output = subprocess.check_output([ + *testutil.podman_run_common, + build_container, + "manifest", + *tc.bib_rootfs_args(), + "--type=ova", + f"{tc.container_ref}", + ]) + # just some basic validation that we generate a ova + assert find_stage_options_from(output, "org.osbuild.tar") == { + "filename": "image.ova", + "format": "ustar", + "paths": [ + "image.ovf", + "image.mf", + "image.vmdk" + ] + } From bdd34ad8d71f080c96c3bb0decfd721757f3909b Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 16:12:41 +0000 Subject: [PATCH 176/254] chore(deps): update google.golang.org/genproto/googleapis/rpc digest to 3a174f9 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 6c2f2892f..b85bdb1c5 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -130,7 +130,7 @@ require ( golang.org/x/term v0.34.0 // indirect golang.org/x/text v0.28.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect google.golang.org/grpc v1.74.2 // indirect google.golang.org/protobuf v1.36.10 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index 5be61e294..a523c9b8c 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -465,8 +465,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 h1:mepRgnBZa07I4TRuomDE4sTIYieg/osKmzIf4USdWS4= google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8/go.mod h1:fDMmzKV90WSg1NbozdqrE64fkuTv6mlq2zxo9ad+3yo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f h1:1FTH6cpXFsENbPR5Bu8NQddPSaUUE6NA2XdZdDSAJK4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:M1rk8KBnUsBDg1oPGHNCxG4vc1f49epmTO7xscSajMk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= From 074707b6ccbe859600cd395ef0e5b6d41073762e Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sat, 25 Oct 2025 08:21:28 +0000 Subject: [PATCH 177/254] chore(deps): update module github.com/containers/image/v5 to v5.36.2 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index b85bdb1c5..c1efe734b 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -51,7 +51,7 @@ require ( github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect github.com/containers/common v0.64.1 // indirect - github.com/containers/image/v5 v5.36.1 // indirect + github.com/containers/image/v5 v5.36.2 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.2.1 // indirect github.com/containers/storage v1.59.1 // indirect diff --git a/bib/go.sum b/bib/go.sum index a523c9b8c..7e713b426 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -79,8 +79,8 @@ github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++ github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= github.com/containers/common v0.64.1 h1:E8vSiL+B84/UCsyVSb70GoxY9cu+0bseLujm4EKF6GE= github.com/containers/common v0.64.1/go.mod h1:CtfQNHoCAZqWeXMwdShcsxmMJSeGRgKKMqAwRKmWrHE= -github.com/containers/image/v5 v5.36.1 h1:6zpXBqR59UcAzoKpa/By5XekeqFV+htWYfr65+Cgjqo= -github.com/containers/image/v5 v5.36.1/go.mod h1:b4GMKH2z/5t6/09utbse2ZiLK/c72GuGLFdp7K69eA4= +github.com/containers/image/v5 v5.36.2 h1:GcxYQyAHRF/pLqR4p4RpvKllnNL8mOBn0eZnqJbfTwk= +github.com/containers/image/v5 v5.36.2/go.mod h1:b4GMKH2z/5t6/09utbse2ZiLK/c72GuGLFdp7K69eA4= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.2.1 h1:0qIOTT9DoYwcKmxSt8QJt+VzMY18onl9jUXsxpVhSmM= From b57be103ecd7c1a28a5258019775de63e7d48996 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 20:14:56 +0000 Subject: [PATCH 178/254] chore(deps): update module github.com/klauspost/compress to v1.18.1 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index c1efe734b..f655f9052 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -82,7 +82,7 @@ require ( github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.18.0 // indirect + github.com/klauspost/compress v1.18.1 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect github.com/mattn/go-colorable v0.1.14 // indirect diff --git a/bib/go.sum b/bib/go.sum index 7e713b426..abc27ae36 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -188,8 +188,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= -github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= +github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co= +github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= From bb9db42ca8dd7a3982b5f072e928c8c9aea4b7c0 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Tue, 28 Oct 2025 12:13:18 +0000 Subject: [PATCH 179/254] chore(deps): update module github.com/aws/smithy-go to v1.23.1 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index f655f9052..ffd029ea6 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -44,7 +44,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/sso v1.29.1 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.38.2 // indirect - github.com/aws/smithy-go v1.23.0 // indirect + github.com/aws/smithy-go v1.23.1 // indirect github.com/containerd/cgroups/v3 v3.0.5 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index abc27ae36..a2a5fdfa0 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -52,8 +52,8 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2 h1:gKWSTnqudpo8dAxqBqZnDoDW github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2/go.mod h1:x7+rkNmRoEN1U13A6JE2fXne9EWyJy54o3n6d4mGaXQ= github.com/aws/aws-sdk-go-v2/service/sts v1.38.2 h1:YZPjhyaGzhDQEvsffDEcpycq49nl7fiGcfJTIo8BszI= github.com/aws/aws-sdk-go-v2/service/sts v1.38.2/go.mod h1:2dIN8qhQfv37BdUYGgEC8Q3tteM3zFxTI1MLO2O3J3c= -github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE= -github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= +github.com/aws/smithy-go v1.23.1 h1:sLvcH6dfAFwGkHLZ7dGiYF7aK6mg4CgKA/iDKjLDt9M= +github.com/aws/smithy-go v1.23.1/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= From 8c0ddd38e54df8d37ec5c4033cccf90b60eed970 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Tue, 28 Oct 2025 12:13:30 +0000 Subject: [PATCH 180/254] chore(deps): update module github.com/containers/common to v0.64.2 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 4 ++-- bib/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index ffd029ea6..39faf6179 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -50,7 +50,7 @@ require ( github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect - github.com/containers/common v0.64.1 // indirect + github.com/containers/common v0.64.2 // indirect github.com/containers/image/v5 v5.36.2 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.2.1 // indirect @@ -114,7 +114,7 @@ require ( github.com/sylabs/sif/v2 v2.21.1 // indirect github.com/tchap/go-patricia/v2 v2.3.3 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect - github.com/ulikunitz/xz v0.5.12 // indirect + github.com/ulikunitz/xz v0.5.15 // indirect github.com/vbatts/tar-split v0.12.1 // indirect github.com/vbauerster/mpb/v8 v8.10.2 // indirect go.opencensus.io v0.24.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index a2a5fdfa0..20ae8af93 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -77,8 +77,8 @@ github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRcc github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= -github.com/containers/common v0.64.1 h1:E8vSiL+B84/UCsyVSb70GoxY9cu+0bseLujm4EKF6GE= -github.com/containers/common v0.64.1/go.mod h1:CtfQNHoCAZqWeXMwdShcsxmMJSeGRgKKMqAwRKmWrHE= +github.com/containers/common v0.64.2 h1:1xepE7QwQggUXxmyQ1Dbh6Cn0yd7ktk14sN3McSWf5I= +github.com/containers/common v0.64.2/go.mod h1:o29GfYy4tefUuShm8mOn2AiL5Mpzdio+viHI7n24KJ4= github.com/containers/image/v5 v5.36.2 h1:GcxYQyAHRF/pLqR4p4RpvKllnNL8mOBn0eZnqJbfTwk= github.com/containers/image/v5 v5.36.2/go.mod h1:b4GMKH2z/5t6/09utbse2ZiLK/c72GuGLFdp7K69eA4= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= @@ -310,8 +310,8 @@ github.com/tchap/go-patricia/v2 v2.3.3 h1:xfNEsODumaEcCcY3gI0hYPZ/PcpVv5ju6RMAhg github.com/tchap/go-patricia/v2 v2.3.3/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= -github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= -github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY= +github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo= github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= github.com/vbauerster/mpb/v8 v8.10.2 h1:2uBykSHAYHekE11YvJhKxYmLATKHAGorZwFlyNw4hHM= From 6a6cd928962cce3fb85bb694e3b790c64b7576b9 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 27 Aug 2025 10:52:06 +0200 Subject: [PATCH 181/254] main: add regression test for aws upload target arch error This is a regression test to ensure the commandline handling of aws upload is correct. Its a followup for https://github.com/osbuild/bootc-image-builder/pull/1030 --- bib/cmd/bootc-image-builder/export_test.go | 14 +++++ bib/cmd/bootc-image-builder/main.go | 6 +- bib/cmd/bootc-image-builder/main_test.go | 71 ++++++++++++++++++++++ 3 files changed, 89 insertions(+), 2 deletions(-) diff --git a/bib/cmd/bootc-image-builder/export_test.go b/bib/cmd/bootc-image-builder/export_test.go index 8dcbaef91..e174182c0 100644 --- a/bib/cmd/bootc-image-builder/export_test.go +++ b/bib/cmd/bootc-image-builder/export_test.go @@ -1,10 +1,16 @@ package main +import ( + "github.com/osbuild/images/pkg/cloud" + "github.com/osbuild/images/pkg/cloud/awscloud" +) + var ( CanChownInPath = canChownInPath GetDistroAndRunner = getDistroAndRunner CreateRand = createRand BuildCobraCmdline = buildCobraCmdline + HandleAWSFlags = handleAWSFlags ) func MockOsGetuid(new func() int) (restore func()) { @@ -22,3 +28,11 @@ func MockOsReadFile(new func(string) ([]byte, error)) (restore func()) { osReadFile = saved } } + +func MockAwscloudNewUploader(f func(string, string, string, *awscloud.UploaderOptions) (cloud.Uploader, error)) (restore func()) { + saved := awscloudNewUploader + awscloudNewUploader = f + return func() { + awscloudNewUploader = saved + } +} diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index a4191ea14..a295bbde9 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -216,6 +216,8 @@ func cmdManifest(cmd *cobra.Command, args []string) error { return nil } +var awscloudNewUploader = awscloud.NewUploader + func handleAWSFlags(cmd *cobra.Command) (cloud.Uploader, error) { imgTypes, _ := cmd.Flags().GetStringArray("type") region, _ := cmd.Flags().GetString("aws-region") @@ -230,7 +232,6 @@ func handleAWSFlags(cmd *cobra.Command) (cloud.Uploader, error) { return nil, fmt.Errorf("aws flags set for non-ami image type (type is set to %s)", strings.Join(imgTypes, ",")) } - // check as many permission prerequisites as possible before starting targetArch := arch.Current() if targetArchStr != "" { var err error @@ -242,7 +243,7 @@ func handleAWSFlags(cmd *cobra.Command) (cloud.Uploader, error) { uploaderOpts := &awscloud.UploaderOptions{ TargetArch: targetArch, } - uploader, err := awscloud.NewUploader(region, bucketName, imageName, uploaderOpts) + uploader, err := awscloudNewUploader(region, bucketName, imageName, uploaderOpts) if err != nil { return nil, err } @@ -250,6 +251,7 @@ func handleAWSFlags(cmd *cobra.Command) (cloud.Uploader, error) { if logrus.GetLevel() >= logrus.InfoLevel { status = os.Stderr } + // check as many permission prerequisites as possible before starting if err := uploader.Check(status); err != nil { return nil, err } diff --git a/bib/cmd/bootc-image-builder/main_test.go b/bib/cmd/bootc-image-builder/main_test.go index 9ee0b9333..90abd7c09 100644 --- a/bib/cmd/bootc-image-builder/main_test.go +++ b/bib/cmd/bootc-image-builder/main_test.go @@ -1,7 +1,9 @@ package main_test import ( + "bytes" "fmt" + "io" "os" "strings" "testing" @@ -12,6 +14,10 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/cloud" + "github.com/osbuild/images/pkg/cloud/awscloud" + main "github.com/osbuild/bootc-image-builder/bib/cmd/bootc-image-builder" ) @@ -159,3 +165,68 @@ func TestCobraCmdlineVerbose(t *testing.T) { }) } } + +type fakeAwsUploader struct { + checkCalls int + + region, bucket, ami string + opts *awscloud.UploaderOptions + + uploadAndRegisterRead bytes.Buffer + uploadAndRegisterCalls int + uploadAndRegisterErr error +} + +var _ = cloud.Uploader(&fakeAwsUploader{}) + +func (fa *fakeAwsUploader) Check(status io.Writer) error { + fa.checkCalls++ + return nil +} + +func (fa *fakeAwsUploader) UploadAndRegister(r io.Reader, size uint64, status io.Writer) error { + fa.uploadAndRegisterCalls++ + _, err := io.Copy(&fa.uploadAndRegisterRead, r) + if err != nil { + panic(err) + } + return fa.uploadAndRegisterErr +} + +func TestHandleAWSFlags(t *testing.T) { + for _, tc := range []struct { + extraArgs []string + expectedOpts *awscloud.UploaderOptions + }{ + {nil, &awscloud.UploaderOptions{TargetArch: arch.Current()}}, + {[]string{"--target-arch=aarch64"}, &awscloud.UploaderOptions{TargetArch: arch.ARCH_AARCH64}}, + } { + var fau fakeAwsUploader + t.Cleanup(main.MockAwscloudNewUploader(func(region string, bucket string, ami string, opts *awscloud.UploaderOptions) (cloud.Uploader, error) { + fau.region = region + fau.bucket = bucket + fau.ami = ami + fau.opts = opts + return &fau, nil + })) + + rootCmd, err := main.BuildCobraCmdline() + assert.NoError(t, err) + // Commands() returns commandsordered by name + buildCmd := rootCmd.Commands()[0] + assert.Equal(t, "build", buildCmd.Name()) + err = buildCmd.ParseFlags(append([]string{ + "--aws-bucket=aws-bucket", + "--aws-ami-name=aws-ami-name", + "--aws-region=aws-region", + "--type=ami", + }, tc.extraArgs...)) + assert.NoError(t, err) + + uploader, err := main.HandleAWSFlags(buildCmd) + assert.NoError(t, err) + assert.NotNil(t, uploader) + assert.Equal(t, 1, fau.checkCalls) + assert.Equal(t, tc.expectedOpts, fau.opts) + } +} From 4c4288e0cfe0da67f4c91b94eff83e8e2da99ef8 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Fri, 31 Oct 2025 04:13:45 +0000 Subject: [PATCH 182/254] chore(deps): update module github.com/mattn/go-runewidth to v0.0.19 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 4 ++-- bib/go.sum | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 39faf6179..4021bb840 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -45,6 +45,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.38.2 // indirect github.com/aws/smithy-go v1.23.1 // indirect + github.com/clipperhouse/uax29/v2 v2.2.0 // indirect github.com/containerd/cgroups/v3 v3.0.5 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect @@ -87,7 +88,7 @@ require ( github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.16 // indirect + github.com/mattn/go-runewidth v0.0.19 // indirect github.com/mattn/go-sqlite3 v1.14.28 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mistifyio/go-zfs/v3 v3.0.1 // indirect @@ -104,7 +105,6 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/proglottis/gpgme v0.1.4 // indirect - github.com/rivo/uniseg v0.4.7 // indirect github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect github.com/sigstore/fulcio v1.6.6 // indirect github.com/sigstore/protobuf-specs v0.4.1 // indirect diff --git a/bib/go.sum b/bib/go.sum index 20ae8af93..b8fd97a0d 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -64,6 +64,8 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL github.com/cheggaaa/pb/v3 v3.1.7 h1:2FsIW307kt7A/rz/ZI2lvPO+v3wKazzE4K/0LtTWsOI= github.com/cheggaaa/pb/v3 v3.1.7/go.mod h1:/Ji89zfVPeC/u5j8ukD0MBPHt2bzTYp74lQ7KlgFWTQ= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/clipperhouse/uax29/v2 v2.2.0 h1:ChwIKnQN3kcZteTXMgb1wztSgaU+ZemkgWdohwgs8tY= +github.com/clipperhouse/uax29/v2 v2.2.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/containerd/cgroups/v3 v3.0.5 h1:44na7Ud+VwyE7LIoJ8JTNQOa549a8543BmzaJHo6Bzo= github.com/containerd/cgroups/v3 v3.0.5/go.mod h1:SA5DLYnXO8pTGYiAHXz94qvLQTKfVM5GEVisn4jpins= @@ -202,8 +204,8 @@ github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHP github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= -github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw= +github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs= github.com/mattn/go-sqlite3 v1.14.28 h1:ThEiQrnbtumT+QMknw63Befp/ce/nUPgBPMlRFEum7A= github.com/mattn/go-sqlite3 v1.14.28/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= @@ -263,9 +265,6 @@ github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= -github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= From bdf32f4e94a6f54060b640b1c811cf01e65da304 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Mon, 27 Oct 2025 13:42:15 +0100 Subject: [PATCH 183/254] deps: switch yaml libraries During a recent chat it was brought up that `go.pkg.in/yaml.v3` is unmaintained. The YAML organization forked the unmaintained package and is now updating it. The `v3` we use here only receives security fixes while `v4` will eventually support new features and more of YAML. Let's do the easy an uncontroversial swap first as this is a maintained drop-in replacement. Signed-off-by: Simon de Vlieger --- bib/go.mod | 3 ++- bib/go.sum | 2 ++ bib/internal/distrodef/distrodef.go | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 4021bb840..da742aefd 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -15,7 +15,7 @@ require ( github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 - gopkg.in/yaml.v3 v3.0.1 + go.yaml.in/yaml/v3 v3.0.4 ) require ( @@ -134,4 +134,5 @@ require ( google.golang.org/grpc v1.74.2 // indirect google.golang.org/protobuf v1.36.10 // indirect gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/bib/go.sum b/bib/go.sum index b8fd97a0d..37a40fd61 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -340,6 +340,8 @@ go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKr go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= diff --git a/bib/internal/distrodef/distrodef.go b/bib/internal/distrodef/distrodef.go index c121d2910..2ad279444 100644 --- a/bib/internal/distrodef/distrodef.go +++ b/bib/internal/distrodef/distrodef.go @@ -7,7 +7,7 @@ import ( "strings" "golang.org/x/exp/maps" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v3" "github.com/hashicorp/go-version" ) From 37c30f4636e1539e693d3523c3e003a62560fba7 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Fri, 31 Oct 2025 16:14:58 +0000 Subject: [PATCH 184/254] chore(deps): update module github.com/google/go-containerregistry to v0.20.6 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 4 ++-- bib/go.sum | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index da742aefd..ba36bd694 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -14,8 +14,8 @@ require ( github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 - golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 go.yaml.in/yaml/v3 v3.0.4 + golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 ) require ( @@ -75,7 +75,7 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/google/go-containerregistry v0.20.3 // indirect + github.com/google/go-containerregistry v0.20.6 // indirect github.com/google/go-intervals v0.0.2 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.1 // indirect diff --git a/bib/go.sum b/bib/go.sum index 37a40fd61..1f2944ec5 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -162,8 +162,8 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-containerregistry v0.20.3 h1:oNx7IdTI936V8CQRveCjaxOiegWwvM7kqkbXTpyiovI= -github.com/google/go-containerregistry v0.20.3/go.mod h1:w00pIgBRDVUDFM6bq+Qx8lwNWK+cxgCuX1vd3PIBDNI= +github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB31qAwjAohdSTU= +github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y= github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM= github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= From a8e8ad78da94a1e0ba52a95893cc7e34157f8842 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Fri, 31 Oct 2025 16:16:09 +0000 Subject: [PATCH 185/254] chore(deps): update module github.com/secure-systems-lab/go-securesystemslib to v0.9.1 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index ba36bd694..38c8ef835 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -105,7 +105,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/proglottis/gpgme v0.1.4 // indirect - github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect + github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect github.com/sigstore/fulcio v1.6.6 // indirect github.com/sigstore/protobuf-specs v0.4.1 // indirect github.com/sigstore/sigstore v1.9.5 // indirect diff --git a/bib/go.sum b/bib/go.sum index 1f2944ec5..579249fb2 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -272,8 +272,8 @@ github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEV github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= github.com/sebdah/goldie/v2 v2.5.5 h1:rx1mwF95RxZ3/83sdS4Yp7t2C5TCokvWP4TBRbAyEWY= github.com/sebdah/goldie/v2 v2.5.5/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI= -github.com/secure-systems-lab/go-securesystemslib v0.9.0 h1:rf1HIbL64nUpEIZnjLZ3mcNEL9NBPB0iuVjyxvq3LZc= -github.com/secure-systems-lab/go-securesystemslib v0.9.0/go.mod h1:DVHKMcZ+V4/woA/peqr+L0joiRXbPpQ042GgJckkFgw= +github.com/secure-systems-lab/go-securesystemslib v0.9.1 h1:nZZaNz4DiERIQguNy0cL5qTdn9lR8XKHf4RUyG1Sx3g= +github.com/secure-systems-lab/go-securesystemslib v0.9.1/go.mod h1:np53YzT0zXGMv6x4iEWc9Z59uR+x+ndLwCLqPYpLXVU= github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sigstore/fulcio v1.6.6 h1:XaMYX6TNT+8n7Npe8D94nyZ7/ERjEsNGFC+REdi/wzw= From 573e057ba3ec34d7453b0574d0c0f4a83b0dd488 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 29 Oct 2025 15:53:47 +0100 Subject: [PATCH 186/254] go.mod: move to images v0.211.0 --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 38c8ef835..948e19d84 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.16.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.209.0 + github.com/osbuild/images v0.211.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index 579249fb2..62b88695b 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -247,8 +247,8 @@ github.com/osbuild/blueprint v1.16.0 h1:f/kHih+xpeJ1v7wtIfzdHPZTsiXsqKeDQ1+rrue6 github.com/osbuild/blueprint v1.16.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= -github.com/osbuild/images v0.209.0 h1:9BRf+N0op1WbQkc+7zVRBZxg4dqS4lty3i2stF3G9lo= -github.com/osbuild/images v0.209.0/go.mod h1:tZqcrs3eNUA0VPs1h3YCnbnpAskVVfo36CIi2USSfDs= +github.com/osbuild/images v0.211.0 h1:3BU7mMM7Iu81qZnq7y8luuIIOt707J9tF9DwCyOk9yM= +github.com/osbuild/images v0.211.0/go.mod h1:Cs7zFV8rmbVHn+19ArNdjd1AtFk+LC9dOOHuxiSLghw= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From dc170b8d274ef11224b77b5cafe4bbc35381269f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 29 Oct 2025 15:55:16 +0100 Subject: [PATCH 187/254] bib: update for v0.211 api change The NewAnacondaContainerInstaller got renamed to NewAnacondaContainerInstallerLegacy. --- bib/cmd/bootc-image-builder/legacy_iso.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index b5b84a77c..7f71e88ec 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -305,7 +305,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro // The ref is not needed and will be removed from the ctor later // in time - img := image.NewAnacondaContainerInstaller(platform, filename, containerSource, "") + img := image.NewAnacondaContainerInstallerLegacy(platform, filename, containerSource, "") img.ContainerRemoveSignatures = true img.RootfsCompression = "zstd" From 2d6d1258917217937528699a8557849e5ec74e7c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 29 Oct 2025 16:19:13 +0100 Subject: [PATCH 188/254] bib: add support for `--type bootc-installer` This commit adds support for the new `bootc-installer` image type that will take a bootc container and create an ISO out of it. It also adds a new `--installer-payload-ref` option so that the user can specify a different payload container to install. See https://github.com/osbuild/images/pull/1906 for details. This is the equivalent of https://github.com/osbuild/image-builder-cli/pull/341 for bootc-image-builder and allows us to build these kinds of images with bib now too. --- README.md | 5 ++-- bib/cmd/bootc-image-builder/main.go | 24 +++++++++++++------ bib/internal/imagetypes/imagetypes.go | 15 ++++++------ bib/internal/imagetypes/imagetypes_test.go | 12 ++++++---- test/test_manifest.py | 27 +++++++++++++++++++++- 5 files changed, 62 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index d07eefb3f..fbf26068d 100644 --- a/README.md +++ b/README.md @@ -133,7 +133,7 @@ Flags: --progress string type of progress bar to use (e.g. verbose,term) (default "auto") --rootfs string Root filesystem type. If not given, the default configured in the source container image is used. --target-arch string build for the given target architecture (experimental) - --type stringArray image types to build [ami, anaconda-iso, gce, iso, qcow2, raw, vhd, vmdk] (default [qcow2]) + --type stringArray image types to build [ami, anaconda-iso, bootc-installer, gce, iso, qcow2, raw, vhd, vmdk] (default [qcow2]) --version version for bootc-image-builder Global Flags: @@ -172,7 +172,8 @@ The following image types are currently available via the `--type` argument: | `ami` | [Amazon Machine Image](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html) | | `qcow2` **(default)** | [QEMU](https://www.qemu.org/) | | `vmdk` | [VMDK](https://en.wikipedia.org/wiki/VMDK) usable in vSphere, among others | -| `anaconda-iso` | An unattended Anaconda installer that installs to the first disk found. | +| `bootc-installer` | An installer ISO image based on the specified bootc container image. | +| `anaconda-iso` | An unattended Anaconda installer that installs to the first disk found build from RPMs. | | `raw` | Unformatted [raw disk](https://en.wikipedia.org/wiki/Rawdisk). | | `vhd` | [vhd](https://en.wikipedia.org/wiki/VHD_(file_format)) usable in Virtual PC, among others | | `gce` | [GCE](https://cloud.google.com/compute/docs/images#custom_images) | diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index a295bbde9..5f10f7603 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -25,6 +25,7 @@ import ( "github.com/osbuild/images/pkg/bib/blueprintload" "github.com/osbuild/images/pkg/cloud" "github.com/osbuild/images/pkg/cloud/awscloud" + "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/distro/bootc" "github.com/osbuild/images/pkg/experimentalflags" "github.com/osbuild/images/pkg/manifest" @@ -93,6 +94,7 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress targetArch, _ := cmd.Flags().GetString("target-arch") rootFs, _ := cmd.Flags().GetString("rootfs") buildImgref, _ := cmd.Flags().GetString("build-container") + installerPayloadRef, _ := cmd.Flags().GetString("installer-payload-ref") useLibrepo, _ := cmd.Flags().GetBool("use-librepo") // If --local was given, warn in the case of --local or --local=true (true is the default), error in the case of --local=false @@ -153,21 +155,21 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress if imageTypes.Legacy() { return manifestFromCobraForLegacyISO(imgref, buildImgref, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch) } - return manifestFromCobraForDisk(imgref, buildImgref, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch) + return manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch) } -func manifestFromCobraForDisk(imgref, buildImgref, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch) ([]byte, *mTLSConfig, error) { - distro, err := bootc.NewBootcDistro(imgref) +func manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch) ([]byte, *mTLSConfig, error) { + distri, err := bootc.NewBootcDistro(imgref) if err != nil { return nil, nil, err } - if err := distro.SetBuildContainer(buildImgref); err != nil { + if err := distri.SetBuildContainer(buildImgref); err != nil { return nil, nil, err } - if err := distro.SetDefaultFs(rootFs); err != nil { + if err := distri.SetDefaultFs(rootFs); err != nil { return nil, nil, err } - archi, err := distro.GetArch(cntArch.String()) + archi, err := distri.GetArch(cntArch.String()) if err != nil { return nil, nil, err } @@ -193,7 +195,12 @@ func manifestFromCobraForDisk(imgref, buildImgref, imgTypeStr, rootFs, rpmCacheR if err != nil { return nil, nil, err } - manifest, err := mg.Generate(config, imgType, nil) + imgOpts := &distro.ImageOptions{ + Bootc: &distro.BootcImageOptions{ + InstallerPayloadRef: installerPayloadRef, + }, + } + manifest, err := mg.Generate(config, imgType, imgOpts) if err != nil { return nil, nil, err } @@ -506,6 +513,9 @@ func buildCobraCmdline() (*cobra.Command, error) { manifestCmd.Flags().String("rpmmd", "/rpmmd", "rpm metadata cache directory") manifestCmd.Flags().String("target-arch", "", "build for the given target architecture (experimental)") manifestCmd.Flags().String("build-container", "", "Use a custom container for the image build") + // XXX: add --bootc-installer-payload-ref as alias to make it + // cmdline compatible with ibcli(?) + manifestCmd.Flags().String("installer-payload-ref", "", "bootc installer payload ref") manifestCmd.Flags().StringArray("type", []string{"qcow2"}, fmt.Sprintf("image types to build [%s]", imagetypes.Available())) manifestCmd.Flags().Bool("local", true, "DEPRECATED: --local is now the default behavior, make sure to pull the container image before running bootc-image-builder") if err := manifestCmd.Flags().MarkHidden("local"); err != nil { diff --git a/bib/internal/imagetypes/imagetypes.go b/bib/internal/imagetypes/imagetypes.go index 98e601e5c..41fafc184 100644 --- a/bib/internal/imagetypes/imagetypes.go +++ b/bib/internal/imagetypes/imagetypes.go @@ -17,13 +17,14 @@ var supportedImageTypes = map[string]imageType{ // XXX: ideally we would look how to consolidate all // knownledge about disk based image types into the images // library - "ami": imageType{Export: "image"}, - "qcow2": imageType{Export: "qcow2"}, - "raw": imageType{Export: "image"}, - "vmdk": imageType{Export: "vmdk"}, - "vhd": imageType{Export: "vpc"}, - "gce": imageType{Export: "gce"}, - "ova": imageType{Export: "archive"}, + "ami": imageType{Export: "image"}, + "qcow2": imageType{Export: "qcow2"}, + "raw": imageType{Export: "image"}, + "vmdk": imageType{Export: "vmdk"}, + "vhd": imageType{Export: "vpc"}, + "gce": imageType{Export: "gce"}, + "ova": imageType{Export: "archive"}, + "bootc-installer": imageType{Export: "bootiso", ISO: true}, // the iso image types are RPM based and legacy/deprecated "anaconda-iso": imageType{Export: "bootiso", ISO: true, Legacy: true}, "iso": imageType{Export: "bootiso", ISO: true, Legacy: true}, diff --git a/bib/internal/imagetypes/imagetypes_test.go b/bib/internal/imagetypes/imagetypes_test.go index efe7114b9..8419beb7a 100644 --- a/bib/internal/imagetypes/imagetypes_test.go +++ b/bib/internal/imagetypes/imagetypes_test.go @@ -57,21 +57,25 @@ func TestImageTypes(t *testing.T) { imageTypes: []string{"vmdk", "anaconda-iso"}, expectedErr: errors.New("cannot mix ISO/disk images in request [vmdk anaconda-iso]"), }, - "bad-mix-part-2": { + "bad-mix-2": { + imageTypes: []string{"vmdk", "bootc-installer"}, + expectedErr: errors.New("cannot mix ISO/disk images in request [vmdk bootc-installer]"), + }, + "bad-mix-3": { imageTypes: []string{"ami", "iso"}, expectedErr: errors.New("cannot mix ISO/disk images in request [ami iso]"), }, "bad-image-type": { imageTypes: []string{"bad"}, - expectedErr: errors.New(`unsupported image type "bad", valid types are ami, anaconda-iso, gce, iso, ova, qcow2, raw, vhd, vmdk`), + expectedErr: errors.New(`unsupported image type "bad", valid types are ami, anaconda-iso, bootc-installer, gce, iso, ova, qcow2, raw, vhd, vmdk`), }, "bad-in-good": { imageTypes: []string{"ami", "raw", "vmdk", "qcow2", "something-else-what-is-this"}, - expectedErr: errors.New(`unsupported image type "something-else-what-is-this", valid types are ami, anaconda-iso, gce, iso, ova, qcow2, raw, vhd, vmdk`), + expectedErr: errors.New(`unsupported image type "something-else-what-is-this", valid types are ami, anaconda-iso, bootc-installer, gce, iso, ova, qcow2, raw, vhd, vmdk`), }, "all-bad": { imageTypes: []string{"bad1", "bad2", "bad3", "bad4", "bad5", "bad42"}, - expectedErr: errors.New(`unsupported image type "bad1", valid types are ami, anaconda-iso, gce, iso, ova, qcow2, raw, vhd, vmdk`), + expectedErr: errors.New(`unsupported image type "bad1", valid types are ami, anaconda-iso, bootc-installer, gce, iso, ova, qcow2, raw, vhd, vmdk`), }, } diff --git a/test/test_manifest.py b/test/test_manifest.py index e312883a7..e523410d5 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -53,7 +53,7 @@ def test_manifest_smoke(build_container, tc): @pytest.mark.parametrize("tc", gen_testcases("anaconda-iso")) -def test_iso_manifest_smoke(build_container, tc): +def test_rpm_iso_manifest_smoke(build_container, tc): testutil.pull_container(tc.container_ref, tc.target_arch) output = subprocess.check_output([ @@ -71,6 +71,31 @@ def test_iso_manifest_smoke(build_container, tc): assert [pipeline["name"] for pipeline in manifest["pipelines"]] == expected_pipeline_names +def test_bootc_iso_manifest_smoke(build_container): + container_ref = "quay.io/centos-bootc/centos-bootc:stream9" + # Note that this is not a realistic ref, a generic bootc + # image does not contain anaconda so this won't produce a + # working installer. For the purpose of the test to validate + # that we get a manifest with the right refs its good enough. + installer_payload_ref = "quay.io/centos-bootc/centos-bootc:stream10" + testutil.pull_container(container_ref) + testutil.pull_container(installer_payload_ref) + + output = subprocess.check_output([ + *testutil.podman_run_common, + build_container, + "manifest", + "--type=bootc-installer", + f"{container_ref}", + f"--installer-payload-ref={installer_payload_ref}", + ]) + manifest = json.loads(output) + # just some basic validation + expected_pipeline_names = ["build", "anaconda-tree", "efiboot-tree", "bootiso-tree", "bootiso"] + assert manifest["version"] == "2" + assert [pipeline["name"] for pipeline in manifest["pipelines"]] == expected_pipeline_names + + @pytest.mark.parametrize("tc", gen_testcases("manifest")) def test_manifest_disksize(tmp_path, build_container, tc): testutil.pull_container(tc.container_ref, tc.target_arch) From ddb9e6c6edfb5314c03920d4eb3df0dd69645983 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 25 Sep 2025 17:25:31 +0200 Subject: [PATCH 189/254] test: fix missing wait() when killing qemu --- test/vm.py | 1 + 1 file changed, 1 insertion(+) diff --git a/test/vm.py b/test/vm.py index a1be56a52..6157e3eb8 100644 --- a/test/vm.py +++ b/test/vm.py @@ -202,6 +202,7 @@ def wait_qmp_event(self, qmp_event): def force_stop(self): if self._qemu_p: self._qemu_p.kill() + self._qemu_p.wait() self._qemu_p = None self._address = None self._ssh_port = None From c106f0c8dd0721b8347abc2efd0e12e5d176913d Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 25 Sep 2025 17:32:03 +0200 Subject: [PATCH 190/254] test: add bootc-installer image type test Add an integration test that uses the new `bootc-installer` image type to perform a full install and validate that booting into the resulting image works. --- test/test_build_iso.py | 122 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) diff --git a/test/test_build_iso.py b/test/test_build_iso.py index d702e74db..639344907 100644 --- a/test/test_build_iso.py +++ b/test/test_build_iso.py @@ -1,12 +1,17 @@ import os +import random +import json import platform +import string import subprocess +import textwrap from contextlib import ExitStack import pytest # local test utils import testutil from containerbuild import build_container_fixture # pylint: disable=unused-import +from containerbuild import make_container from testcases import gen_testcases from vm import QEMU @@ -83,3 +88,120 @@ def test_iso_install_img_is_squashfs(tmp_path, image_type): # was an intermediate ext4 image "squashfs-root/LiveOS/rootfs.img" output = subprocess.check_output(["unsquashfs", "-ls", mount_point / "images/install.img"], text=True) assert "usr/bin/bootc" in output + + +@pytest.mark.skipif(platform.system() != "Linux", reason="boot test only runs on linux right now") +@pytest.mark.parametrize("container_ref", [ + "quay.io/centos-bootc/centos-bootc:stream10", + "quay.io/fedora/fedora-bootc:42", + "quay.io/centos-bootc/centos-bootc:stream9", +]) +# pylint: disable=too-many-locals +def test_bootc_installer_iso_installs(tmp_path, build_container, container_ref): + # XXX: duplicated from test_build_disk.py + username = "test" + password = "".join( + random.choices(string.ascii_uppercase + string.digits, k=18)) + ssh_keyfile_private_path = tmp_path / "ssh-keyfile" + ssh_keyfile_public_path = ssh_keyfile_private_path.with_suffix(".pub") + if not ssh_keyfile_private_path.exists(): + subprocess.run([ + "ssh-keygen", + "-N", "", + # be very conservative with keys for paramiko + "-b", "2048", + "-t", "rsa", + "-f", os.fspath(ssh_keyfile_private_path), + ], check=True) + ssh_pubkey = ssh_keyfile_public_path.read_text(encoding="utf8").strip() + cfg = { + "customizations": { + "user": [ + { + "name": "root", + "key": ssh_pubkey, + # note that we have no "home" here for ISOs + }, { + "name": username, + "password": password, + "groups": ["wheel"], + }, + ], + "kernel": { + # XXX: we need https://github.com/osbuild/images/pull/1786 or no kargs are added to anaconda + # XXX2: drop a bunch of the debug flags + # + # Use console=ttyS0 so that we see output in our debug + # logs. by default anaconda prints to the last console= + # from the kernel commandline + "append": "systemd.debug-shell=1 rd.systemd.debug-shell=1 inst.debug console=ttyS0", + }, + }, + } + config_json_path = tmp_path / "config.json" + config_json_path.write_text(json.dumps(cfg), encoding="utf-8") + # create anaconda iso from base + cntf_path = tmp_path / "Containerfile" + cntf_path.write_text(textwrap.dedent(f"""\n + FROM {container_ref} + RUN dnf install -y \ + anaconda-core \ + anaconda-dracut \ + anaconda-install-img-deps \ + biosdevname \ + grub2-efi-x64-cdboot \ + net-tools \ + prefixdevname \ + python3-mako \ + lorax-templates-* \ + squashfs-tools \ + && dnf clean all + # shim-x64 is marked installed but the files are not in the expected + # place for https://github.com/osbuild/osbuild/blob/v160/stages/org.osbuild.grub2.iso#L91, see + # workaround via reinstall, we could add a config to the grub2.iso + # stage to allow a different prefix that then would be used by + # anaconda. + # If https://github.com/osbuild/osbuild/pull/2204 would get merged we + # can update images/ to set the correct efi_src_dirs and this can + # be removed (but its rather ugly). + # See also https://bugzilla.redhat.com/show_bug.cgi?id=1750708 + RUN dnf reinstall -y shim-x64 + # lorax wants to create a symlink in /mnt which points to /var/mnt + # on bootc but /var/mnt does not exist on some images. + # + # If https://gitlab.com/fedora/bootc/base-images/-/merge_requests/294 + # gets merged this will be no longer needed + RUN mkdir /var/mnt + """), encoding="utf8") + output_path = tmp_path / "output" + output_path.mkdir() + with make_container(tmp_path) as container_tag: + cmd = [ + *testutil.podman_run_common, + "-v", f"{config_json_path}:/config.json:ro", + "-v", f"{output_path}:/output", + "-v", "/var/tmp/osbuild-test-store:/store", # share the cache between builds + "-v", "/var/lib/containers/storage:/var/lib/containers/storage", + build_container, + "--type", "bootc-installer", + "--rootfs", "ext4", + "--installer-payload-ref", container_ref, + f"localhost/{container_tag}", + ] + subprocess.check_call(cmd) + installer_iso_path = output_path / "bootiso" / "install.iso" + test_disk_path = installer_iso_path.with_name("test-disk.img") + with open(test_disk_path, "w", encoding="utf8") as fp: + fp.truncate(10_1000_1000_1000) + # install to test disk + with QEMU(test_disk_path, cdrom=installer_iso_path) as vm: + vm.start(wait_event="qmp:RESET", snapshot=False, use_ovmf=True) + vm.force_stop() + # boot test disk and do extremly simple check + with QEMU(test_disk_path) as vm: + vm.start(use_ovmf=True) + exit_status, _ = vm.run("true", user=username, password=password) + assert exit_status == 0 + exit_status, output = vm.run("bootc status", user="root", keyfile=ssh_keyfile_private_path) + assert exit_status == 0 + assert f"Booted image: {container_ref}" in output From c3c5a85f63a4e605866948f97ca7485084c0bf2d Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 5 Nov 2025 12:50:52 +0100 Subject: [PATCH 191/254] test: refactor so that all vm related tests can be reused This commit reshuffles the code a bit so that we a reusable ./test/vmtest directory that can be used by the images library. With that we can add a toplevel pyproject.toml file so that we can import vmtest via ```console $ pip install git+https@github.com/osbuild/bootc-image-builder ``` im other projects. Note that none of this is ideal, butt this is (hopefully) a temporary measure until we find a more permanent home for our vm runner or replace it with something like test.thing or the new osbuild QEMU code. --- .github/workflows/tests.yml | 2 +- pyproject.toml | 14 +++++++++ test/conftest.py | 7 +++++ test/test_build_disk.py | 9 +++--- test/test_build_iso.py | 6 ++-- test/testutil.py | 30 ++------------------ vmtest/__init__.py | 0 vmtest/util.py | 24 ++++++++++++++++ test/testutil_test.py => vmtest/util_test.py | 27 ++++++------------ {test => vmtest}/vm.py | 4 ++- 10 files changed, 66 insertions(+), 57 deletions(-) create mode 100644 pyproject.toml create mode 100644 vmtest/__init__.py create mode 100644 vmtest/util.py rename test/testutil_test.py => vmtest/util_test.py (62%) rename {test => vmtest}/vm.py (99%) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 4c47ee729..63b336d19 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -157,7 +157,7 @@ jobs: # podman needs (parts of) the environment but will break when # XDG_RUNTIME_DIR is set. # TODO: figure out what exactly podman needs - sudo -E XDG_RUNTIME_DIR= pytest-3 --basetemp=/mnt/var/tmp/bib-tests ${{ matrix.test_file }} + sudo -E XDG_RUNTIME_DIR= PYTHONPATH=. pytest-3 --basetemp=/mnt/var/tmp/bib-tests ${{ matrix.test_file }} - name: Diskspace (after) if: ${{ always() }} run: | diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 000000000..b3a25b485 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,14 @@ +# Note that this is pyproject file is here only for the vmtest utils. +# This should move out eventually to its own repo or a different place +# like "images". + +[build-system] +requires = ["setuptools>=61.0"] +build-backend = "setuptools.build_meta" + +[project] +name = "vmtest" +version = "0.1.0" + +[tool.setuptools.packages.find] +include = ["vmtest"] diff --git a/test/conftest.py b/test/conftest.py index 4db68ad67..acdfb3937 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -1,6 +1,8 @@ import pytest +# pylint: disable=wrong-import-order from testcases import TestCase +from vmtest.util import get_free_port def pytest_addoption(parser): @@ -20,3 +22,8 @@ def pytest_make_parametrize_id(config, val): # pylint: disable=W0613 if isinstance(val, TestCase): return f"{val}" return None + + +@pytest.fixture(name="free_port") +def free_port_fixture(): + return get_free_port() diff --git a/test/test_build_disk.py b/test/test_build_disk.py index 5d3a67107..03f3b822b 100644 --- a/test/test_build_disk.py +++ b/test/test_build_disk.py @@ -18,7 +18,8 @@ import testutil from containerbuild import build_container_fixture # pylint: disable=unused-import from testcases import CLOUD_BOOT_IMAGE_TYPES, DISK_IMAGE_TYPES, gen_testcases -from vm import AWS, QEMU +import vmtest.util +from vmtest.vm import AWS_REGION, AWS, QEMU if not testutil.has_executable("podman"): pytest.skip("no podman, skipping integration tests that required podman", allow_module_level=True) @@ -113,7 +114,7 @@ def registry_conf_fixture(shared_tmpdir, request): {local_registry}: lookaside: file:///{sigstore_dir} """ - registry_port = testutil.get_free_port() + registry_port = vmtest.util.get_free_port() # We cannot use localhost as we need to access the registry from both # the host system and the bootc-image-builder container. default_ip = testutil.get_ip_from_default_route() @@ -410,7 +411,7 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ upload_args = [ f"--aws-ami-name=bootc-image-builder-test-{str(uuid.uuid4())}", - f"--aws-region={testutil.AWS_REGION}", + f"--aws-region={AWS_REGION}", "--aws-bucket=bootc-image-builder-ci", ] elif force_aws_upload: @@ -492,7 +493,7 @@ def build_images(shared_tmpdir, build_container, request, force_aws_upload, gpg_ metadata["ami_id"] = parse_ami_id_from_log(journal_output) def del_ami(): - testutil.deregister_ami(metadata["ami_id"]) + testutil.deregister_ami(metadata["ami_id"], AWS_REGION) request.addfinalizer(del_ami) journal_log_path.write_text(journal_output, encoding="utf8") diff --git a/test/test_build_iso.py b/test/test_build_iso.py index 639344907..7142bdca4 100644 --- a/test/test_build_iso.py +++ b/test/test_build_iso.py @@ -10,11 +10,8 @@ import pytest # local test utils import testutil -from containerbuild import build_container_fixture # pylint: disable=unused-import -from containerbuild import make_container +from containerbuild import build_container_fixture, make_container # pylint: disable=unused-import from testcases import gen_testcases -from vm import QEMU - from test_build_disk import ( assert_kernel_args, ImageBuildResult, @@ -25,6 +22,7 @@ registry_conf_fixture, shared_tmpdir_fixture, ) +from vmtest.vm import QEMU @pytest.mark.skipif(platform.system() != "Linux", reason="boot test only runs on linux right now") diff --git a/test/testutil.py b/test/testutil.py index e1700078b..096d8f661 100644 --- a/test/testutil.py +++ b/test/testutil.py @@ -2,15 +2,11 @@ import pathlib import platform import shutil -import socket import subprocess -import time import boto3 from botocore.exceptions import ClientError -AWS_REGION = "us-east-1" - def run_journalctl(*args): pre = [] @@ -35,28 +31,6 @@ def has_executable(name): return shutil.which(name) is not None -def get_free_port() -> int: - # this is racy but there is no race-free way to do better with the qemu CLI - with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: - s.bind(("localhost", 0)) - return s.getsockname()[1] - - -def wait_ssh_ready(address, port, sleep, max_wait_sec): - for _ in range(int(max_wait_sec / sleep)): - with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: - s.settimeout(sleep) - try: - s.connect((address, port)) - data = s.recv(256) - if b"OpenSSH" in data: - return - except (ConnectionRefusedError, ConnectionResetError, TimeoutError): - pass - time.sleep(sleep) - raise ConnectionRefusedError(f"cannot connect to port {port} after {max_wait_sec}s") - - def has_x86_64_v3_cpu(): # x86_64-v3 has multiple features, see # https://en.wikipedia.org/wiki/X86-64#Microarchitecture_levels @@ -95,8 +69,8 @@ def write_aws_creds(path): return True -def deregister_ami(ami_id): - ec2 = boto3.resource("ec2", region_name=AWS_REGION) +def deregister_ami(ami_id, aws_region): + ec2 = boto3.resource("ec2", region_name=aws_region) try: print(f"Deregistering image {ami_id}") ami = ec2.Image(ami_id) diff --git a/vmtest/__init__.py b/vmtest/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/vmtest/util.py b/vmtest/util.py new file mode 100644 index 000000000..195f52134 --- /dev/null +++ b/vmtest/util.py @@ -0,0 +1,24 @@ +import socket +import time + + +def get_free_port() -> int: + # this is racy but there is no race-free way to do better with the qemu CLI + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: + s.bind(("localhost", 0)) + return s.getsockname()[1] + + +def wait_ssh_ready(address, port, sleep, max_wait_sec): + for _ in range(int(max_wait_sec / sleep)): + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: + s.settimeout(sleep) + try: + s.connect((address, port)) + data = s.recv(256) + if b"OpenSSH" in data: + return + except (ConnectionRefusedError, ConnectionResetError, TimeoutError): + pass + time.sleep(sleep) + raise ConnectionRefusedError(f"cannot connect to port {port} after {max_wait_sec}s") diff --git a/test/testutil_test.py b/vmtest/util_test.py similarity index 62% rename from test/testutil_test.py rename to vmtest/util_test.py index a1b2f0d26..6d91720e1 100644 --- a/test/testutil_test.py +++ b/vmtest/util_test.py @@ -1,10 +1,11 @@ import contextlib -import platform +import shutil import subprocess from unittest.mock import call, patch import pytest -from testutil import get_free_port, has_executable, wait_ssh_ready + +from vmtest.util import get_free_port, wait_ssh_ready def test_get_free_port(): @@ -12,20 +13,17 @@ def test_get_free_port(): assert 1024 < port_nr < 65535 -@pytest.fixture(name="free_port") -def free_port_fixture(): - return get_free_port() - - @patch("time.sleep") -def test_wait_ssh_ready_sleeps_no_connection(mocked_sleep, free_port): +def test_wait_ssh_ready_sleeps_no_connection(mocked_sleep): + free_port = get_free_port() with pytest.raises(ConnectionRefusedError): wait_ssh_ready("localhost", free_port, sleep=0.1, max_wait_sec=0.35) assert mocked_sleep.call_args_list == [call(0.1), call(0.1), call(0.1)] -@pytest.mark.skipif(not has_executable("nc"), reason="needs nc") -def test_wait_ssh_ready_sleeps_wrong_reply(free_port): +@pytest.mark.skipif(not shutil.which("nc"), reason="needs nc") +def test_wait_ssh_ready_sleeps_wrong_reply(): + free_port = get_free_port() with contextlib.ExitStack() as cm: with subprocess.Popen( f"echo not-ssh | nc -vv -l -p {free_port}", @@ -47,12 +45,3 @@ def test_wait_ssh_ready_sleeps_wrong_reply(free_port): wait_ssh_ready("localhost", free_port, sleep=0.1, max_wait_sec=0.55) assert mocked_sleep.call_args_list == [ call(0.1), call(0.1), call(0.1), call(0.1), call(0.1)] - - -@pytest.mark.skipif(platform.system() == "Darwin", reason="hangs on macOS") -@pytest.mark.skipif(not has_executable("nc"), reason="needs nc") -def test_wait_ssh_ready_integration(free_port): - with contextlib.ExitStack() as cm: - with subprocess.Popen(f"echo OpenSSH | nc -l -p {free_port}", shell=True) as p: - cm.callback(p.kill) - wait_ssh_ready("localhost", free_port, sleep=0.1, max_wait_sec=10) diff --git a/test/vm.py b/vmtest/vm.py similarity index 99% rename from test/vm.py rename to vmtest/vm.py index 6157e3eb8..fee60c470 100644 --- a/test/vm.py +++ b/vmtest/vm.py @@ -12,7 +12,9 @@ import paramiko from botocore.exceptions import ClientError from paramiko.client import AutoAddPolicy, SSHClient -from testutil import AWS_REGION, get_free_port, wait_ssh_ready +from vmtest.util import get_free_port, wait_ssh_ready + +AWS_REGION = "us-east-1" class VM(abc.ABC): From d6a8f4ecd08245546e8d9bdd99525757b99e2399 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Nov 2025 04:08:10 +0000 Subject: [PATCH 192/254] build(deps): bump golangci/golangci-lint-action from 8 to 9 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8 to 9. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v8...v9) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 63b336d19..8707d24a4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -46,7 +46,7 @@ jobs: run: echo "GOLANGCI_LINT_VERSION=$(awk -F '=' '/^GOLANGCI_LINT_VERSION *=/{print $2}' Makefile)" >> "$GITHUB_OUTPUT" - name: Run golangci-lint - uses: golangci/golangci-lint-action@v8 + uses: golangci/golangci-lint-action@v9 with: version: ${{ steps.golangci_lint_version.outputs.GOLANGCI_LINT_VERSION }} args: --timeout 5m0s From 93c9046d623316545318758287836419dccd13a3 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 10 Nov 2025 10:37:41 +0100 Subject: [PATCH 193/254] vmtest: switch from rtl8139 to e1000 to avoid silly warnings The rtl8139 prints a lot of ``` qemu: Slirp: Failed to send packet, ret: -1 ... ``` while booting. This is a bit silly, it just means the system is not ready yet. By switching to the emulated e1000 NIC this won't happen. --- vmtest/vm.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vmtest/vm.py b/vmtest/vm.py index fee60c470..c364c5f96 100644 --- a/vmtest/vm.py +++ b/vmtest/vm.py @@ -144,7 +144,7 @@ def _gen_qemu_cmdline(self, snapshot, use_ovmf): "-serial", "stdio", "-monitor", "none", "-netdev", f"user,id=net.0,hostfwd=tcp::{self._ssh_port}-:22", - "-device", "rtl8139,netdev=net.0", + "-device", "e1000,netdev=net.0", "-qmp", f"unix:{self._qmp_socket},server,nowait", ] if not os.environ.get("OSBUILD_TEST_QEMU_GUI"): From e4ec05a17b99b84177e331d54f17a862269e75f0 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 8 Nov 2025 09:43:17 +0100 Subject: [PATCH 194/254] pyproject: add missing depedencies Now that this is used elsewhere to import vmtest we need to add the vmtest depdencies here. --- .github/workflows/tests.yml | 1 + pyproject.toml | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 8707d24a4..d4f7607c2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -133,6 +133,7 @@ jobs: run: | # make sure test deps are available for root sudo -E pip install --user -r test/requirements.txt + sudo -E pip install --user . - name: Workarounds for GH runner diskspace run: | # use custom basetemp here because /var/tmp is on a smaller disk diff --git a/pyproject.toml b/pyproject.toml index b3a25b485..9eef038c8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,6 +9,11 @@ build-backend = "setuptools.build_meta" [project] name = "vmtest" version = "0.1.0" +dependencies = [ + "boto3==1.33.13", + "paramiko==2.12.0", + "qmp==1.1.0", +] [tool.setuptools.packages.find] include = ["vmtest"] From 2f48dac66c7f4f6fa2344fa9eaa29593b7e16e96 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 8 Nov 2025 09:46:30 +0100 Subject: [PATCH 195/254] vmtest: implement scp on VM The images tests run custom script on the generated image so we need a way to copy things into the images. Use scp() for that. --- pyproject.toml | 1 + vmtest/vm.py | 25 ++++++++++++++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 9eef038c8..bc72ebbb6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -13,6 +13,7 @@ dependencies = [ "boto3==1.33.13", "paramiko==2.12.0", "qmp==1.1.0", + "scp==0.15.0", ] [tool.setuptools.packages.find] diff --git a/vmtest/vm.py b/vmtest/vm.py index c364c5f96..e6c266435 100644 --- a/vmtest/vm.py +++ b/vmtest/vm.py @@ -2,6 +2,7 @@ import os import pathlib import platform +import logging import subprocess import sys import time @@ -12,10 +13,16 @@ import paramiko from botocore.exceptions import ClientError from paramiko.client import AutoAddPolicy, SSHClient +from scp import SCPClient from vmtest.util import get_free_port, wait_ssh_ready AWS_REGION = "us-east-1" +# XXX: find better way to control this +if os.environ.get("OSBUILD_TEST_QEMU_VERBOSE"): + logging.getLogger("paramiko").setLevel(logging.DEBUG) + logging.getLogger("paramiko").addHandler(logging.StreamHandler(sys.stderr)) + class VM(abc.ABC): @@ -45,10 +52,7 @@ def force_stop(self): Stop the VM and clean up any resources that were created when setting up and starting the machine. """ - def run(self, cmd, user, password="", keyfile=None): - """ - Run a command on the VM via SSH using the provided credentials. - """ + def _get_ssh_transport(self, user, password="", keyfile=None): if not self.running(): self.start() client = SSHClient() @@ -61,7 +65,14 @@ def run(self, cmd, user, password="", keyfile=None): self._address, self._ssh_port, user, password, pkey=pkey, allow_agent=False, look_for_keys=False) - chan = client.get_transport().open_session() + return client.get_transport() + + def run(self, cmd, user, password="", keyfile=None): + """ + Run a command on the VM via SSH using the provided credentials. + """ + tr = self._get_ssh_transport(user, password, keyfile) + chan = tr.open_session() chan.get_pty() chan.exec_command(cmd) stdout_f = chan.makefile() @@ -75,6 +86,10 @@ def run(self, cmd, user, password="", keyfile=None): exit_status = stdout_f.channel.recv_exit_status() return exit_status, output.getvalue() + def scp(self, src, dst, user, password="", keyfile=None): + with SCPClient(self._get_ssh_transport(user, password, keyfile)) as scp: + scp.put(src, dst) + @abc.abstractmethod def running(self): """ From d3eebf67f49429ee43245a2103b505f655ef1f9d Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 8 Nov 2025 21:42:49 +0100 Subject: [PATCH 196/254] vmtest: move qmp socket out of the image dir into /tmp The images test tooling gets quite unhappy if files are created in the image directory so lets move things to /tmp. --- vmtest/vm.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/vmtest/vm.py b/vmtest/vm.py index e6c266435..489c24fda 100644 --- a/vmtest/vm.py +++ b/vmtest/vm.py @@ -3,8 +3,10 @@ import pathlib import platform import logging +import shutil import subprocess import sys +import tempfile import time import uuid from io import StringIO @@ -120,7 +122,8 @@ class QEMU(VM): def __init__(self, img, arch="", snapshot=True, cdrom=None): super().__init__() self._img = pathlib.Path(img) - self._qmp_socket = self._img.with_suffix(".qemp-socket") + self._tmpdir = tempfile.mkdtemp(prefix="vmtest-", suffix=f"-{self._img.name}") + self._qmp_socket = os.path.join(self._tmpdir, "qmp.socket") self._qemu_p = None self._snapshot = snapshot self._cdrom = cdrom @@ -131,6 +134,7 @@ def __init__(self, img, arch="", snapshot=True, cdrom=None): def __del__(self): self.force_stop() + shutil.rmtree(self._tmpdir) def _gen_qemu_cmdline(self, snapshot, use_ovmf): if self._arch in ("arm64", "aarch64"): From 232385043a1301d7eb8c6a889fe553e1b3e89829 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 20:15:16 +0000 Subject: [PATCH 197/254] chore(deps): update module github.com/proglottis/gpgme to v0.1.5 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 948e19d84..a207477d9 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -104,7 +104,7 @@ require ( github.com/opencontainers/selinux v1.12.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/proglottis/gpgme v0.1.4 // indirect + github.com/proglottis/gpgme v0.1.5 // indirect github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect github.com/sigstore/fulcio v1.6.6 // indirect github.com/sigstore/protobuf-specs v0.4.1 // indirect diff --git a/bib/go.sum b/bib/go.sum index 62b88695b..7c56d44c3 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -254,8 +254,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/proglottis/gpgme v0.1.4 h1:3nE7YNA70o2aLjcg63tXMOhPD7bplfE5CBdV+hLAm2M= -github.com/proglottis/gpgme v0.1.4/go.mod h1:5LoXMgpE4bttgwwdv9bLs/vwqv3qV7F4glEEZ7mRKrM= +github.com/proglottis/gpgme v0.1.5 h1:KCGyOw8sQ+SI96j6G8D8YkOGn+1TwbQTT9/zQXoVlz0= +github.com/proglottis/gpgme v0.1.5/go.mod h1:5LoXMgpE4bttgwwdv9bLs/vwqv3qV7F4glEEZ7mRKrM= github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc= github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= From 76cdade5a5894f3bff6d2a0808707344229eb338 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Tue, 11 Nov 2025 00:17:24 +0000 Subject: [PATCH 198/254] chore(deps): update aws-sdk-go-v2 monorepo Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 40 +++++++++++++-------------- bib/go.sum | 80 +++++++++++++++++++++++++++--------------------------- 2 files changed, 60 insertions(+), 60 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index a207477d9..29d2f7996 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -25,26 +25,26 @@ require ( github.com/Microsoft/hcsshim v0.13.0 // indirect github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect - github.com/aws/aws-sdk-go-v2 v1.38.3 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 // indirect - github.com/aws/aws-sdk-go-v2/config v1.31.6 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.18.10 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.6 // indirect - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.4 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.6 // indirect - github.com/aws/aws-sdk-go-v2/service/ec2 v1.251.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.6 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.6 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.6 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.29.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.38.2 // indirect - github.com/aws/smithy-go v1.23.1 // indirect + github.com/aws/aws-sdk-go-v2 v1.39.6 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 // indirect + github.com/aws/aws-sdk-go-v2/config v1.31.18 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.18.22 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 // indirect + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.20.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.13 // indirect + github.com/aws/aws-sdk-go-v2/service/ec2 v1.265.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.13 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.90.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.40.0 // indirect + github.com/aws/smithy-go v1.23.2 // indirect github.com/clipperhouse/uax29/v2 v2.2.0 // indirect github.com/containerd/cgroups/v3 v3.0.5 // indirect github.com/containerd/errdefs v1.0.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index 7c56d44c3..ad49d6ab2 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -14,46 +14,46 @@ github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1o github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= -github.com/aws/aws-sdk-go-v2 v1.38.3 h1:B6cV4oxnMs45fql4yRH+/Po/YU+597zgWqvDpYMturk= -github.com/aws/aws-sdk-go-v2 v1.38.3/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 h1:i8p8P4diljCr60PpJp6qZXNlgX4m2yQFpYk+9ZT+J4E= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1/go.mod h1:ddqbooRZYNoJ2dsTwOty16rM+/Aqmk/GOXrK8cg7V00= -github.com/aws/aws-sdk-go-v2/config v1.31.6 h1:a1t8fXY4GT4xjyJExz4knbuoxSCacB5hT/WgtfPyLjo= -github.com/aws/aws-sdk-go-v2/config v1.31.6/go.mod h1:5ByscNi7R+ztvOGzeUaIu49vkMk2soq5NaH5PYe33MQ= -github.com/aws/aws-sdk-go-v2/credentials v1.18.10 h1:xdJnXCouCx8Y0NncgoptztUocIYLKeQxrCgN6x9sdhg= -github.com/aws/aws-sdk-go-v2/credentials v1.18.10/go.mod h1:7tQk08ntj914F/5i9jC4+2HQTAuJirq7m1vZVIhEkWs= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.6 h1:wbjnrrMnKew78/juW7I2BtKQwa1qlf6EjQgS69uYY14= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.6/go.mod h1:AtiqqNrDioJXuUgz3+3T0mBWN7Hro2n9wll2zRUc0ww= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.4 h1:BTl+TXrpnrpPWb/J3527GsJ/lMkn7z3GO12j6OlsbRg= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.4/go.mod h1:cG2tenc/fscpChiZE29a2crG9uo2t6nQGflFllFL8M8= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 h1:uF68eJA6+S9iVr9WgX1NaRGyQ/6MdIyc4JNUo6TN1FA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6/go.mod h1:qlPeVZCGPiobx8wb1ft0GHT5l+dc6ldnwInDFaMvC7Y= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 h1:pa1DEC6JoI0zduhZePp3zmhWvk/xxm4NB8Hy/Tlsgos= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6/go.mod h1:gxEjPebnhWGJoaDdtDkA0JX46VRg1wcTHYe63OfX5pE= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.6 h1:R0tNFJqfjHL3900cqhXuwQ+1K4G0xc9Yf8EDbFXCKEw= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.6/go.mod h1:y/7sDdu+aJvPtGXr4xYosdpq9a6T9Z0jkXfugmti0rI= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.251.0 h1:hGHSNZDTFnhLGUpRkQORM8uBY9R/FOkxCkuUUJBEOQ4= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.251.0/go.mod h1:SmMqzfS4HVsOD58lwLZ79oxF58f8zVe5YdK3o+/o1Ck= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.6 h1:hncKj/4gR+TPauZgTAsxOxNcvBayhUlYZ6LO/BYiQ30= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.6/go.mod h1:OiIh45tp6HdJDDJGnja0mw8ihQGz3VGrUflLqSL0SmM= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.6 h1:LHS1YAIJXJ4K9zS+1d/xa9JAA9sL2QyXIQCQFQW/X08= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.6/go.mod h1:c9PCiTEuh0wQID5/KqA32J+HAgZxN9tOGXKCiYJjTZI= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.6 h1:nEXUSAwyUfLTgnc9cxlDWy637qsq4UWwp3sNAfl0Z3Y= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.6/go.mod h1:HGzIULx4Ge3Do2V0FaiYKcyKzOqwrhUZgCI77NisswQ= -github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3 h1:ETkfWcXP2KNPLecaDa++5bsQhCRa5M5sLUJa5DWYIIg= -github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3/go.mod h1:+/3ZTqoYb3Ur7DObD00tarKMLMuKg8iqz5CHEanqTnw= -github.com/aws/aws-sdk-go-v2/service/sso v1.29.1 h1:8OLZnVJPvjnrxEwHFg9hVUof/P4sibH+Ea4KKuqAGSg= -github.com/aws/aws-sdk-go-v2/service/sso v1.29.1/go.mod h1:27M3BpVi0C02UiQh1w9nsBEit6pLhlaH3NHna6WUbDE= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2 h1:gKWSTnqudpo8dAxqBqZnDoDWCiEh/40FziUjr/mo6uA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2/go.mod h1:x7+rkNmRoEN1U13A6JE2fXne9EWyJy54o3n6d4mGaXQ= -github.com/aws/aws-sdk-go-v2/service/sts v1.38.2 h1:YZPjhyaGzhDQEvsffDEcpycq49nl7fiGcfJTIo8BszI= -github.com/aws/aws-sdk-go-v2/service/sts v1.38.2/go.mod h1:2dIN8qhQfv37BdUYGgEC8Q3tteM3zFxTI1MLO2O3J3c= -github.com/aws/smithy-go v1.23.1 h1:sLvcH6dfAFwGkHLZ7dGiYF7aK6mg4CgKA/iDKjLDt9M= -github.com/aws/smithy-go v1.23.1/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= +github.com/aws/aws-sdk-go-v2 v1.39.6 h1:2JrPCVgWJm7bm83BDwY5z8ietmeJUbh3O2ACnn+Xsqk= +github.com/aws/aws-sdk-go-v2 v1.39.6/go.mod h1:c9pm7VwuW0UPxAEYGyTmyurVcNrbF6Rt/wixFqDhcjE= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 h1:DHctwEM8P8iTXFxC/QK0MRjwEpWQeM9yzidCRjldUz0= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3/go.mod h1:xdCzcZEtnSTKVDOmUZs4l/j3pSV6rpo1WXl5ugNsL8Y= +github.com/aws/aws-sdk-go-v2/config v1.31.18 h1:RouG3AcF2fLFhw+Z0qbnuIl9HZ0Kh4E/U9sKwTMRpMI= +github.com/aws/aws-sdk-go-v2/config v1.31.18/go.mod h1:aXZ13mSQC8S2VEHwGfL1COMuJ1Zty6pX5xU7hyqjvCg= +github.com/aws/aws-sdk-go-v2/credentials v1.18.22 h1:hyIVGBHhQPaNP9D4BaVRwpjLMCwMMdAkHqB3gGMiykU= +github.com/aws/aws-sdk-go-v2/credentials v1.18.22/go.mod h1:B9E2qHs3/YGfeQZ4jrIE/nPvqxtyafZrJ5EQiZBG6pk= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 h1:T1brd5dR3/fzNFAQch/iBKeX07/ffu/cLu+q+RuzEWk= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13/go.mod h1:Peg/GBAQ6JDt+RoBf4meB1wylmAipb7Kg2ZFakZTlwk= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.20.5 h1:EDTQlpZsebBESeYoPN+TjHyU1Dher3wb3mJDG57tZ8k= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.20.5/go.mod h1:iRuL2scabwI/oO3KhHaqCrWlCxWiYzvmX8JGSi1iBks= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 h1:a+8/MLcWlIxo1lF9xaGt3J/u3yOZx+CdSveSNwjhD40= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13/go.mod h1:oGnKwIYZ4XttyU2JWxFrwvhF6YKiK/9/wmE3v3Iu9K8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 h1:HBSI2kDkMdWz4ZM7FjwE7e/pWDEZ+nR95x8Ztet1ooY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13/go.mod h1:YE94ZoDArI7awZqJzBAZ3PDD2zSfuP7w6P2knOzIn8M= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.13 h1:eg/WYAa12vqTphzIdWMzqYRVKKnCboVPRlvaybNCqPA= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.13/go.mod h1:/FDdxWhz1486obGrKKC1HONd7krpk38LBt+dutLcN9k= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.265.0 h1:c3P7906uMLhQTz0L7KIjez3Sr2axS4w6kRcS6IvqOss= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.265.0/go.mod h1:NDdDLLW5PtLLXN661gKcvJvqAH5OBXsfhMlmKVu1/pY= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 h1:x2Ibm/Af8Fi+BH+Hsn9TXGdT+hKbDd5XOTZxTMxDk7o= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3/go.mod h1:IW1jwyrQgMdhisceG8fQLmQIydcT/jWY21rFhzgaKwo= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.4 h1:NvMjwvv8hpGUILarKw7Z4Q0w1H9anXKsesMxtw++MA4= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.4/go.mod h1:455WPHSwaGj2waRSpQp7TsnpOnBfw8iDfPfbwl7KPJE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 h1:kDqdFvMY4AtKoACfzIGD8A0+hbT41KTKF//gq7jITfM= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13/go.mod h1:lmKuogqSU3HzQCwZ9ZtcqOc5XGMqtDK7OIc2+DxiUEg= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.13 h1:zhBJXdhWIFZ1acfDYIhu4+LCzdUS2Vbcum7D01dXlHQ= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.13/go.mod h1:JaaOeCE368qn2Hzi3sEzY6FgAZVCIYcC2nwbro2QCh8= +github.com/aws/aws-sdk-go-v2/service/s3 v1.90.0 h1:ef6gIJR+xv/JQWwpa5FYirzoQctfSJm7tuDe3SZsUf8= +github.com/aws/aws-sdk-go-v2/service/s3 v1.90.0/go.mod h1:+wArOOrcHUevqdto9k1tKOF5++YTe9JEcPSc9Tx2ZSw= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.1 h1:0JPwLz1J+5lEOfy/g0SURC9cxhbQ1lIMHMa+AHZSzz0= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.1/go.mod h1:fKvyjJcz63iL/ftA6RaM8sRCtN4r4zl4tjL3qw5ec7k= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 h1:OWs0/j2UYR5LOGi88sD5/lhN6TDLG6SfA7CqsQO9zF0= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5/go.mod h1:klO+ejMvYsB4QATfEOIXk8WAEwN4N0aBfJpvC+5SZBo= +github.com/aws/aws-sdk-go-v2/service/sts v1.40.0 h1:ZGDJVmlpPFiNFCb/I42nYVKUanJAdFUiSmUo/32AqPQ= +github.com/aws/aws-sdk-go-v2/service/sts v1.40.0/go.mod h1:E19xDjpzPZC7LS2knI9E6BaRFDK43Eul7vd6rSq2HWk= +github.com/aws/smithy-go v1.23.2 h1:Crv0eatJUQhaManss33hS5r40CG3ZFH+21XSkqMrIUM= +github.com/aws/smithy-go v1.23.2/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= From e4a265c3d9624f56de2c8a0d064f96097b5489b7 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 08:25:29 +0000 Subject: [PATCH 199/254] chore(deps): update module github.com/containerd/stargz-snapshotter/estargz to v0.18.1 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 4 ++-- bib/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 29d2f7996..2b9ed49e9 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -49,7 +49,7 @@ require ( github.com/containerd/cgroups/v3 v3.0.5 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.18.1 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect github.com/containers/common v0.64.2 // indirect github.com/containers/image/v5 v5.36.2 // indirect @@ -115,7 +115,7 @@ require ( github.com/tchap/go-patricia/v2 v2.3.3 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/ulikunitz/xz v0.5.15 // indirect - github.com/vbatts/tar-split v0.12.1 // indirect + github.com/vbatts/tar-split v0.12.2 // indirect github.com/vbauerster/mpb/v8 v8.10.2 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index ad49d6ab2..b5b9c7c77 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -75,8 +75,8 @@ github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151X github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8= -github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= +github.com/containerd/stargz-snapshotter/estargz v0.18.1 h1:cy2/lpgBXDA3cDKSyEfNOFMA/c10O1axL69EU7iirO8= +github.com/containerd/stargz-snapshotter/estargz v0.18.1/go.mod h1:ALIEqa7B6oVDsrF37GkGN20SuvG/pIMm7FwP7ZmRb0Q= github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= github.com/containers/common v0.64.2 h1:1xepE7QwQggUXxmyQ1Dbh6Cn0yd7ktk14sN3McSWf5I= @@ -311,8 +311,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY= github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo= -github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= +github.com/vbatts/tar-split v0.12.2 h1:w/Y6tjxpeiFMR47yzZPlPj/FcPLpXbTUi/9H7d3CPa4= +github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= github.com/vbauerster/mpb/v8 v8.10.2 h1:2uBykSHAYHekE11YvJhKxYmLATKHAGorZwFlyNw4hHM= github.com/vbauerster/mpb/v8 v8.10.2/go.mod h1:+Ja4P92E3/CorSZgfDtK46D7AVbDqmBQRTmyTqPElo0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From 2634c70deb5445f3417ed34185e08c775e88f494 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Fri, 31 Oct 2025 16:26:56 +0000 Subject: [PATCH 200/254] chore(deps): update module github.com/docker/go-connections to v0.6.0 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 2b9ed49e9..fa1ab3de1 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -64,7 +64,7 @@ require ( github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker v28.3.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.9.3 // indirect - github.com/docker/go-connections v0.5.0 // indirect + github.com/docker/go-connections v0.6.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect diff --git a/bib/go.sum b/bib/go.sum index b5b9c7c77..d0c440d66 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -110,8 +110,8 @@ github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjY github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= -github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= -github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= +github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= +github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= From 00d1b67609c7ef79bcb545ca480c14ff29da9d51 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Fri, 31 Oct 2025 16:27:05 +0000 Subject: [PATCH 201/254] chore(deps): update module github.com/go-jose/go-jose/v4 to v4.1.3 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index fa1ab3de1..f34e20f9d 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -68,7 +68,7 @@ require ( github.com/docker/go-units v0.5.0 // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-jose/go-jose/v4 v4.0.5 // indirect + github.com/go-jose/go-jose/v4 v4.1.3 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gobwas/glob v0.2.3 // indirect diff --git a/bib/go.sum b/bib/go.sum index d0c440d66..c347dd21d 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -124,8 +124,8 @@ github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE= -github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= +github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= +github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= From bae8621d28f758ac168159de63fa437c14cd4a28 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 16:26:11 +0000 Subject: [PATCH 202/254] chore(deps): update module github.com/opencontainers/runtime-spec to v1.3.0 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index f34e20f9d..d66496d0c 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -100,7 +100,7 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect - github.com/opencontainers/runtime-spec v1.2.1 // indirect + github.com/opencontainers/runtime-spec v1.3.0 // indirect github.com/opencontainers/selinux v1.12.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect diff --git a/bib/go.sum b/bib/go.sum index c347dd21d..9091cd488 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -239,8 +239,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= -github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.3.0 h1:YZupQUdctfhpZy3TM39nN9Ika5CBWT5diQ8ibYCRkxg= +github.com/opencontainers/runtime-spec v1.3.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/osbuild/blueprint v1.16.0 h1:f/kHih+xpeJ1v7wtIfzdHPZTsiXsqKeDQ1+rrue6298= From fe2f211b2496d066a0664cbc91259520d9670ed1 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Fri, 31 Oct 2025 16:28:24 +0000 Subject: [PATCH 203/254] chore(deps): update module github.com/mistifyio/go-zfs/v3 to v3.1.0 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index d66496d0c..d626a36a4 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -91,7 +91,7 @@ require ( github.com/mattn/go-runewidth v0.0.19 // indirect github.com/mattn/go-sqlite3 v1.14.28 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect - github.com/mistifyio/go-zfs/v3 v3.0.1 // indirect + github.com/mistifyio/go-zfs/v3 v3.1.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/sys/capability v0.4.0 // indirect github.com/moby/sys/mountinfo v0.7.2 // indirect diff --git a/bib/go.sum b/bib/go.sum index 9091cd488..2050cc88c 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -210,8 +210,8 @@ github.com/mattn/go-sqlite3 v1.14.28 h1:ThEiQrnbtumT+QMknw63Befp/ce/nUPgBPMlRFEu github.com/mattn/go-sqlite3 v1.14.28/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/mistifyio/go-zfs/v3 v3.0.1 h1:YaoXgBePoMA12+S1u/ddkv+QqxcfiZK4prI6HPnkFiU= -github.com/mistifyio/go-zfs/v3 v3.0.1/go.mod h1:CzVgeB0RvF2EGzQnytKVvVSDwmKJXxkOTUGbNrTja/k= +github.com/mistifyio/go-zfs/v3 v3.1.0 h1:FZaylcg0hjUp27i23VcJJQiuBeAZjrC8lPqCGM1CopY= +github.com/mistifyio/go-zfs/v3 v3.1.0/go.mod h1:CzVgeB0RvF2EGzQnytKVvVSDwmKJXxkOTUGbNrTja/k= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= From 9796a11ef4c3037280733403b5b1ea02c3a270f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 04:07:33 +0000 Subject: [PATCH 204/254] build(deps): bump actions/setup-python from 5 to 6 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index d4f7607c2..6c93da86d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -100,7 +100,7 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} - name: Setup up python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 - name: Apt update run: sudo apt update - name: Install test dependencies From 6d9e06a83bdd3928bf416bb71b2950b98c5d6a50 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 08:18:08 +0000 Subject: [PATCH 205/254] chore(deps): update module github.com/sigstore/fulcio to v1.8.1 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 30 +++++++++--------- bib/go.sum | 92 ++++++++++++++++++++++++++++-------------------------- 2 files changed, 62 insertions(+), 60 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index d626a36a4..4a91ffa0f 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -1,8 +1,6 @@ module github.com/osbuild/bootc-image-builder/bib -go 1.24.0 - -toolchain go1.24.6 +go 1.24.6 require ( github.com/cheggaaa/pb/v3 v3.1.7 @@ -106,9 +104,9 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/proglottis/gpgme v0.1.5 // indirect github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect - github.com/sigstore/fulcio v1.6.6 // indirect - github.com/sigstore/protobuf-specs v0.4.1 // indirect - github.com/sigstore/sigstore v1.9.5 // indirect + github.com/sigstore/fulcio v1.8.1 // indirect + github.com/sigstore/protobuf-specs v0.5.0 // indirect + github.com/sigstore/sigstore v1.9.6-0.20250729224751-181c5d3339b3 // indirect github.com/smallstep/pkcs7 v0.1.1 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect github.com/sylabs/sif/v2 v2.21.1 // indirect @@ -119,19 +117,19 @@ require ( github.com/vbauerster/mpb/v8 v8.10.2 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect - go.opentelemetry.io/otel v1.36.0 // indirect - go.opentelemetry.io/otel/metric v1.36.0 // indirect - go.opentelemetry.io/otel/trace v1.36.0 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect + go.opentelemetry.io/otel v1.38.0 // indirect + go.opentelemetry.io/otel/metric v1.38.0 // indirect + go.opentelemetry.io/otel/trace v1.38.0 // indirect + golang.org/x/crypto v0.43.0 // indirect + golang.org/x/net v0.46.0 // indirect golang.org/x/sync v0.17.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/term v0.34.0 // indirect - golang.org/x/text v0.28.0 // indirect + golang.org/x/sys v0.37.0 // indirect + golang.org/x/term v0.36.0 // indirect + golang.org/x/text v0.30.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect - google.golang.org/grpc v1.74.2 // indirect + google.golang.org/grpc v1.76.0 // indirect google.golang.org/protobuf v1.36.10 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/bib/go.sum b/bib/go.sum index 2050cc88c..f3c166836 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -173,8 +173,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -256,15 +256,15 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/proglottis/gpgme v0.1.5 h1:KCGyOw8sQ+SI96j6G8D8YkOGn+1TwbQTT9/zQXoVlz0= github.com/proglottis/gpgme v0.1.5/go.mod h1:5LoXMgpE4bttgwwdv9bLs/vwqv3qV7F4glEEZ7mRKrM= -github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc= -github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE= +github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= +github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= -github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= -github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= -github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/prometheus/common v0.67.2 h1:PcBAckGFTIHt2+L3I33uNRTlKTplNzFctXcWhPyAEN8= +github.com/prometheus/common v0.67.2/go.mod h1:63W3KZb1JOKgcjlIr64WW/LvFGAqKPj0atm+knVGEko= +github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= +github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -276,12 +276,12 @@ github.com/secure-systems-lab/go-securesystemslib v0.9.1 h1:nZZaNz4DiERIQguNy0cL github.com/secure-systems-lab/go-securesystemslib v0.9.1/go.mod h1:np53YzT0zXGMv6x4iEWc9Z59uR+x+ndLwCLqPYpLXVU= github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= -github.com/sigstore/fulcio v1.6.6 h1:XaMYX6TNT+8n7Npe8D94nyZ7/ERjEsNGFC+REdi/wzw= -github.com/sigstore/fulcio v1.6.6/go.mod h1:BhQ22lwaebDgIxVBEYOOqLRcN5+xOV+C9bh/GUXRhOk= -github.com/sigstore/protobuf-specs v0.4.1 h1:5SsMqZbdkcO/DNHudaxuCUEjj6x29tS2Xby1BxGU7Zc= -github.com/sigstore/protobuf-specs v0.4.1/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= -github.com/sigstore/sigstore v1.9.5 h1:Wm1LT9yF4LhQdEMy5A2JeGRHTrAWGjT3ubE5JUSrGVU= -github.com/sigstore/sigstore v1.9.5/go.mod h1:VtxgvGqCmEZN9X2zhFSOkfXxvKUjpy8RpUW39oCtoII= +github.com/sigstore/fulcio v1.8.1 h1:PmoQv3XmhjR2BWFWw5LcMUXJPmhyizOIL7HeYnpio58= +github.com/sigstore/fulcio v1.8.1/go.mod h1:7tP3KW9eCGlPYRj5N4MSuUOat7CkeIHuXZ2jAUQ+Rwc= +github.com/sigstore/protobuf-specs v0.5.0 h1:F8YTI65xOHw70NrvPwJ5PhAzsvTnuJMGLkA4FIkofAY= +github.com/sigstore/protobuf-specs v0.5.0/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= +github.com/sigstore/sigstore v1.9.6-0.20250729224751-181c5d3339b3 h1:IEhSeWfhTd0kaBpHUXniWU2Tl5K5OUACN69mi1WGd+8= +github.com/sigstore/sigstore v1.9.6-0.20250729224751-181c5d3339b3/go.mod h1:JuqyPRJYnkNl6OTnQiG503EUnKih4P5EV6FUw+1B0iA= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU= @@ -322,24 +322,26 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= -go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= -go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 h1:IJFEoHiytixx8cMiVAO+GmHR6Frwu+u5Ur8njpFO6Ac= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0/go.mod h1:3rHrKNtLIoS0oZwkY2vxi+oJcwFRWdtUyRII+so45p8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= +go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= +go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 h1:xJ2qHD0C1BeYVTLLR9sX12+Qb95kfeD/byKj6Ky1pXg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0/go.mod h1:u5BF1xyjstDowA1R5QAO9JHzqK+ublenEW/dyqTjBVk= -go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= -go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= -go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= -go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= -go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= -go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= -go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= -go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= -go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= -go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= +go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= +go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= +go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= +go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM= +go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA= +go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= +go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= +go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4= +go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE= +go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= +go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -350,8 +352,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= +golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY= golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70= @@ -383,8 +385,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= +golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -415,8 +417,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= +golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -426,8 +428,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4= -golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= +golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= +golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -437,10 +439,10 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= +golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= +golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= +golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= +golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -459,6 +461,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= +gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -473,8 +477,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= -google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= +google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= +google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 11a8b379f4eb36a6e7f211651bdcd8ce2082ac6c Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 16:19:31 +0000 Subject: [PATCH 206/254] chore(deps): update github.com/burntsushi/toml digest to 011fa2b Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 4a91ffa0f..07ddd79bd 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -18,7 +18,7 @@ require ( require ( dario.cat/mergo v1.0.2 // indirect - github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a // indirect + github.com/BurntSushi/toml v1.5.1-0.20250606162815-011fa2bc64ce // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Microsoft/hcsshim v0.13.0 // indirect github.com/VividCortex/ewma v1.2.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index f3c166836..5e61b2e18 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -4,8 +4,8 @@ dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a h1:pRZNZLyCUkX30uKttIh5ihOtsqCgugM+a4WTxUULiMw= -github.com/BurntSushi/toml v1.5.1-0.20250403130103-3d3abc24416a/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/toml v1.5.1-0.20250606162815-011fa2bc64ce h1:rdHALCMqlJVeIieqJjJTfLp6GZ0Bk/6MWI/6d7gJe+A= +github.com/BurntSushi/toml v1.5.1-0.20250606162815-011fa2bc64ce/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.13.0 h1:/BcXOiS6Qi7N9XqUcv27vkIuVOkBEcWstd2pMlWSeaA= From aaa2006bc6df60d11a1366f3ad2ea0a687c94a4b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 13 Nov 2025 13:59:26 +0100 Subject: [PATCH 207/254] vmtest: auto load all paramiko keys This is a workaround for the fact that paramiko has issue with the private key loading. Try to manually load all supported paramiko key classes and instanciate a private key from them. --- vmtest/vm.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/vmtest/vm.py b/vmtest/vm.py index 489c24fda..e612fa93f 100644 --- a/vmtest/vm.py +++ b/vmtest/vm.py @@ -62,7 +62,14 @@ def _get_ssh_transport(self, user, password="", keyfile=None): # workaround, see https://github.com/paramiko/paramiko/issues/2048 pkey = None if keyfile: - pkey = paramiko.RSAKey.from_private_key_file(keyfile) + for klass in paramiko.key_classes: + try: + pkey = klass.from_private_key_file(keyfile) + break + except paramiko.ssh_exception.SSHException: + continue + if pkey is None: + raise RuntimeError(f"cannot load {keyfile}, tried {paramiko.key_classes}") client.connect( self._address, self._ssh_port, user, password, pkey=pkey, From f594d1c718354ae9c19cfbca8137b3dc10a0bc91 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 13 Nov 2025 14:17:06 +0100 Subject: [PATCH 208/254] pyproject: move to a more modern paramiko --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index bc72ebbb6..6d1dc5c15 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -11,7 +11,7 @@ name = "vmtest" version = "0.1.0" dependencies = [ "boto3==1.33.13", - "paramiko==2.12.0", + "paramiko==4.0.0", "qmp==1.1.0", "scp==0.15.0", ] From e73f9784423fe19af0985b163f3323212bac3cbf Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 16:32:49 +0000 Subject: [PATCH 209/254] chore(deps): update module github.com/docker/docker-credential-helpers to v0.9.4 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 07ddd79bd..2ab753c8c 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -61,7 +61,7 @@ require ( github.com/distribution/reference v0.6.0 // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker v28.3.3+incompatible // indirect - github.com/docker/docker-credential-helpers v0.9.3 // indirect + github.com/docker/docker-credential-helpers v0.9.4 // indirect github.com/docker/go-connections v0.6.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/fatih/color v1.18.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index 5e61b2e18..27f7e70ee 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -108,8 +108,8 @@ github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBi github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI= github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= -github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= +github.com/docker/docker-credential-helpers v0.9.4 h1:76ItO69/AP/V4yT9V4uuuItG0B1N8hvt0T0c0NN/DzI= +github.com/docker/docker-credential-helpers v0.9.4/go.mod h1:v1S+hepowrQXITkEfw6o4+BMbGot02wiKpzWhGUZK6c= github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= From 65236040f8e02b44f7910a27f15c323404f03f3c Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Thu, 13 Nov 2025 20:32:41 +0000 Subject: [PATCH 210/254] chore(deps): update module github.com/clipperhouse/uax29/v2 to v2.3.0 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- bib/go.mod | 3 ++- bib/go.sum | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 2ab753c8c..9ed93c4b7 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -43,7 +43,8 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.40.0 // indirect github.com/aws/smithy-go v1.23.2 // indirect - github.com/clipperhouse/uax29/v2 v2.2.0 // indirect + github.com/clipperhouse/stringish v0.1.1 // indirect + github.com/clipperhouse/uax29/v2 v2.3.0 // indirect github.com/containerd/cgroups/v3 v3.0.5 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index 27f7e70ee..18d664604 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -64,8 +64,10 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL github.com/cheggaaa/pb/v3 v3.1.7 h1:2FsIW307kt7A/rz/ZI2lvPO+v3wKazzE4K/0LtTWsOI= github.com/cheggaaa/pb/v3 v3.1.7/go.mod h1:/Ji89zfVPeC/u5j8ukD0MBPHt2bzTYp74lQ7KlgFWTQ= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/clipperhouse/uax29/v2 v2.2.0 h1:ChwIKnQN3kcZteTXMgb1wztSgaU+ZemkgWdohwgs8tY= -github.com/clipperhouse/uax29/v2 v2.2.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM= +github.com/clipperhouse/stringish v0.1.1 h1:+NSqMOr3GR6k1FdRhhnXrLfztGzuG+VuFDfatpWHKCs= +github.com/clipperhouse/stringish v0.1.1/go.mod h1:v/WhFtE1q0ovMta2+m+UbpZ+2/HEXNWYXQgCt4hdOzA= +github.com/clipperhouse/uax29/v2 v2.3.0 h1:SNdx9DVUqMoBuBoW3iLOj4FQv3dN5mDtuqwuhIGpJy4= +github.com/clipperhouse/uax29/v2 v2.3.0/go.mod h1:Wn1g7MK6OoeDT0vL+Q0SQLDz/KpfsVRgg6W7ihQeh4g= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/containerd/cgroups/v3 v3.0.5 h1:44na7Ud+VwyE7LIoJ8JTNQOa549a8543BmzaJHo6Bzo= github.com/containerd/cgroups/v3 v3.0.5/go.mod h1:SA5DLYnXO8pTGYiAHXz94qvLQTKfVM5GEVisn4jpins= From 2d62bcbe6a480b85f29255feaec2a0a7b54249a2 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Fri, 14 Nov 2025 14:26:54 +0100 Subject: [PATCH 211/254] github: use gobump to update Go dependencies --- .github/dependabot.yml | 13 ----------- .github/workflows/gobump.yml | 42 ++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/gobump.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 60a810c53..d1399e9e1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,16 +11,3 @@ updates: time: "04:00" open-pull-requests-limit: 5 rebase-strategy: "disabled" - - # Maintain dependencies for Go - - package-ecosystem: "gomod" - directory: "/bib" - schedule: - interval: "daily" - time: "04:00" - groups: - go-deps: - patterns: - - "*" # group all dependency updates into one PR - open-pull-requests-limit: 1 - rebase-strategy: "auto" diff --git a/.github/workflows/gobump.yml b/.github/workflows/gobump.yml new file mode 100644 index 000000000..4b7f3a254 --- /dev/null +++ b/.github/workflows/gobump.yml @@ -0,0 +1,42 @@ +--- +name: "Updates Go dependencies via gobump" + +on: # yamllint disable-line rule:truthy + workflow_dispatch: + schedule: + # Every Sunday at 15:00 + - cron: "0 15 * * 0" + +jobs: + update-and-push: + runs-on: ubuntu-latest + container: registry.fedoraproject.org/fedora:42 + steps: + - name: Update go.mod and open a PR + env: + GH_TOKEN: ${{ secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN }} + run: | + # Install deps + set -x + sudo dnf -y install git gh golang gpgme-devel btrfs-progs-devel krb5-devel + # Checkout the project + git clone --depth 1 https://github.com/osbuild/images + cd images/ + # Install and run gobump + go run github.com/lzap/gobump@latest -exec "go build ./..." -exec "go test ./..." 2>&1 | tee github_pr_body.txt + ./tools/prepare-source.sh + # Make a PR when needed + if git diff --exit-code; then echo "No changes"; exit 0; fi + git config user.name "schutzbot" + git config user.email "schutzbot@gmail.com" + branch="schutz-gobump-$(date -I)" + git checkout -b "${branch}" + git add -A + git commit -m "build(deps): Update dependencies via gobump" + git push -f "https://$GH_TOKEN@github.com/schutzbot/images.git" + gh pr create \ + -t "Update dependencies $(date -I)" \ + -F "github_pr_body.txt" \ + --repo "osbuild/images" \ + --base "main" \ + --head "schutzbot:${branch}" From 3b347b11ed97c850c14e59c3e2e1ea3561c5c66e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 18 Nov 2025 09:10:49 +0100 Subject: [PATCH 212/254] go.mod: update to v0.220.0 --- bib/go.mod | 2 +- bib/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bib/go.mod b/bib/go.mod index 9ed93c4b7..77a942cba 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -7,7 +7,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.16.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.211.0 + github.com/osbuild/images v0.220.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index 18d664604..c5525fc32 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -251,6 +251,8 @@ github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1ht github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= github.com/osbuild/images v0.211.0 h1:3BU7mMM7Iu81qZnq7y8luuIIOt707J9tF9DwCyOk9yM= github.com/osbuild/images v0.211.0/go.mod h1:Cs7zFV8rmbVHn+19ArNdjd1AtFk+LC9dOOHuxiSLghw= +github.com/osbuild/images v0.220.0 h1:9aeYxhZ8NxbC1E5Zr5NFYWgG0A5euim4gTwUC08/naQ= +github.com/osbuild/images v0.220.0/go.mod h1:Cs7zFV8rmbVHn+19ArNdjd1AtFk+LC9dOOHuxiSLghw= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From ecc9443ff17c75d86176000a6043bf0bfc45cc90 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 13 Nov 2025 18:57:01 +0100 Subject: [PATCH 213/254] bib: update for latest image release --- bib/cmd/bootc-image-builder/main.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 5f10f7603..5ab1a6eb0 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -159,16 +159,15 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress } func manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch) ([]byte, *mTLSConfig, error) { - distri, err := bootc.NewBootcDistro(imgref) + distri, err := bootc.NewBootcDistro(imgref, &bootc.DistroOptions{ + DefaultFs: rootFs, + }) if err != nil { return nil, nil, err } if err := distri.SetBuildContainer(buildImgref); err != nil { return nil, nil, err } - if err := distri.SetDefaultFs(rootFs); err != nil { - return nil, nil, err - } archi, err := distri.GetArch(cntArch.String()) if err != nil { return nil, nil, err From d25da07abf15ff128873d7061df0c2be6c1aa3b6 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 13 Nov 2025 10:16:10 +0100 Subject: [PATCH 214/254] main: show validation warnings by default This integrates the new checks for the blueprint options that we have in the bootc image type. Show them to stderr as warnings by default to not break existing workflows (in ibcli they are a hard error unless --ignore-warnings is given). --- bib/cmd/bootc-image-builder/main.go | 3 +++ test/test_manifest.py | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 5ab1a6eb0..603771bf4 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -190,6 +190,9 @@ func manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgTypeS BaseURLs: []string{"https://example.com/not-used"}, }, }, + // this turns (blueprint validation) warnings into + // warnings as they are visible to the user + WarningsOutput: os.Stderr, }) if err != nil { return nil, nil, err diff --git a/test/test_manifest.py b/test/test_manifest.py index e523410d5..fee8acaa0 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -1080,3 +1080,23 @@ def test_ova_manifest_smoke(build_container, tc): "image.vmdk" ] } + + +def test_manifest_warns_on_unsupported(tmp_path, build_container): + # no need to parameterize this test, toml is the same for all containers + container_ref = "quay.io/centos-bootc/centos-bootc:stream9" + testutil.pull_container(container_ref) + + config_toml_path = tmp_path / "config.toml" + config_toml_path.write_text(textwrap.dedent("""\ + [[customizations.repositories]] + id = "foo" + """)) + res = subprocess.run([ + *testutil.podman_run_common, + "-v", f"{config_toml_path}:/config.toml:ro", + build_container, + "manifest", f"{container_ref}", + ], check=True, capture_output=True, text=True) + assert ('blueprint validation failed for image type "qcow2": ' + 'customizations.repositories: not supported' in res.stderr) From d7c2d65264b75b4d48773daef4bb4b3a5b977136 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 18 Nov 2025 11:48:00 +0100 Subject: [PATCH 215/254] bib: drop unused workload.go --- bib/cmd/bootc-image-builder/workload.go | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 bib/cmd/bootc-image-builder/workload.go diff --git a/bib/cmd/bootc-image-builder/workload.go b/bib/cmd/bootc-image-builder/workload.go deleted file mode 100644 index d2667fa7e..000000000 --- a/bib/cmd/bootc-image-builder/workload.go +++ /dev/null @@ -1,24 +0,0 @@ -package main - -import "github.com/osbuild/images/pkg/rpmmd" - -// NullWorkload implements the images Workload interface but returns only nil -// from all its methods and holds no data. -type NullWorkload struct { -} - -func (p *NullWorkload) GetRepos() []rpmmd.RepoConfig { - return nil -} - -func (p *NullWorkload) GetPackages() []string { - return nil -} - -func (p *NullWorkload) GetServices() []string { - return nil -} - -func (p *NullWorkload) GetDisabledServices() []string { - return nil -} From b20891fec9aafa47f71ec1463dab2b2370fc0bd9 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 18 Nov 2025 11:55:44 +0100 Subject: [PATCH 216/254] bib: simplify saveManifest() Just use os.WriteFile() intead of reimplementing it. --- bib/cmd/bootc-image-builder/main.go | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 603771bf4..249aa33ff 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -2,7 +2,6 @@ package main import ( "encoding/json" - "errors" "fmt" "io" "io/fs" @@ -63,15 +62,7 @@ func saveManifest(ms manifest.OSBuildManifest, fpath string) (err error) { return fmt.Errorf("failed to marshal data for %q: %s", fpath, err.Error()) } b = append(b, '\n') // add new line at end of file - fp, err := os.Create(fpath) - if err != nil { - return fmt.Errorf("failed to create output file %q: %s", fpath, err.Error()) - } - defer func() { err = errors.Join(err, fp.Close()) }() - if _, err := fp.Write(b); err != nil { - return fmt.Errorf("failed to write output file %q: %s", fpath, err.Error()) - } - return nil + return os.WriteFile(fpath, b, 0644) } // manifestFromCobra generate an osbuild manifest from a cobra commandline. From f4895ae51b0f7e4ea1d3c185cca2b809897e0d72 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 18 Nov 2025 18:26:13 +0100 Subject: [PATCH 217/254] vm: drop paramiko And replace with ssh/scp binaries. This is probably more robust than paramiko and more "standard". As a side effect we do no longer request an explicit tty. We could force that with "-t" in ssh but we did that with paramiko and that caused issues that e.g. "systemctl" would detect a tty and go into pager mode. So lets start without and we can always add "-t" to our ssh invocation to force it. --- .github/workflows/tests.yml | 2 +- test/test_build_iso.py | 2 +- vmtest/vm.py | 82 +++++++++++++++++-------------------- 3 files changed, 40 insertions(+), 46 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 6c93da86d..09aeed9e1 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -106,7 +106,7 @@ jobs: - name: Install test dependencies run: | sudo apt update - sudo apt install -y python3-pytest python3-paramiko python3-boto3 flake8 pylint libosinfo-bin squashfs-tools + sudo apt install -y python3-pytest python3-boto3 flake8 pylint libosinfo-bin squashfs-tools sshpass - name: Diskspace (before) run: | df -h diff --git a/test/test_build_iso.py b/test/test_build_iso.py index 7142bdca4..1293bd50a 100644 --- a/test/test_build_iso.py +++ b/test/test_build_iso.py @@ -202,4 +202,4 @@ def test_bootc_installer_iso_installs(tmp_path, build_container, container_ref): assert exit_status == 0 exit_status, output = vm.run("bootc status", user="root", keyfile=ssh_keyfile_private_path) assert exit_status == 0 - assert f"Booted image: {container_ref}" in output + assert f"image: {container_ref}" in output diff --git a/vmtest/vm.py b/vmtest/vm.py index e612fa93f..275839a5b 100644 --- a/vmtest/vm.py +++ b/vmtest/vm.py @@ -2,7 +2,6 @@ import os import pathlib import platform -import logging import shutil import subprocess import sys @@ -12,18 +11,17 @@ from io import StringIO import boto3 -import paramiko from botocore.exceptions import ClientError -from paramiko.client import AutoAddPolicy, SSHClient -from scp import SCPClient from vmtest.util import get_free_port, wait_ssh_ready AWS_REGION = "us-east-1" -# XXX: find better way to control this -if os.environ.get("OSBUILD_TEST_QEMU_VERBOSE"): - logging.getLogger("paramiko").setLevel(logging.DEBUG) - logging.getLogger("paramiko").addHandler(logging.StreamHandler(sys.stderr)) + +_non_interactive_ssh = [ + "-o", "UserKnownHostsFile=/dev/null", + "-o" "StrictHostKeyChecking=no", + "-o" "LogLevel=ERROR", +] class VM(abc.ABC): @@ -54,50 +52,46 @@ def force_stop(self): Stop the VM and clean up any resources that were created when setting up and starting the machine. """ - def _get_ssh_transport(self, user, password="", keyfile=None): - if not self.running(): - self.start() - client = SSHClient() - client.set_missing_host_key_policy(AutoAddPolicy) - # workaround, see https://github.com/paramiko/paramiko/issues/2048 - pkey = None - if keyfile: - for klass in paramiko.key_classes: - try: - pkey = klass.from_private_key_file(keyfile) - break - except paramiko.ssh_exception.SSHException: - continue - if pkey is None: - raise RuntimeError(f"cannot load {keyfile}, tried {paramiko.key_classes}") - client.connect( - self._address, self._ssh_port, - user, password, pkey=pkey, - allow_agent=False, look_for_keys=False) - return client.get_transport() + def _sshpass(self, password): + if not password: + return [] + return ["sshpass", "-p", password] def run(self, cmd, user, password="", keyfile=None): """ Run a command on the VM via SSH using the provided credentials. """ - tr = self._get_ssh_transport(user, password, keyfile) - chan = tr.open_session() - chan.get_pty() - chan.exec_command(cmd) - stdout_f = chan.makefile() + if not self.running(): + self.start() + ssh_cmd = self._sshpass(password) + [ + "ssh", "-p", str(self._ssh_port), + ] + _non_interactive_ssh + if keyfile: + ssh_cmd.extend(["-i", keyfile]) + ssh_cmd.append(f"{user}@{self._address}") + ssh_cmd.append(cmd) output = StringIO() - while True: - out = stdout_f.readline() - if not out: - break - self._log(out) - output.write(out) - exit_status = stdout_f.channel.recv_exit_status() - return exit_status, output.getvalue() + with subprocess.Popen( + ssh_cmd, + stdout=subprocess.PIPE, stderr=subprocess.STDOUT, + text=True, bufsize=1, + ) as p: + for out in p.stdout: + self._log(out) + output.write(out) + return p.returncode, output.getvalue() def scp(self, src, dst, user, password="", keyfile=None): - with SCPClient(self._get_ssh_transport(user, password, keyfile)) as scp: - scp.put(src, dst) + if not self.running(): + self.start() + scp_cmd = self._sshpass(password) + [ + "scp", "-P", str(self._ssh_port), + ] + _non_interactive_ssh + if keyfile: + scp_cmd.extend(["-i", keyfile]) + scp_cmd.append(src) + scp_cmd.append(f"{user}@{self._address}:{dst}") + subprocess.check_call(scp_cmd) @abc.abstractmethod def running(self): From f10206c2d87046b8d875c248939fb1fcba95bd08 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 20 Nov 2025 18:55:24 +0100 Subject: [PATCH 218/254] vmtest: add new _ensure_ssh() that will retry 3x to login Small helper to retry ssh to avoid flakyness when a VM closes the connection too early. --- vmtest/vm.py | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/vmtest/vm.py b/vmtest/vm.py index 275839a5b..6869090eb 100644 --- a/vmtest/vm.py +++ b/vmtest/vm.py @@ -19,8 +19,8 @@ _non_interactive_ssh = [ "-o", "UserKnownHostsFile=/dev/null", - "-o" "StrictHostKeyChecking=no", - "-o" "LogLevel=ERROR", + "-o", "StrictHostKeyChecking=no", + "-o", "LogLevel=ERROR", ] @@ -57,12 +57,29 @@ def _sshpass(self, password): return [] return ["sshpass", "-p", password] + def _ensure_ssh(self, user, password="", keyfile=None): + if not self.running(): + self.start() + n_retries = 3 + wait_sec = 10 + for _ in range(n_retries): + try: + ret, _ = self._run("true", user, password, keyfile) + if ret == 0: + return + except Exception as e: + print(f"ssh not ready {e}") + time.sleep(wait_sec) + raise RuntimeError(f"no ssh after {n_retries} retries of {wait_sec}") + def run(self, cmd, user, password="", keyfile=None): + self._ensure_ssh(user, password, keyfile) + return self._run(cmd, user, password, keyfile) + + def _run(self, cmd, user, password="", keyfile=None): """ Run a command on the VM via SSH using the provided credentials. """ - if not self.running(): - self.start() ssh_cmd = self._sshpass(password) + [ "ssh", "-p", str(self._ssh_port), ] + _non_interactive_ssh @@ -82,8 +99,7 @@ def run(self, cmd, user, password="", keyfile=None): return p.returncode, output.getvalue() def scp(self, src, dst, user, password="", keyfile=None): - if not self.running(): - self.start() + self._ensure_ssh(user, password, keyfile) scp_cmd = self._sshpass(password) + [ "scp", "-P", str(self._ssh_port), ] + _non_interactive_ssh From f46d6a51f5acf19fd4ec1253d916d30f622da2fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 04:09:05 +0000 Subject: [PATCH 219/254] build(deps): bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- .github/workflows/testingfarm-unit.yml | 2 +- .github/workflows/testingfarm.yml | 2 +- .github/workflows/tests.yml | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 50a96ba78..ee2f50846 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repo - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Build image uses: redhat-actions/buildah-build@v2 diff --git a/.github/workflows/testingfarm-unit.yml b/.github/workflows/testingfarm-unit.yml index 9863fae8f..e57470cd9 100644 --- a/.github/workflows/testingfarm-unit.yml +++ b/.github/workflows/testingfarm-unit.yml @@ -27,7 +27,7 @@ jobs: echo "Job originally triggered by ${{ github.actor }}" exit 1 - name: Check out code - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.head.sha }} - name: Run the tests diff --git a/.github/workflows/testingfarm.yml b/.github/workflows/testingfarm.yml index 9c04193a8..58b9328b3 100644 --- a/.github/workflows/testingfarm.yml +++ b/.github/workflows/testingfarm.yml @@ -44,7 +44,7 @@ jobs: echo "Job originally triggered by ${{ github.actor }}" exit 1 - name: Check out code - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.head.sha }} - name: Run the tests diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 09aeed9e1..c2038ad01 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -30,7 +30,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.head.sha }} @@ -59,7 +59,7 @@ jobs: name: "🐚 Shellcheck" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.head.sha }} - name: Run ShellCheck @@ -77,7 +77,7 @@ jobs: test_files: ${{ steps.collect.outputs.test_files }} steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.head.sha }} - name: Collect test files @@ -96,7 +96,7 @@ jobs: matrix: test_file: ${{ fromJson(needs.collect_tests.outputs.test_files) }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.head.sha }} - name: Setup up python From f145d5b43f9b020239a01364d102afbd6b849e65 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 25 Nov 2025 21:19:38 +0100 Subject: [PATCH 220/254] go.mod: move to images v0.226.0 This will pull in https://github.com/osbuild/images/pull/2037 to fix a selinux label issue. Thanks to Alex for fixing this in images. --- bib/go.mod | 2 +- bib/go.sum | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 77a942cba..1e8a096a7 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -7,7 +7,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.16.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.220.0 + github.com/osbuild/images v0.226.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index c5525fc32..98d4590c5 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -249,10 +249,8 @@ github.com/osbuild/blueprint v1.16.0 h1:f/kHih+xpeJ1v7wtIfzdHPZTsiXsqKeDQ1+rrue6 github.com/osbuild/blueprint v1.16.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= -github.com/osbuild/images v0.211.0 h1:3BU7mMM7Iu81qZnq7y8luuIIOt707J9tF9DwCyOk9yM= -github.com/osbuild/images v0.211.0/go.mod h1:Cs7zFV8rmbVHn+19ArNdjd1AtFk+LC9dOOHuxiSLghw= -github.com/osbuild/images v0.220.0 h1:9aeYxhZ8NxbC1E5Zr5NFYWgG0A5euim4gTwUC08/naQ= -github.com/osbuild/images v0.220.0/go.mod h1:Cs7zFV8rmbVHn+19ArNdjd1AtFk+LC9dOOHuxiSLghw= +github.com/osbuild/images v0.226.0 h1:NiryPkd+rx0iPFzKV7s/GP8HPuSuVyXDT2guWVx/i+k= +github.com/osbuild/images v0.226.0/go.mod h1:Cs7zFV8rmbVHn+19ArNdjd1AtFk+LC9dOOHuxiSLghw= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From 4c57425a09416c4011cb006516432cba4f474a20 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 21 Nov 2025 11:51:13 +0100 Subject: [PATCH 221/254] test: use vmtest from images Now that the "images" library contains the vmtest testing helpers we use that and remove ouuse that and remove our own copy.. --- .github/workflows/tests.yml | 1 - pyproject.toml | 20 --- test/requirements.txt | 2 +- vmtest/__init__.py | 0 vmtest/util.py | 24 --- vmtest/util_test.py | 47 ----- vmtest/vm.py | 349 ------------------------------------ 7 files changed, 1 insertion(+), 442 deletions(-) delete mode 100644 pyproject.toml delete mode 100644 vmtest/__init__.py delete mode 100644 vmtest/util.py delete mode 100644 vmtest/util_test.py delete mode 100644 vmtest/vm.py diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c2038ad01..77f553bb7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -133,7 +133,6 @@ jobs: run: | # make sure test deps are available for root sudo -E pip install --user -r test/requirements.txt - sudo -E pip install --user . - name: Workarounds for GH runner diskspace run: | # use custom basetemp here because /var/tmp is on a smaller disk diff --git a/pyproject.toml b/pyproject.toml deleted file mode 100644 index 6d1dc5c15..000000000 --- a/pyproject.toml +++ /dev/null @@ -1,20 +0,0 @@ -# Note that this is pyproject file is here only for the vmtest utils. -# This should move out eventually to its own repo or a different place -# like "images". - -[build-system] -requires = ["setuptools>=61.0"] -build-backend = "setuptools.build_meta" - -[project] -name = "vmtest" -version = "0.1.0" -dependencies = [ - "boto3==1.33.13", - "paramiko==4.0.0", - "qmp==1.1.0", - "scp==0.15.0", -] - -[tool.setuptools.packages.find] -include = ["vmtest"] diff --git a/test/requirements.txt b/test/requirements.txt index 9be09ce71..5a58554d4 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -1,6 +1,6 @@ pytest==7.4.3 flake8==6.1.0 -paramiko==2.12.0 boto3==1.33.13 qmp==1.1.0 pylint==3.2.5 +vmtest @ git+https://github.com/osbuild/images.git diff --git a/vmtest/__init__.py b/vmtest/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/vmtest/util.py b/vmtest/util.py deleted file mode 100644 index 195f52134..000000000 --- a/vmtest/util.py +++ /dev/null @@ -1,24 +0,0 @@ -import socket -import time - - -def get_free_port() -> int: - # this is racy but there is no race-free way to do better with the qemu CLI - with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: - s.bind(("localhost", 0)) - return s.getsockname()[1] - - -def wait_ssh_ready(address, port, sleep, max_wait_sec): - for _ in range(int(max_wait_sec / sleep)): - with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: - s.settimeout(sleep) - try: - s.connect((address, port)) - data = s.recv(256) - if b"OpenSSH" in data: - return - except (ConnectionRefusedError, ConnectionResetError, TimeoutError): - pass - time.sleep(sleep) - raise ConnectionRefusedError(f"cannot connect to port {port} after {max_wait_sec}s") diff --git a/vmtest/util_test.py b/vmtest/util_test.py deleted file mode 100644 index 6d91720e1..000000000 --- a/vmtest/util_test.py +++ /dev/null @@ -1,47 +0,0 @@ -import contextlib -import shutil -import subprocess -from unittest.mock import call, patch - -import pytest - -from vmtest.util import get_free_port, wait_ssh_ready - - -def test_get_free_port(): - port_nr = get_free_port() - assert 1024 < port_nr < 65535 - - -@patch("time.sleep") -def test_wait_ssh_ready_sleeps_no_connection(mocked_sleep): - free_port = get_free_port() - with pytest.raises(ConnectionRefusedError): - wait_ssh_ready("localhost", free_port, sleep=0.1, max_wait_sec=0.35) - assert mocked_sleep.call_args_list == [call(0.1), call(0.1), call(0.1)] - - -@pytest.mark.skipif(not shutil.which("nc"), reason="needs nc") -def test_wait_ssh_ready_sleeps_wrong_reply(): - free_port = get_free_port() - with contextlib.ExitStack() as cm: - with subprocess.Popen( - f"echo not-ssh | nc -vv -l -p {free_port}", - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, - encoding="utf-8", - ) as p: - cm.callback(p.kill) - # wait for nc to be ready - while True: - # netcat tranditional uses "listening", others "Listening" - # so just omit the first char - if "istening " in p.stdout.readline(): - break - # now connect - with patch("time.sleep") as mocked_sleep: - with pytest.raises(ConnectionRefusedError): - wait_ssh_ready("localhost", free_port, sleep=0.1, max_wait_sec=0.55) - assert mocked_sleep.call_args_list == [ - call(0.1), call(0.1), call(0.1), call(0.1), call(0.1)] diff --git a/vmtest/vm.py b/vmtest/vm.py deleted file mode 100644 index 6869090eb..000000000 --- a/vmtest/vm.py +++ /dev/null @@ -1,349 +0,0 @@ -import abc -import os -import pathlib -import platform -import shutil -import subprocess -import sys -import tempfile -import time -import uuid -from io import StringIO - -import boto3 -from botocore.exceptions import ClientError -from vmtest.util import get_free_port, wait_ssh_ready - -AWS_REGION = "us-east-1" - - -_non_interactive_ssh = [ - "-o", "UserKnownHostsFile=/dev/null", - "-o", "StrictHostKeyChecking=no", - "-o", "LogLevel=ERROR", -] - - -class VM(abc.ABC): - - def __init__(self): - self._ssh_port = None - self._address = None - - def __del__(self): - self.force_stop() - - @abc.abstractmethod - def start(self): - """ - Start the VM. This method will be called automatically if it is not called explicitly before calling run(). - """ - - def _log(self, msg): - # XXX: use a proper logger - sys.stdout.write(msg.rstrip("\n") + "\n") - - def wait_ssh_ready(self): - wait_ssh_ready(self._address, self._ssh_port, sleep=1, max_wait_sec=600) - - @abc.abstractmethod - def force_stop(self): - """ - Stop the VM and clean up any resources that were created when setting up and starting the machine. - """ - - def _sshpass(self, password): - if not password: - return [] - return ["sshpass", "-p", password] - - def _ensure_ssh(self, user, password="", keyfile=None): - if not self.running(): - self.start() - n_retries = 3 - wait_sec = 10 - for _ in range(n_retries): - try: - ret, _ = self._run("true", user, password, keyfile) - if ret == 0: - return - except Exception as e: - print(f"ssh not ready {e}") - time.sleep(wait_sec) - raise RuntimeError(f"no ssh after {n_retries} retries of {wait_sec}") - - def run(self, cmd, user, password="", keyfile=None): - self._ensure_ssh(user, password, keyfile) - return self._run(cmd, user, password, keyfile) - - def _run(self, cmd, user, password="", keyfile=None): - """ - Run a command on the VM via SSH using the provided credentials. - """ - ssh_cmd = self._sshpass(password) + [ - "ssh", "-p", str(self._ssh_port), - ] + _non_interactive_ssh - if keyfile: - ssh_cmd.extend(["-i", keyfile]) - ssh_cmd.append(f"{user}@{self._address}") - ssh_cmd.append(cmd) - output = StringIO() - with subprocess.Popen( - ssh_cmd, - stdout=subprocess.PIPE, stderr=subprocess.STDOUT, - text=True, bufsize=1, - ) as p: - for out in p.stdout: - self._log(out) - output.write(out) - return p.returncode, output.getvalue() - - def scp(self, src, dst, user, password="", keyfile=None): - self._ensure_ssh(user, password, keyfile) - scp_cmd = self._sshpass(password) + [ - "scp", "-P", str(self._ssh_port), - ] + _non_interactive_ssh - if keyfile: - scp_cmd.extend(["-i", keyfile]) - scp_cmd.append(src) - scp_cmd.append(f"{user}@{self._address}:{dst}") - subprocess.check_call(scp_cmd) - - @abc.abstractmethod - def running(self): - """ - True if the VM is running. - """ - - def __enter__(self): - return self - - def __exit__(self, exc_type, exc_value, traceback): - self.force_stop() - - -# needed as each distro puts the OVMF.fd in a different location -def find_ovmf(): - for p in [ - "/usr/share/ovmf/OVMF.fd", # Debian - "/usr/share/OVMF/OVMF_CODE.fd", # Fedora - ]: - if os.path.exists(p): - return p - raise ValueError("cannot find a OVMF bios") - - -class QEMU(VM): - MEM = "2000" - - def __init__(self, img, arch="", snapshot=True, cdrom=None): - super().__init__() - self._img = pathlib.Path(img) - self._tmpdir = tempfile.mkdtemp(prefix="vmtest-", suffix=f"-{self._img.name}") - self._qmp_socket = os.path.join(self._tmpdir, "qmp.socket") - self._qemu_p = None - self._snapshot = snapshot - self._cdrom = cdrom - self._ssh_port = None - if not arch: - arch = platform.machine() - self._arch = arch - - def __del__(self): - self.force_stop() - shutil.rmtree(self._tmpdir) - - def _gen_qemu_cmdline(self, snapshot, use_ovmf): - if self._arch in ("arm64", "aarch64"): - qemu_cmdline = [ - "qemu-system-aarch64", - "-machine", "virt", - "-cpu", "cortex-a57", - "-smp", "2", - "-bios", "/usr/share/AAVMF/AAVMF_CODE.fd", - ] - elif self._arch in ("amd64", "x86_64"): - qemu_cmdline = [ - "qemu-system-x86_64", - "-M", "accel=kvm", - # get "illegal instruction" inside the VM otherwise - "-cpu", "host", - ] - if use_ovmf: - qemu_cmdline.extend(["-bios", find_ovmf()]) - else: - raise ValueError(f"unsupported architecture {self._arch}") - - # common part - qemu_cmdline += [ - "-m", self.MEM, - "-serial", "stdio", - "-monitor", "none", - "-netdev", f"user,id=net.0,hostfwd=tcp::{self._ssh_port}-:22", - "-device", "e1000,netdev=net.0", - "-qmp", f"unix:{self._qmp_socket},server,nowait", - ] - if not os.environ.get("OSBUILD_TEST_QEMU_GUI"): - qemu_cmdline.append("-nographic") - if self._cdrom: - qemu_cmdline.extend(["-cdrom", self._cdrom]) - if snapshot: - qemu_cmdline.append("-snapshot") - qemu_cmdline.append(self._img) - return qemu_cmdline - - # XXX: move args to init() so that __enter__ can use them? - def start(self, wait_event="ssh", snapshot=True, use_ovmf=False): - if self.running(): - return - self._ssh_port = get_free_port() - self._address = "localhost" - - # XXX: use systemd-run to ensure cleanup? - # pylint: disable=consider-using-with - self._qemu_p = subprocess.Popen( - self._gen_qemu_cmdline(snapshot, use_ovmf), - stdout=sys.stdout, - stderr=sys.stderr, - ) - # XXX: also check that qemu is working and did not crash - ev = wait_event.split(":") - if ev == ["ssh"]: - self.wait_ssh_ready() - self._log(f"vm ready at port {self._ssh_port}") - elif ev[0] == "qmp": - qmp_event = ev[1] - self.wait_qmp_event(qmp_event) - self._log(f"qmp event {qmp_event}") - else: - raise ValueError(f"unsupported wait_event {wait_event}") - - def _wait_qmp_socket(self, timeout_sec): - for _ in range(timeout_sec): - if os.path.exists(self._qmp_socket): - return True - time.sleep(1) - raise TimeoutError(f"no {self._qmp_socket} after {timeout_sec} seconds") - - def wait_qmp_event(self, qmp_event): - # import lazy to avoid requiring it for all operations - import qmp # pylint: disable=import-outside-toplevel - self._wait_qmp_socket(30) - mon = qmp.QEMUMonitorProtocol(os.fspath(self._qmp_socket)) - mon.connect() - while True: - event = mon.pull_event(wait=True) - self._log(f"DEBUG: got event {event}") - if event["event"] == qmp_event: - return - - def force_stop(self): - if self._qemu_p: - self._qemu_p.kill() - self._qemu_p.wait() - self._qemu_p = None - self._address = None - self._ssh_port = None - - def running(self): - return self._qemu_p is not None - - -class AWS(VM): - - _instance_type = "t3.medium" # set based on architecture when we add arm tests - - def __init__(self, ami_id): - super().__init__() - self._ssh_port = 22 - self._ami_id = ami_id - self._ec2_instance = None - self._ec2_security_group = None - self._ec2_resource = boto3.resource("ec2", region_name=AWS_REGION) - - def start(self): - if self.running(): - return - sec_group_ids = [] - if not self._ec2_security_group: - self._set_ssh_security_group() - sec_group_ids = [self._ec2_security_group.id] - try: - self._log(f"Creating ec2 instance from {self._ami_id}") - instances = self._ec2_resource.create_instances( - ImageId=self._ami_id, - InstanceType=self._instance_type, - SecurityGroupIds=sec_group_ids, - MinCount=1, MaxCount=1 - ) - self._ec2_instance = instances[0] - self._log(f"Waiting for instance {self._ec2_instance.id} to start") - self._ec2_instance.wait_until_running() - self._ec2_instance.reload() # make sure the instance info is up to date - self._address = self._ec2_instance.public_ip_address - self._log(f"Instance is running at {self._address}") - self.wait_ssh_ready() - self._log("SSH is ready") - except ClientError as err: - err_code = err.response["Error"]["Code"] - err_msg = err.response["Error"]["Message"] - self._log(f"Couldn't create instance with image {self._ami_id} and type {self._instance_type}.") - self._log(f"Error {err_code}: {err_msg}") - raise - - def _set_ssh_security_group(self): - group_name = f"bootc-image-builder-test-{str(uuid.uuid4())}" - group_desc = "bootc-image-builder test security group: SSH rule" - try: - self._log(f"Creating security group {group_name}") - self._ec2_security_group = self._ec2_resource.create_security_group(GroupName=group_name, - Description=group_desc) - ip_permissions = [ - { - "IpProtocol": "tcp", - "FromPort": self._ssh_port, - "ToPort": self._ssh_port, - "IpRanges": [{"CidrIp": "0.0.0.0/0"}], - } - ] - self._log(f"Authorizing inbound rule for {group_name} ({self._ec2_security_group})") - self._ec2_security_group.authorize_ingress(IpPermissions=ip_permissions) - self._log("Security group created") - except ClientError as err: - err_code = err.response["Error"]["Code"] - err_msg = err.response["Error"]["Message"] - self._log(f"Couldn't create security group {group_name} or authorize inbound rule.") - self._log(f"Error {err_code}: {err_msg}") - raise - - def force_stop(self): - if self._ec2_instance: - self._log(f"Terminating instance {self._ec2_instance.id}") - try: - self._ec2_instance.terminate() - self._ec2_instance.wait_until_terminated() - self._ec2_instance = None - self._address = None - except ClientError as err: - err_code = err.response["Error"]["Code"] - err_msg = err.response["Error"]["Message"] - self._log(f"Couldn't terminate instance {self._ec2_instance.id}.") - self._log(f"Error {err_code}: {err_msg}") - else: - self._log("No EC2 instance defined. Skipping termination.") - - if self._ec2_security_group: - self._log(f"Deleting security group {self._ec2_security_group.id}") - try: - self._ec2_security_group.delete() - self._ec2_security_group = None - except ClientError as err: - err_code = err.response["Error"]["Code"] - err_msg = err.response["Error"]["Message"] - self._log(f"Couldn't delete security group {self._ec2_security_group.id}.") - self._log(f"Error {err_code}: {err_msg}") - else: - self._log("No security group defined. Skipping deletion.") - - def running(self): - return self._ec2_instance is not None From afe45e783740eeb9f84f23b53753cad7d5656c02 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 24 Nov 2025 12:38:17 +0100 Subject: [PATCH 222/254] test: port to improve vmtest.vm.run() code This ports the existing code to the new vmtest.vm.run() code as proposed in images PR#2036. --- test/test_build_disk.py | 54 ++++++++++++++++++----------------------- test/test_build_iso.py | 11 +++------ 2 files changed, 27 insertions(+), 38 deletions(-) diff --git a/test/test_build_disk.py b/test/test_build_disk.py index 03f3b822b..7672bd80f 100644 --- a/test/test_build_disk.py +++ b/test/test_build_disk.py @@ -544,8 +544,8 @@ def test_build_container_works(image_type): def assert_kernel_args(test_vm, image_type): - exit_status, kcmdline = test_vm.run("cat /proc/cmdline", user=image_type.username, password=image_type.password) - assert exit_status == 0 + ret = test_vm.run(["cat", "/proc/cmdline"], user=image_type.username, password=image_type.password) + kcmdline = ret.stdout # the kernel arg string must have a space as the prefix and either a space # as suffix or be the last element of the kernel commandline assert re.search(f" {re.escape(image_type.kargs)}( |$)", kcmdline) @@ -560,18 +560,16 @@ def test_image_boots(image_type): def assert_disk_image_boots(image_type): with QEMU(image_type.img_path, arch=image_type.img_arch) as test_vm: # user/password login works - exit_status, _ = test_vm.run("true", user=image_type.username, password=image_type.password) - assert exit_status == 0 + test_vm.run("true", user=image_type.username, password=image_type.password) # root/ssh login also works - exit_status, output = test_vm.run("id", user="root", keyfile=image_type.ssh_keyfile_private_path) - assert exit_status == 0 - assert "uid=0" in output + ret = test_vm.run("id", user="root", keyfile=image_type.ssh_keyfile_private_path) + assert "uid=0" in ret.stdout # check generic image options assert_kernel_args(test_vm, image_type) # ensure bootc points to the right image - _, output = test_vm.run("bootc status", user="root", keyfile=image_type.ssh_keyfile_private_path) + ret = test_vm.run(["bootc", "status"], user="root", keyfile=image_type.ssh_keyfile_private_path) # XXX: read the fully yaml instead? - assert f"image: {image_type.container_ref}" in output + assert f"image: {image_type.container_ref}" in ret.stdout if image_type.disk_config: assert_disk_customizations(image_type, test_vm) @@ -579,12 +577,10 @@ def assert_disk_image_boots(image_type): assert_fs_customizations(image_type, test_vm) # check file/dir customizations - exit_status, output = test_vm.run("stat /etc/some-file", user=image_type.username, password=image_type.password) - assert exit_status == 0 - assert "File: /etc/some-file" in output - _, output = test_vm.run("stat /etc/some-dir", user=image_type.username, password=image_type.password) - assert exit_status == 0 - assert "File: /etc/some-dir" in output + ret = test_vm.run(["stat", "/etc/some-file"], user=image_type.username, password=image_type.password) + assert "File: /etc/some-file" in ret.stdout + ret = test_vm.run(["stat", "/etc/some-dir"], user=image_type.username, password=image_type.password) + assert "File: /etc/some-dir" in ret.stdout @pytest.mark.parametrize("image_type", gen_testcases("ami-boot"), indirect=["image_type"]) @@ -599,11 +595,9 @@ def test_ami_boots_in_aws(image_type, force_aws_upload): # 4.30 GiB / 10.00 GiB [------------>____________] 43.02% 58.04 MiB p/s assert "] 100.00%" in image_type.bib_output with AWS(image_type.metadata["ami_id"]) as test_vm: - exit_status, _ = test_vm.run("true", user=image_type.username, password=image_type.password) - assert exit_status == 0 - exit_status, output = test_vm.run("echo hello", user=image_type.username, password=image_type.password) - assert exit_status == 0 - assert "hello" in output + test_vm.run("true", user=image_type.username, password=image_type.password) + ret = test_vm.run(["echo", "hello"], user=image_type.username, password=image_type.password) + assert "hello" in ret.stdout def log_has_osbuild_selinux_denials(log): @@ -686,12 +680,11 @@ def assert_fs_customizations(image_type, test_vm): """ # check the minsize specified in the build configuration for each mountpoint against the sizes in the image # TODO: replace 'df' call with 'parted --json' and find the partition size for each mountpoint - exit_status, output = test_vm.run("df --all --output=target,size", user="root", - keyfile=image_type.ssh_keyfile_private_path) - assert exit_status == 0 + ret = test_vm.run(["df", "--all", "--output=target,size"], user="root", + keyfile=image_type.ssh_keyfile_private_path) # parse the output of 'df' to a mountpoint -> size dict for convenience mountpoint_sizes = {} - for line in output.splitlines()[1:]: + for line in ret.stdout.splitlines()[1:]: fields = line.split() # some filesystems to not report a size with --all if fields[1] == "-": @@ -712,13 +705,12 @@ def assert_fs_customizations(image_type, test_vm): def assert_disk_customizations(image_type, test_vm): - exit_status, output = test_vm.run("findmnt --json", user="root", - keyfile=image_type.ssh_keyfile_private_path) - assert exit_status == 0 - findmnt = json.loads(output) - exit_status, swapon_output = test_vm.run("swapon --show", user="root", - keyfile=image_type.ssh_keyfile_private_path) - assert exit_status == 0 + ret = test_vm.run(["findmnt", "--json"], user="root", + keyfile=image_type.ssh_keyfile_private_path) + findmnt = json.loads(ret.stdout) + swapon_ret = test_vm.run(["swapon", "--show"], user="root", + keyfile=image_type.ssh_keyfile_private_path) + swapon_output = swapon_ret.stdout if dc := image_type.disk_config: if dc == "lvm": mnts = [mnt for mnt in findmnt["filesystems"][0]["children"] diff --git a/test/test_build_iso.py b/test/test_build_iso.py index 1293bd50a..8d93603ae 100644 --- a/test/test_build_iso.py +++ b/test/test_build_iso.py @@ -39,8 +39,7 @@ def test_iso_installs(image_type): # boot test disk and do extremly simple check with QEMU(test_disk_path) as vm: vm.start(use_ovmf=True) - exit_status, _ = vm.run("true", user=image_type.username, password=image_type.password) - assert exit_status == 0 + vm.run("true", user=image_type.username, password=image_type.password) assert_kernel_args(vm, image_type) @@ -198,8 +197,6 @@ def test_bootc_installer_iso_installs(tmp_path, build_container, container_ref): # boot test disk and do extremly simple check with QEMU(test_disk_path) as vm: vm.start(use_ovmf=True) - exit_status, _ = vm.run("true", user=username, password=password) - assert exit_status == 0 - exit_status, output = vm.run("bootc status", user="root", keyfile=ssh_keyfile_private_path) - assert exit_status == 0 - assert f"image: {container_ref}" in output + vm.run("true", user=username, password=password) + ret = vm.run(["bootc", "status"], user="root", keyfile=ssh_keyfile_private_path) + assert f"image: {container_ref}" in ret.stdout From 17f7917748b5a5eecb082c56618fc0fdcaf9e539 Mon Sep 17 00:00:00 2001 From: Cameron Knauff Date: Wed, 26 Nov 2025 11:08:20 -0800 Subject: [PATCH 223/254] Fix: correct symlink --- bib/data/defs/stillos-10.yaml | 1 + 1 file changed, 1 insertion(+) create mode 120000 bib/data/defs/stillos-10.yaml diff --git a/bib/data/defs/stillos-10.yaml b/bib/data/defs/stillos-10.yaml new file mode 120000 index 000000000..679a5b6dd --- /dev/null +++ b/bib/data/defs/stillos-10.yaml @@ -0,0 +1 @@ +bib/data/defs/centos-10.yaml \ No newline at end of file From dc8bd6ad0b8436b40627a44a4547b792cb7b768f Mon Sep 17 00:00:00 2001 From: Wei Shi Date: Tue, 2 Dec 2025 14:44:36 +0800 Subject: [PATCH 224/254] Konflux build pipeline service account migration https://issues.redhat.com/browse/KONFLUX-5207 Signed-off-by: Wei Shi --- .tekton/bootc-image-builder-pull-request.yaml | 12 +++++++----- .tekton/bootc-image-builder-push.yaml | 15 ++++++++------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/.tekton/bootc-image-builder-pull-request.yaml b/.tekton/bootc-image-builder-pull-request.yaml index 3bbd7be56..aca1eba40 100644 --- a/.tekton/bootc-image-builder-pull-request.yaml +++ b/.tekton/bootc-image-builder-pull-request.yaml @@ -513,12 +513,12 @@ spec: - "false" - name: sast-snyk-check params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) runAfter: - - build-container + - build-container taskRef: params: - name: name @@ -584,6 +584,8 @@ spec: - name: workspace-amd64 - name: git-auth optional: true + taskRunTemplate: + serviceAccountName: build-pipeline-bootc-image-builder workspaces: - name: workspace-amd64 volumeClaimTemplate: diff --git a/.tekton/bootc-image-builder-push.yaml b/.tekton/bootc-image-builder-push.yaml index 637dd1f93..d4820c5c2 100644 --- a/.tekton/bootc-image-builder-push.yaml +++ b/.tekton/bootc-image-builder-push.yaml @@ -6,8 +6,7 @@ metadata: build.appstudio.redhat.com/commit_sha: "{{revision}}" build.appstudio.redhat.com/target_branch: "{{target_branch}}" pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: - event == "push" && target_branch == "main" && files.all.exists(x,!x.startsWith(".tekton/")) + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && files.all.exists(x,!x.startsWith(".tekton/")) creationTimestamp: null labels: appstudio.openshift.io/application: bootc-image-builder @@ -601,12 +600,12 @@ spec: - "false" - name: sast-snyk-check params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) runAfter: - - build-container + - build-container taskRef: params: - name: name @@ -672,6 +671,8 @@ spec: - name: workspace-amd64 - name: git-auth optional: true + taskRunTemplate: + serviceAccountName: build-pipeline-bootc-image-builder workspaces: - name: workspace-amd64 volumeClaimTemplate: From 866f05b411547168f118405a344786bd084360a9 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Thu, 11 Dec 2025 18:17:02 +0100 Subject: [PATCH 225/254] README: capitalise TOML Normally it's printed in all caps (unless it's all lowercase) and it's consistent with JSON on the same line. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fbf26068d..497a73e49 100644 --- a/README.md +++ b/README.md @@ -320,7 +320,7 @@ The following volumes can be mounted inside the container: ## 📝 Build config -A build config is a Toml (or JSON) file with customizations for the resulting image. The config file is mapped into the container directory to `/config.toml`. The customizations are specified under a `customizations` object. +A build config is a TOML (or JSON) file with customizations for the resulting image. The config file is mapped into the container directory to `/config.toml`. The customizations are specified under a `customizations` object. As an example, let's show how you can add a user to the image: From e19791c814eca4db4d762068b496131a8949feb3 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Thu, 11 Dec 2025 18:18:24 +0100 Subject: [PATCH 226/254] README: minor rephrase and fix for anaconda-iso description --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 497a73e49..017906bd7 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,7 @@ The following image types are currently available via the `--type` argument: | `qcow2` **(default)** | [QEMU](https://www.qemu.org/) | | `vmdk` | [VMDK](https://en.wikipedia.org/wiki/VMDK) usable in vSphere, among others | | `bootc-installer` | An installer ISO image based on the specified bootc container image. | -| `anaconda-iso` | An unattended Anaconda installer that installs to the first disk found build from RPMs. | +| `anaconda-iso` | An unattended Anaconda installer that installs to the first disk found. Built from RPMs. | | `raw` | Unformatted [raw disk](https://en.wikipedia.org/wiki/Rawdisk). | | `vhd` | [vhd](https://en.wikipedia.org/wiki/VHD_(file_format)) usable in Virtual PC, among others | | `gce` | [GCE](https://cloud.google.com/compute/docs/images#custom_images) | From 7741b12316c61c2ebf00d08e3c32553c5b8f8063 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Thu, 11 Dec 2025 18:23:42 +0100 Subject: [PATCH 227/254] README: link to the blueprint repo and user guide In the intro section for the build config, link to the blueprint repository and reference guide on osbuild.org. While we do describe most (or perhaps all) supported options in the README, it's good to have a link to the full docs for reference. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 017906bd7..fc2e36385 100644 --- a/README.md +++ b/README.md @@ -322,6 +322,8 @@ The following volumes can be mounted inside the container: A build config is a TOML (or JSON) file with customizations for the resulting image. The config file is mapped into the container directory to `/config.toml`. The customizations are specified under a `customizations` object. +The build config is a [Blueprint file](https://github.com/osbuild/blueprint), documented in the [osbuild.org User Guide](https://osbuild.org/docs/user-guide/blueprint-reference/). Note that not all Blueprint options are supported in bootc-image-builder. Refer to the **bootc** tab for information on whether a specific customization is supported. + As an example, let's show how you can add a user to the image: Firstly create a file `./config.toml` and put the following content into it: From 92a5e3464d26e2723e3c767af05a186657c69a1d Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Thu, 8 Jan 2026 22:36:28 +0100 Subject: [PATCH 228/254] deps: bump images to 0.231.0 Bump images to a newer version to resolve issues with finding EFI executables in containers with newer `bootupd` versions. Closes #1173, #1171. See this issue [1] for more background information. [1]: https://github.com/osbuild/image-builder-cli/issues/421 Signed-off-by: Simon de Vlieger --- bib/go.mod | 4 ++-- bib/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 1e8a096a7..afbbcc99b 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -5,9 +5,9 @@ go 1.24.6 require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.16.0 + github.com/osbuild/blueprint v1.20.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.226.0 + github.com/osbuild/images v0.231.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index 98d4590c5..4242aee8a 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,12 +245,12 @@ github.com/opencontainers/runtime-spec v1.3.0 h1:YZupQUdctfhpZy3TM39nN9Ika5CBWT5 github.com/opencontainers/runtime-spec v1.3.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= -github.com/osbuild/blueprint v1.16.0 h1:f/kHih+xpeJ1v7wtIfzdHPZTsiXsqKeDQ1+rrue6298= -github.com/osbuild/blueprint v1.16.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= +github.com/osbuild/blueprint v1.20.0 h1:O1FzTXhCxxwquROttv2nC827JYUJCT0rLypAltV2MpM= +github.com/osbuild/blueprint v1.20.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= -github.com/osbuild/images v0.226.0 h1:NiryPkd+rx0iPFzKV7s/GP8HPuSuVyXDT2guWVx/i+k= -github.com/osbuild/images v0.226.0/go.mod h1:Cs7zFV8rmbVHn+19ArNdjd1AtFk+LC9dOOHuxiSLghw= +github.com/osbuild/images v0.231.0 h1:QbjOqC777TfdE5KNco9r+XgBvBn0NPoglUPZPaQxTos= +github.com/osbuild/images v0.231.0/go.mod h1:04grrQg/kMDXFysqFxQNQSNGvKFdzlf6NM7k15gPiCo= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From c83efed11ecc7dc784466c4e12f056d92784f1d6 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Thu, 8 Jan 2026 22:50:59 +0100 Subject: [PATCH 229/254] chore: fix constructor The constructor in `images` dropped the reference argument; let's drop it here as well. Signed-off-by: Simon de Vlieger --- bib/cmd/bootc-image-builder/legacy_iso.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index 7f71e88ec..83c56c1f9 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -305,7 +305,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro // The ref is not needed and will be removed from the ctor later // in time - img := image.NewAnacondaContainerInstallerLegacy(platform, filename, containerSource, "") + img := image.NewAnacondaContainerInstallerLegacy(platform, filename, containerSource) img.ContainerRemoveSignatures = true img.RootfsCompression = "zstd" From 0781de98ac88e1008b639b5bd4fbb1b9633ed9fb Mon Sep 17 00:00:00 2001 From: rszabi Date: Wed, 14 Jan 2026 20:34:00 +0200 Subject: [PATCH 230/254] go.mod: update osbuild/blueprint dependency to v1.22.0 Update osbuild/blueprint dependency and add new ISO options to README. --- README.md | 11 +++++++++++ bib/cmd/bootc-image-builder/legacy_iso.go | 6 +++++- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index fc2e36385..e88aa1c4c 100644 --- a/README.md +++ b/README.md @@ -541,6 +541,17 @@ By default, the following modules are enabled for all Anaconda ISOs: - `org.fedoraproject.Anaconda.Modules.Storage` - `org.fedoraproject.Anaconda.Modules.Users` +### Anaconda ISO (media) options (`iso`, mapping) + +Users can customize the volume_id (which will be the ISO's label, used also in boot/grub.cfg). + + +```toml +[customizations.iso] +volume_id = "TheISOLabel" +application_id = "MyFancyAPP" +publisher = "ThePublisher" +``` ##### Enable vs Disable priority diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index 83c56c1f9..4815a06d3 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -315,7 +315,6 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro img.InstallerCustomizations.Product = c.SourceInfo.OSRelease.Name img.InstallerCustomizations.OSVersion = c.SourceInfo.OSRelease.VersionID - img.InstallerCustomizations.ISOLabel = labelForISO(&c.SourceInfo.OSRelease, &c.Architecture) img.ExtraBasePackages = rpmmd.PackageSet{ Include: imageDef.Packages, @@ -325,6 +324,11 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro if c.Config != nil { customizations = c.Config.Customizations } + if customizations.GetISO() != nil && customizations.GetISO().VolumeID != "" { + img.InstallerCustomizations.ISOLabel = customizations.GetISO().VolumeID + } else { + img.InstallerCustomizations.ISOLabel = labelForISO(&c.SourceInfo.OSRelease, &c.Architecture) + } img.InstallerCustomizations.FIPS = customizations.GetFIPS() img.Kickstart, err = kickstart.New(customizations) if err != nil { diff --git a/bib/go.mod b/bib/go.mod index afbbcc99b..95ac30d8e 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -5,7 +5,7 @@ go 1.24.6 require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.20.0 + github.com/osbuild/blueprint v1.22.0 github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 github.com/osbuild/images v0.231.0 github.com/sirupsen/logrus v1.9.3 diff --git a/bib/go.sum b/bib/go.sum index 4242aee8a..8098de183 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,8 +245,8 @@ github.com/opencontainers/runtime-spec v1.3.0 h1:YZupQUdctfhpZy3TM39nN9Ika5CBWT5 github.com/opencontainers/runtime-spec v1.3.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= -github.com/osbuild/blueprint v1.20.0 h1:O1FzTXhCxxwquROttv2nC827JYUJCT0rLypAltV2MpM= -github.com/osbuild/blueprint v1.20.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= +github.com/osbuild/blueprint v1.22.0 h1:b3WicGjCFzEwOm/YwPH7w9YioCcehGejdOTkjJ3Fyz0= +github.com/osbuild/blueprint v1.22.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= github.com/osbuild/images v0.231.0 h1:QbjOqC777TfdE5KNco9r+XgBvBn0NPoglUPZPaQxTos= From 2a1871c9b07a8165f508c042157fe5f01ef92973 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Tue, 27 Jan 2026 13:08:01 +0100 Subject: [PATCH 231/254] Bump to latest version of image-builder-cli We need this for the InVM option when running osbuild. This also fixes the usage of fields in InstallerCustomizations that were moved to ISOCustomizations. --- bib/cmd/bootc-image-builder/legacy_iso.go | 8 ++++---- bib/go.mod | 8 ++++---- bib/go.sum | 16 ++++++++-------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index 4815a06d3..feae414f4 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -310,7 +310,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro img.RootfsCompression = "zstd" if c.Architecture == arch.ARCH_X86_64 { - img.InstallerCustomizations.ISOBoot = manifest.Grub2ISOBoot + img.ISOCustomizations.BootType = manifest.Grub2ISOBoot } img.InstallerCustomizations.Product = c.SourceInfo.OSRelease.Name @@ -325,9 +325,9 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro customizations = c.Config.Customizations } if customizations.GetISO() != nil && customizations.GetISO().VolumeID != "" { - img.InstallerCustomizations.ISOLabel = customizations.GetISO().VolumeID + img.ISOCustomizations.Label = customizations.GetISO().VolumeID } else { - img.InstallerCustomizations.ISOLabel = labelForISO(&c.SourceInfo.OSRelease, &c.Architecture) + img.ISOCustomizations.Label = labelForISO(&c.SourceInfo.OSRelease, &c.Architecture) } img.InstallerCustomizations.FIPS = customizations.GetFIPS() img.Kickstart, err = kickstart.New(customizations) @@ -366,7 +366,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro img.InstallerCustomizations.LoraxTemplatePackage = loraxTemplatePackage(c.SourceInfo.OSRelease) // see https://github.com/osbuild/bootc-image-builder/issues/733 - img.InstallerCustomizations.ISORootfsType = manifest.SquashfsRootfs + img.ISOCustomizations.RootfsType = manifest.SquashfsRootfs installRootfsType, err := disk.NewFSType(c.RootFSType) if err != nil { diff --git a/bib/go.mod b/bib/go.mod index 95ac30d8e..2e445a810 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,10 +6,10 @@ require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.22.0 - github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 - github.com/osbuild/images v0.231.0 + github.com/osbuild/image-builder-cli v0.0.0-20260126184006-13a177bf6bf7 + github.com/osbuild/images v0.234.0 github.com/sirupsen/logrus v1.9.3 - github.com/spf13/cobra v1.10.1 + github.com/spf13/cobra v1.10.2 github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 go.yaml.in/yaml/v3 v3.0.4 @@ -18,7 +18,7 @@ require ( require ( dario.cat/mergo v1.0.2 // indirect - github.com/BurntSushi/toml v1.5.1-0.20250606162815-011fa2bc64ce // indirect + github.com/BurntSushi/toml v1.6.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Microsoft/hcsshim v0.13.0 // indirect github.com/VividCortex/ewma v1.2.0 // indirect diff --git a/bib/go.sum b/bib/go.sum index 8098de183..544d2240e 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -4,8 +4,8 @@ dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.5.1-0.20250606162815-011fa2bc64ce h1:rdHALCMqlJVeIieqJjJTfLp6GZ0Bk/6MWI/6d7gJe+A= -github.com/BurntSushi/toml v1.5.1-0.20250606162815-011fa2bc64ce/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk= +github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.13.0 h1:/BcXOiS6Qi7N9XqUcv27vkIuVOkBEcWstd2pMlWSeaA= @@ -247,10 +247,10 @@ github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplU github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/osbuild/blueprint v1.22.0 h1:b3WicGjCFzEwOm/YwPH7w9YioCcehGejdOTkjJ3Fyz0= github.com/osbuild/blueprint v1.22.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= -github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521 h1:Mo1htXYyEoKrBQD+/RC/kluAWu4+E0oEjPorujVn/K8= -github.com/osbuild/image-builder-cli v0.0.0-20250924085931-15de5139f521/go.mod h1:oTn9T+bV9g/760hM/jX7AV0c4vuVIn6FjAnaVM9RzRo= -github.com/osbuild/images v0.231.0 h1:QbjOqC777TfdE5KNco9r+XgBvBn0NPoglUPZPaQxTos= -github.com/osbuild/images v0.231.0/go.mod h1:04grrQg/kMDXFysqFxQNQSNGvKFdzlf6NM7k15gPiCo= +github.com/osbuild/image-builder-cli v0.0.0-20260126184006-13a177bf6bf7 h1:ruEgBtwjQCxdisAdv2vfrZ2Fks5AcPOe+H8mFbSCUi4= +github.com/osbuild/image-builder-cli v0.0.0-20260126184006-13a177bf6bf7/go.mod h1:ER0gpmtXw+KL24UICAzSPO+1W3g777n+KfDplGL6olw= +github.com/osbuild/images v0.234.0 h1:8RrUzOxR2/rYk7ErWxiEJ5mTWZ0yEbjRXsbvT8hnPf0= +github.com/osbuild/images v0.234.0/go.mod h1:vjzHaL/8MDG6c3yjU8qgMKOIib89A1r2ql50Nronaw4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -288,8 +288,8 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU= github.com/smallstep/pkcs7 v0.1.1/go.mod h1:dL6j5AIz9GHjVEBTXtW+QliALcgM19RtXaTeyxI+AfA= -github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= -github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= From 92491e5d5b30b7e046d90f126d00ef8209fefb07 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Tue, 27 Jan 2026 16:51:07 +0100 Subject: [PATCH 232/254] Remove test_progress_term_autoselect test This test was removed in image-builder-cli in: https://github.com/osbuild/image-builder-cli/commit/06e181b36eb2e652c9306c38834cc5ca6033fc16 Because its no longer working. Do the same here. --- test/test_progress.py | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/test/test_progress.py b/test/test_progress.py index 678685d17..559f5026e 100644 --- a/test/test_progress.py +++ b/test/test_progress.py @@ -57,25 +57,6 @@ def test_progress_term_works_without_tty(tmp_path, build_fake_container): assert "[|] Manifest generation step" in res.stderr -def test_progress_term_autoselect(tmp_path, build_fake_container): - output_path = tmp_path / "output" - output_path.mkdir(exist_ok=True) - - cmdline = [ - *testutil.podman_run_common, - # we have a terminal - "-t", - build_fake_container, - "build", - # note that we do not select a --progress here so auto-select is used - "quay.io/centos-bootc/centos-bootc:stream9", - ] - res = subprocess.run(cmdline, capture_output=True, text=True, check=False) - assert res.returncode == 0 - # its curious that we get the output on stdout here, podman weirdness? - assert "[|] Manifest generation step" in res.stdout - - @pytest.mark.skipif(not testutil.can_start_rootful_containers, reason="require a rootful containers (try: sudo)") @pytest.mark.parametrize("progress", ["term", "verbose"]) def test_progress_error_reporting(tmp_path, build_erroring_container, progress): From 2a187247ca94443bde0516c78277fbff1778011a Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Tue, 27 Jan 2026 13:50:38 +0100 Subject: [PATCH 233/254] bc-i-b: Add --in-vm option If this is specified, the "image" pipeline (the main one) is run in a vm. --- bib/cmd/bootc-image-builder/main.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 249aa33ff..be4b06484 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -265,6 +265,7 @@ func cmdBuild(cmd *cobra.Command, args []string) error { outputDir, _ := cmd.Flags().GetString("output") targetArch, _ := cmd.Flags().GetString("target-arch") progressType, _ := cmd.Flags().GetString("progress") + runInVM, _ := cmd.Flags().GetBool("in-vm") logrus.Debug("Validating environment") if err := setup.Validate(targetArch); err != nil { @@ -350,6 +351,9 @@ func cmdBuild(cmd *cobra.Command, args []string) error { OutputDir: outputDir, ExtraEnv: osbuildEnv, } + if runInVM { + osbuildOpts.InVm = []string{"image"} + } if err = progress.RunOSBuild(pbar, mf, exports, &osbuildOpts); err != nil { return fmt.Errorf("cannot run osbuild: %w", err) } @@ -515,6 +519,7 @@ func buildCobraCmdline() (*cobra.Command, error) { return nil, fmt.Errorf("cannot hide 'local' :%w", err) } manifestCmd.Flags().String("rootfs", "", "Root filesystem type. If not given, the default configured in the source container image is used.") + manifestCmd.Flags().Bool("in-vm", false, "Run osbuild in a virtual machine") manifestCmd.Flags().Bool("use-librepo", true, "switch to librepo for pkg download, needs new enough osbuild") // --config is only useful for developers who run bib outside // of a container to generate a manifest. so hide it by From a56bd7cf25971b3eff36212d880d7a5a8a802176 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Tue, 27 Jan 2026 14:23:03 +0100 Subject: [PATCH 234/254] Add qemu packages to container as needed for --in-vm We install qemu-kvm-core to get a minimal qemu + virtiofsd. --- package-requires.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package-requires.txt b/package-requires.txt index e6c92fa65..84d325eeb 100644 --- a/package-requires.txt +++ b/package-requires.txt @@ -8,7 +8,7 @@ osbuild osbuild-ostree osbuild-depsolve-dnf osbuild-lvm2 podman # Image building dependencies -qemu-img +qemu-kvm-core virtiofsd qemu-img # rpm-ostree wants these for packages selinux-policy-targeted distribution-gpg-keys From 410e3c7412b0858cc47646cda7bfeff6d0f65cb6 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 29 Jan 2026 14:59:19 +0100 Subject: [PATCH 235/254] Support root-less containers with --in-vm This updates to the latest image-builder-cli, adding support for rootless container use (https://github.com/osbuild/image-builder-cli/pull/445). It also updates the use of related APIs to pass runInVm options where needed. With this, I was able to run a rootless bc-i-b conversion. There is one problem, which is that if you mount `~/.local/share/containers/storage` on the host to `/var/lib/containers/storage` in the container, podman will complain with: ``` Error: database static dir "~/.local/share/containers/storage/libpod" does not match our static dir "/var/lib/containers/storage/libpod": database configuration mismatch ``` Additionally, if you pass the host `/var/lib/containers/storage` into the rootless container you will get read permission errors. There are two workarounds for this. Either you can use e.g. skopeo to copy the bootc container to a separate (non-root) container storage directory and mount that, or you can cover the `db.sql` file in the storage directory to make podman not print the error. Neither of these are super clean, and we should try to figure out a better solution, but for now I was at least able to run a complete image build using the "cover db" apprach like this: ``` $ touch /tmp/foo $ podman run --rm --security-opt label=type:unconfined_t -ti --privileged \ --network=none -v $PWD/output:/output \ -v ~/.local/share/containers/storage:/var/lib/containers/storage \ -v /tmp/foo:/var/lib/containers/storage/db.sql \ localhost/bootc-image-builder --in-vm \ --rootfs ext4 --type raw \ quay.io/fedora/fedora-bootc:43 ``` --- bib/cmd/bootc-image-builder/main.go | 4 ++-- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index be4b06484..f0591b5b3 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -268,7 +268,7 @@ func cmdBuild(cmd *cobra.Command, args []string) error { runInVM, _ := cmd.Flags().GetBool("in-vm") logrus.Debug("Validating environment") - if err := setup.Validate(targetArch); err != nil { + if err := setup.Validate(targetArch, runInVM); err != nil { return fmt.Errorf("cannot validate the setup: %w", err) } logrus.Debug("Ensuring environment setup") @@ -276,7 +276,7 @@ func cmdBuild(cmd *cobra.Command, args []string) error { case false: fmt.Fprintf(os.Stderr, "WARNING: running outside a container, this is an unsupported configuration\n") case true: - if err := setup.EnsureEnvironment(osbuildStore); err != nil { + if err := setup.EnsureEnvironment(osbuildStore, runInVM); err != nil { return fmt.Errorf("cannot ensure the environment: %w", err) } } diff --git a/bib/go.mod b/bib/go.mod index 2e445a810..c2d056bb7 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -6,7 +6,7 @@ require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.22.0 - github.com/osbuild/image-builder-cli v0.0.0-20260126184006-13a177bf6bf7 + github.com/osbuild/image-builder-cli v0.0.0-20260129132320-81814bf8e883 github.com/osbuild/images v0.234.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.2 diff --git a/bib/go.sum b/bib/go.sum index 544d2240e..fac6b5539 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -247,8 +247,8 @@ github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplU github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/osbuild/blueprint v1.22.0 h1:b3WicGjCFzEwOm/YwPH7w9YioCcehGejdOTkjJ3Fyz0= github.com/osbuild/blueprint v1.22.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= -github.com/osbuild/image-builder-cli v0.0.0-20260126184006-13a177bf6bf7 h1:ruEgBtwjQCxdisAdv2vfrZ2Fks5AcPOe+H8mFbSCUi4= -github.com/osbuild/image-builder-cli v0.0.0-20260126184006-13a177bf6bf7/go.mod h1:ER0gpmtXw+KL24UICAzSPO+1W3g777n+KfDplGL6olw= +github.com/osbuild/image-builder-cli v0.0.0-20260129132320-81814bf8e883 h1:QGZdlpTtkMYyqI1GY7gJIo9/9jy7eqeQVKJCW2qyN8E= +github.com/osbuild/image-builder-cli v0.0.0-20260129132320-81814bf8e883/go.mod h1:ER0gpmtXw+KL24UICAzSPO+1W3g777n+KfDplGL6olw= github.com/osbuild/images v0.234.0 h1:8RrUzOxR2/rYk7ErWxiEJ5mTWZ0yEbjRXsbvT8hnPf0= github.com/osbuild/images v0.234.0/go.mod h1:vjzHaL/8MDG6c3yjU8qgMKOIib89A1r2ql50Nronaw4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= From 9834ae0dbd10387018c041d2c6da77d48e4fa556 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 12 Feb 2026 13:37:25 +0100 Subject: [PATCH 236/254] Update osbuild/images and osbuild/image-builder-cli to make rootless work This adds the commits from: * https://github.com/osbuild/image-builder-cli/pull/447 * https://github.com/osbuild/images/pull/2167 And with this, we can run a rootless bc-i-b run without any workarounds related to the container store: ``` $ podman run --rm --security-opt label=type:unconfined_t -ti --privileged \ --network=none -v $PWD/output:/output \ -v ~/.local/share/containers/storage:/var/lib/containers/storage \ localhost/bootc-image-builder --in-vm \ --rootfs ext4 --type raw \ quay.io/fedora/fedora-bootc:43 ``` Note: For the above to work, localhost/bootc-image-builder needs to be in the user container store. --- bib/go.mod | 10 +++++----- bib/go.sum | 18 ++++++++---------- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index c2d056bb7..03e9f6ed0 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -1,14 +1,14 @@ module github.com/osbuild/bootc-image-builder/bib -go 1.24.6 +go 1.24.12 require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.22.0 - github.com/osbuild/image-builder-cli v0.0.0-20260129132320-81814bf8e883 - github.com/osbuild/images v0.234.0 - github.com/sirupsen/logrus v1.9.3 + github.com/osbuild/blueprint v1.23.0 + github.com/osbuild/image-builder-cli v0.0.0-20260212111125-e1480776d00e + github.com/osbuild/images v0.239.1-0.20260212111935-feab839e30a1 + github.com/sirupsen/logrus v1.9.4 github.com/spf13/cobra v1.10.2 github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 diff --git a/bib/go.sum b/bib/go.sum index fac6b5539..aac89d4c3 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,12 +245,12 @@ github.com/opencontainers/runtime-spec v1.3.0 h1:YZupQUdctfhpZy3TM39nN9Ika5CBWT5 github.com/opencontainers/runtime-spec v1.3.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= -github.com/osbuild/blueprint v1.22.0 h1:b3WicGjCFzEwOm/YwPH7w9YioCcehGejdOTkjJ3Fyz0= -github.com/osbuild/blueprint v1.22.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= -github.com/osbuild/image-builder-cli v0.0.0-20260129132320-81814bf8e883 h1:QGZdlpTtkMYyqI1GY7gJIo9/9jy7eqeQVKJCW2qyN8E= -github.com/osbuild/image-builder-cli v0.0.0-20260129132320-81814bf8e883/go.mod h1:ER0gpmtXw+KL24UICAzSPO+1W3g777n+KfDplGL6olw= -github.com/osbuild/images v0.234.0 h1:8RrUzOxR2/rYk7ErWxiEJ5mTWZ0yEbjRXsbvT8hnPf0= -github.com/osbuild/images v0.234.0/go.mod h1:vjzHaL/8MDG6c3yjU8qgMKOIib89A1r2ql50Nronaw4= +github.com/osbuild/blueprint v1.23.0 h1:HGMuRKpYg2xBy1QnAQDaIM6xnmzXh4QBrjic86C6Xr8= +github.com/osbuild/blueprint v1.23.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= +github.com/osbuild/image-builder-cli v0.0.0-20260212111125-e1480776d00e h1:y8AKA9HROboNWnAmgUhwA4YFQM9x0i7XbCPw+Peswqo= +github.com/osbuild/image-builder-cli v0.0.0-20260212111125-e1480776d00e/go.mod h1:d3rG7oIFj/SeqYVX6AWJeEbyJL6maGiIOjSfxakRhiA= +github.com/osbuild/images v0.239.1-0.20260212111935-feab839e30a1 h1:dOPfLnQEcO2dEoLJWJwmoiOtHUEjEeFl+c/n4sST1r8= +github.com/osbuild/images v0.239.1-0.20260212111935-feab839e30a1/go.mod h1:lr0fqJjjOCurTMbgMSDxTwnEalx6CkOVqyB0QmvNqO4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -284,8 +284,8 @@ github.com/sigstore/protobuf-specs v0.5.0 h1:F8YTI65xOHw70NrvPwJ5PhAzsvTnuJMGLkA github.com/sigstore/protobuf-specs v0.5.0/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= github.com/sigstore/sigstore v1.9.6-0.20250729224751-181c5d3339b3 h1:IEhSeWfhTd0kaBpHUXniWU2Tl5K5OUACN69mi1WGd+8= github.com/sigstore/sigstore v1.9.6-0.20250729224751-181c5d3339b3/go.mod h1:JuqyPRJYnkNl6OTnQiG503EUnKih4P5EV6FUw+1B0iA= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w= +github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g= github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU= github.com/smallstep/pkcs7 v0.1.1/go.mod h1:dL6j5AIz9GHjVEBTXtW+QliALcgM19RtXaTeyxI+AfA= github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= @@ -299,7 +299,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= @@ -410,7 +409,6 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From 968c5bd14d85530ee6704f24b5b66918dc6db63b Mon Sep 17 00:00:00 2001 From: Lukas Zapletal Date: Tue, 27 Jan 2026 16:25:45 +0100 Subject: [PATCH 237/254] cicd: replace non-functional gobump workflow The original workflow was merged but it was never functional. It was a copy from the images repository and on top of that, Go source code is under bib/ path so it never worked. Finally, gobump only updates to stable versions of libraries while this repo needs nightly build of CLI and it also uses the latest Go version. Therefore, gobump is not necessary at all, replacing with a simple script. --- .github/workflows/gobump.yml | 63 ++++++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 24 deletions(-) diff --git a/.github/workflows/gobump.yml b/.github/workflows/gobump.yml index 4b7f3a254..af09e9956 100644 --- a/.github/workflows/gobump.yml +++ b/.github/workflows/gobump.yml @@ -1,42 +1,57 @@ ---- -name: "Updates Go dependencies via gobump" +name: "Updates Go dependencies" -on: # yamllint disable-line rule:truthy +on: # yamllint disable-line rule:truthy workflow_dispatch: schedule: - # Every Sunday at 15:00 - - cron: "0 15 * * 0" + - cron: "0 15 * * 2" jobs: update-and-push: runs-on: ubuntu-latest - container: registry.fedoraproject.org/fedora:42 steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Extract Go version from go.mod + id: go-version + run: | + VERSION=$(grep '^go ' bib/go.mod | awk '{print $2}') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: ${{ steps.go-version.outputs.version }} + cache-dependency-path: bib/go.sum + - name: Update go.mod and open a PR env: GH_TOKEN: ${{ secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN }} run: | - # Install deps - set -x - sudo dnf -y install git gh golang gpgme-devel btrfs-progs-devel krb5-devel - # Checkout the project - git clone --depth 1 https://github.com/osbuild/images - cd images/ - # Install and run gobump - go run github.com/lzap/gobump@latest -exec "go build ./..." -exec "go test ./..." 2>&1 | tee github_pr_body.txt - ./tools/prepare-source.sh - # Make a PR when needed - if git diff --exit-code; then echo "No changes"; exit 0; fi + pushd bib/ + echo '```' > /tmp/go.log + go get -u ./... 2>&1 | tee -a /tmp/go.log + go mod tidy 2>&1 | tee -a /tmp/go.log + echo '```' >> /tmp/go.log + popd + + if git diff --exit-code; then + echo "No changes" + exit 0 + fi + git config user.name "schutzbot" git config user.email "schutzbot@gmail.com" - branch="schutz-gobump-$(date -I)" + + branch="schutz-gobump-$(date +%Y-%m-%d)" git checkout -b "${branch}" git add -A - git commit -m "build(deps): Update dependencies via gobump" - git push -f "https://$GH_TOKEN@github.com/schutzbot/images.git" + git commit -m "build(deps): Update dependencies" + git push -f https://x-access-token:${GH_TOKEN}@github.com/osbuild/bootc-image-builder.git HEAD:"${branch}" + gh pr create \ - -t "Update dependencies $(date -I)" \ - -F "github_pr_body.txt" \ - --repo "osbuild/images" \ + --title "Update dependencies $(date +%Y-%m-%d)" \ + --body-file /tmp/go.log \ + --repo "osbuild/bootc-image-builder" \ --base "main" \ - --head "schutzbot:${branch}" + --head "${branch}" From 0dd9d6f370068e8015a2baddffe69c36f6934da3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Feb 2026 04:08:32 +0000 Subject: [PATCH 238/254] build(deps): bump actions/checkout from 4 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/gobump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gobump.yml b/.github/workflows/gobump.yml index af09e9956..1196f6b4e 100644 --- a/.github/workflows/gobump.yml +++ b/.github/workflows/gobump.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Extract Go version from go.mod id: go-version From 561bf2c24b780abf7669223a4c96f2e2bc5d18cb Mon Sep 17 00:00:00 2001 From: Lukas Zapletal Date: Thu, 5 Mar 2026 20:05:22 +0100 Subject: [PATCH 239/254] test: bump ISO tests timeout --- test/test_build_iso.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/test_build_iso.py b/test/test_build_iso.py index 8d93603ae..f66a8e847 100644 --- a/test/test_build_iso.py +++ b/test/test_build_iso.py @@ -25,6 +25,9 @@ from vmtest.vm import QEMU +ISO_BOOT_TIMEOUT = 1800 + + @pytest.mark.skipif(platform.system() != "Linux", reason="boot test only runs on linux right now") @pytest.mark.parametrize("image_type", gen_testcases("anaconda-iso"), indirect=["image_type"]) def test_iso_installs(image_type): @@ -34,7 +37,7 @@ def test_iso_installs(image_type): fp.truncate(10_1000_1000_1000) # install to test disk with QEMU(test_disk_path, cdrom=installer_iso_path) as vm: - vm.start(wait_event="qmp:RESET", snapshot=False, use_ovmf=True) + vm.start(wait_event="qmp:RESET", snapshot=False, use_ovmf=True, timeout_sec=ISO_BOOT_TIMEOUT) vm.force_stop() # boot test disk and do extremly simple check with QEMU(test_disk_path) as vm: @@ -192,7 +195,7 @@ def test_bootc_installer_iso_installs(tmp_path, build_container, container_ref): fp.truncate(10_1000_1000_1000) # install to test disk with QEMU(test_disk_path, cdrom=installer_iso_path) as vm: - vm.start(wait_event="qmp:RESET", snapshot=False, use_ovmf=True) + vm.start(wait_event="qmp:RESET", snapshot=False, use_ovmf=True, timeout_sec=ISO_BOOT_TIMEOUT) vm.force_stop() # boot test disk and do extremly simple check with QEMU(test_disk_path) as vm: From 611c7b8345fad65f58cdc3cb0488f6f537670560 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Wed, 25 Feb 2026 21:15:37 +0100 Subject: [PATCH 240/254] deps: bump images to 0.246.0 Bump `images` to 0.246.0 which brings the capability to turn off default kernel arguments for images and a lighter weight inspection method for build containers. Signed-off-by: Simon de Vlieger --- bib/cmd/bootc-image-builder/legacy_iso.go | 6 ++--- bib/cmd/bootc-image-builder/main.go | 30 +++++++++++++++++++---- bib/go.mod | 2 +- bib/go.sum | 2 ++ bib/internal/distrodef/distrodef.go | 2 +- 5 files changed, 32 insertions(+), 10 deletions(-) diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index feae414f4..04379960d 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -23,7 +23,7 @@ import ( "github.com/osbuild/images/pkg/runner" "github.com/sirupsen/logrus" - podman_container "github.com/osbuild/images/pkg/bib/container" + podman_container "github.com/osbuild/images/pkg/bootc" "github.com/osbuild/bootc-image-builder/bib/internal/distrodef" ) @@ -63,7 +63,7 @@ type ManifestConfig struct { } func manifestFromCobraForLegacyISO(imgref, buildImgref, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch) ([]byte, *mTLSConfig, error) { - container, err := podman_container.New(imgref) + container, err := podman_container.NewContainer(imgref) if err != nil { return nil, nil, err } @@ -104,7 +104,7 @@ func manifestFromCobraForLegacyISO(imgref, buildImgref, imgTypeStr, rootFs, rpmC }() if buildImgref != "" { - buildContainer, err = podman_container.New(buildImgref) + buildContainer, err = podman_container.NewContainer(buildImgref) if err != nil { return nil, nil, err } diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index f0591b5b3..d6442645d 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -22,10 +22,11 @@ import ( repos "github.com/osbuild/images/data/repositories" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/bib/blueprintload" + "github.com/osbuild/images/pkg/bootc" "github.com/osbuild/images/pkg/cloud" "github.com/osbuild/images/pkg/cloud/awscloud" "github.com/osbuild/images/pkg/distro" - "github.com/osbuild/images/pkg/distro/bootc" + "github.com/osbuild/images/pkg/distro/generic" "github.com/osbuild/images/pkg/experimentalflags" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/manifestgen" @@ -150,15 +151,34 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress } func manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch) ([]byte, *mTLSConfig, error) { - distri, err := bootc.NewBootcDistro(imgref, &bootc.DistroOptions{ - DefaultFs: rootFs, - }) + containerInfo, err := bootc.ResolveBootcInfo(imgref) if err != nil { return nil, nil, err } - if err := distri.SetBuildContainer(buildImgref); err != nil { + + if rootFs != "" { + containerInfo.DefaultRootFs = rootFs + } + + if buildImgref == "" { + buildImgref = imgref + } + + distri, err := generic.NewBootc("bootc", containerInfo) + if err != nil { return nil, nil, err } + + if buildImgref != "" { + buildContainerInfo, err := bootc.ResolveBootcInfo(buildImgref) + if err != nil { + return nil, nil, err + } + if err := distri.SetBuildContainer(buildContainerInfo); err != nil { + return nil, nil, err + } + } + archi, err := distri.GetArch(cntArch.String()) if err != nil { return nil, nil, err diff --git a/bib/go.mod b/bib/go.mod index 03e9f6ed0..e3df69bca 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -7,7 +7,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/osbuild/blueprint v1.23.0 github.com/osbuild/image-builder-cli v0.0.0-20260212111125-e1480776d00e - github.com/osbuild/images v0.239.1-0.20260212111935-feab839e30a1 + github.com/osbuild/images v0.246.0 github.com/sirupsen/logrus v1.9.4 github.com/spf13/cobra v1.10.2 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index aac89d4c3..41e08be75 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -251,6 +251,8 @@ github.com/osbuild/image-builder-cli v0.0.0-20260212111125-e1480776d00e h1:y8AKA github.com/osbuild/image-builder-cli v0.0.0-20260212111125-e1480776d00e/go.mod h1:d3rG7oIFj/SeqYVX6AWJeEbyJL6maGiIOjSfxakRhiA= github.com/osbuild/images v0.239.1-0.20260212111935-feab839e30a1 h1:dOPfLnQEcO2dEoLJWJwmoiOtHUEjEeFl+c/n4sST1r8= github.com/osbuild/images v0.239.1-0.20260212111935-feab839e30a1/go.mod h1:lr0fqJjjOCurTMbgMSDxTwnEalx6CkOVqyB0QmvNqO4= +github.com/osbuild/images v0.246.0 h1:wR1ViXOp4m/UWwecDTfR+yOfLiW0k8J/jEL7gVcGOsg= +github.com/osbuild/images v0.246.0/go.mod h1:lr0fqJjjOCurTMbgMSDxTwnEalx6CkOVqyB0QmvNqO4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= diff --git a/bib/internal/distrodef/distrodef.go b/bib/internal/distrodef/distrodef.go index 2ad279444..ce5b11948 100644 --- a/bib/internal/distrodef/distrodef.go +++ b/bib/internal/distrodef/distrodef.go @@ -6,8 +6,8 @@ import ( "path/filepath" "strings" - "golang.org/x/exp/maps" "go.yaml.in/yaml/v3" + "golang.org/x/exp/maps" "github.com/hashicorp/go-version" ) From 8f1ea7cb712d70699db30847ecd598b45e15b9fb Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Wed, 25 Feb 2026 21:16:19 +0100 Subject: [PATCH 241/254] bib: use `BootcBuildInfo` Use the newly introduced `BootcBuildInfo` to inspect the build container. This function does much less than the full inspection and is thus less error prone. Signed-off-by: Simon de Vlieger --- bib/cmd/bootc-image-builder/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index d6442645d..97040799b 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -170,7 +170,7 @@ func manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgTypeS } if buildImgref != "" { - buildContainerInfo, err := bootc.ResolveBootcInfo(buildImgref) + buildContainerInfo, err := bootc.ResolveBootcBuildInfo(buildImgref) if err != nil { return nil, nil, err } From d30c695bc12480e5823c5808a8211a8b967b2354 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Wed, 25 Feb 2026 21:23:38 +0100 Subject: [PATCH 242/254] bib: wire up `--no-default-kernel-args` Allow the user to prefer the omission of the default kernel arguments from `images`. Sometimes these arguments are harmful to a use case. In the future we likely do not want to ship kernel arguments at all and prefer that users always configure them explicitly in the kernel or a blueprint. Signed-off-by: Simon de Vlieger --- bib/cmd/bootc-image-builder/main.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 97040799b..13f121e94 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -88,6 +88,7 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress buildImgref, _ := cmd.Flags().GetString("build-container") installerPayloadRef, _ := cmd.Flags().GetString("installer-payload-ref") useLibrepo, _ := cmd.Flags().GetBool("use-librepo") + omitDefaultKernelArgs, _ := cmd.Flags().GetBool("no-default-kernel-args") // If --local was given, warn in the case of --local or --local=true (true is the default), error in the case of --local=false if cmd.Flags().Changed("local") { @@ -147,10 +148,10 @@ func manifestFromCobra(cmd *cobra.Command, args []string, pbar progress.Progress if imageTypes.Legacy() { return manifestFromCobraForLegacyISO(imgref, buildImgref, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch) } - return manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch) + return manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgType, rootFs, rpmCacheRoot, config, useLibrepo, cntArch, omitDefaultKernelArgs) } -func manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch) ([]byte, *mTLSConfig, error) { +func manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgTypeStr, rootFs, rpmCacheRoot string, config *blueprint.Blueprint, useLibrepo bool, cntArch arch.Arch, omitDefaultKernelArgs bool) ([]byte, *mTLSConfig, error) { containerInfo, err := bootc.ResolveBootcInfo(imgref) if err != nil { return nil, nil, err @@ -210,7 +211,8 @@ func manifestFromCobraForDisk(imgref, buildImgref, installerPayloadRef, imgTypeS } imgOpts := &distro.ImageOptions{ Bootc: &distro.BootcImageOptions{ - InstallerPayloadRef: installerPayloadRef, + InstallerPayloadRef: installerPayloadRef, + OmitDefaultKernelArgs: omitDefaultKernelArgs, }, } manifest, err := mg.Generate(config, imgType, imgOpts) @@ -541,6 +543,7 @@ func buildCobraCmdline() (*cobra.Command, error) { manifestCmd.Flags().String("rootfs", "", "Root filesystem type. If not given, the default configured in the source container image is used.") manifestCmd.Flags().Bool("in-vm", false, "Run osbuild in a virtual machine") manifestCmd.Flags().Bool("use-librepo", true, "switch to librepo for pkg download, needs new enough osbuild") + manifestCmd.Flags().Bool("no-default-kernel-args", false, "don't use the default kernel arguments") // --config is only useful for developers who run bib outside // of a container to generate a manifest. so hide it by // default from users. From 5b2ef48e08077fb76d34102ce976373b0c4a91dc Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Tue, 3 Mar 2026 15:25:27 +0100 Subject: [PATCH 243/254] ci/testing-farm: increase memory To see if the tests pass with more. Signed-off-by: Simon de Vlieger --- plans/integration.fmf | 1 + 1 file changed, 1 insertion(+) diff --git a/plans/integration.fmf b/plans/integration.fmf index a0b7fbf30..ce7d56172 100644 --- a/plans/integration.fmf +++ b/plans/integration.fmf @@ -7,6 +7,7 @@ provision: is-supported: true disk: - size: '>= 120 GB' + memory: ">= 8 GB" prepare: how: install package: From 6b7fcee2d8edbf7954fe836a885ef01c4c4a5579 Mon Sep 17 00:00:00 2001 From: Justin Sherrill Date: Thu, 5 Mar 2026 20:07:38 -0500 Subject: [PATCH 244/254] Add support for bootc pxe type --- README.md | 26 ++++++++++++++-------- bib/internal/imagetypes/imagetypes.go | 1 + bib/internal/imagetypes/imagetypes_test.go | 11 ++++++--- 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index e88aa1c4c..7ee2c6edc 100644 --- a/README.md +++ b/README.md @@ -167,16 +167,24 @@ outputs will be produced. Note that comma or space separating the The following image types are currently available via the `--type` argument: -| Image type | Target environment | -|-----------------------|---------------------------------------------------------------------------------------| -| `ami` | [Amazon Machine Image](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html) | -| `qcow2` **(default)** | [QEMU](https://www.qemu.org/) | -| `vmdk` | [VMDK](https://en.wikipedia.org/wiki/VMDK) usable in vSphere, among others | -| `bootc-installer` | An installer ISO image based on the specified bootc container image. | -| `anaconda-iso` | An unattended Anaconda installer that installs to the first disk found. Built from RPMs. | -| `raw` | Unformatted [raw disk](https://en.wikipedia.org/wiki/Rawdisk). | +| Image type | Target environment | +|-----------------------|-------------------------------------------------------------------------------------------| +| `ami` | [Amazon Machine Image](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html) | +| `qcow2` **(default)** | [QEMU](https://www.qemu.org/) | +| `vmdk` | [VMDK](https://en.wikipedia.org/wiki/VMDK) usable in vSphere, among others | +| `bootc-installer` | An installer ISO image based on the specified bootc container image. | +| `anaconda-iso` | An unattended Anaconda installer that installs to the first disk found. Built from RPMs. | +| `raw` | Unformatted [raw disk](https://en.wikipedia.org/wiki/Rawdisk). | | `vhd` | [vhd](https://en.wikipedia.org/wiki/VHD_(file_format)) usable in Virtual PC, among others | -| `gce` | [GCE](https://cloud.google.com/compute/docs/images#custom_images) | +| `gce` | [GCE](https://cloud.google.com/compute/docs/images#custom_images) | +| `pxe-tar-xz` | A stateless image useful in PXE network boot environments | + + +## 💾 Image Type Requirements + +### pxe-tar-xz + +The container image being built must have the `dracut-live` and `squashfs-tools` packages installed as well as a rebuilding the initramfs with the 'dmsquash-live' module. See [osbuild documentation](https://github.com/osbuild/images/blob/main/data/files/pxetree/README) for more information and a sample Containerfile. ## 💾 Target architecture diff --git a/bib/internal/imagetypes/imagetypes.go b/bib/internal/imagetypes/imagetypes.go index 41fafc184..b401d910f 100644 --- a/bib/internal/imagetypes/imagetypes.go +++ b/bib/internal/imagetypes/imagetypes.go @@ -25,6 +25,7 @@ var supportedImageTypes = map[string]imageType{ "gce": imageType{Export: "gce"}, "ova": imageType{Export: "archive"}, "bootc-installer": imageType{Export: "bootiso", ISO: true}, + "pxe-tar-xz": imageType{Export: "bootc-pxe-tree"}, // the iso image types are RPM based and legacy/deprecated "anaconda-iso": imageType{Export: "bootiso", ISO: true, Legacy: true}, "iso": imageType{Export: "bootiso", ISO: true, Legacy: true}, diff --git a/bib/internal/imagetypes/imagetypes_test.go b/bib/internal/imagetypes/imagetypes_test.go index 8419beb7a..c0fedd79c 100644 --- a/bib/internal/imagetypes/imagetypes_test.go +++ b/bib/internal/imagetypes/imagetypes_test.go @@ -53,6 +53,11 @@ func TestImageTypes(t *testing.T) { expectedExports: []string{"bootiso"}, expectISO: true, }, + "bootc-pxe-tree": { + imageTypes: []string{"pxe-tar-xz"}, + expectedExports: []string{"bootc-pxe-tree"}, + expectISO: false, + }, "bad-mix": { imageTypes: []string{"vmdk", "anaconda-iso"}, expectedErr: errors.New("cannot mix ISO/disk images in request [vmdk anaconda-iso]"), @@ -67,15 +72,15 @@ func TestImageTypes(t *testing.T) { }, "bad-image-type": { imageTypes: []string{"bad"}, - expectedErr: errors.New(`unsupported image type "bad", valid types are ami, anaconda-iso, bootc-installer, gce, iso, ova, qcow2, raw, vhd, vmdk`), + expectedErr: errors.New(`unsupported image type "bad", valid types are ami, anaconda-iso, bootc-installer, gce, iso, ova, pxe-tar-xz, qcow2, raw, vhd, vmdk`), }, "bad-in-good": { imageTypes: []string{"ami", "raw", "vmdk", "qcow2", "something-else-what-is-this"}, - expectedErr: errors.New(`unsupported image type "something-else-what-is-this", valid types are ami, anaconda-iso, bootc-installer, gce, iso, ova, qcow2, raw, vhd, vmdk`), + expectedErr: errors.New(`unsupported image type "something-else-what-is-this", valid types are ami, anaconda-iso, bootc-installer, gce, iso, ova, pxe-tar-xz, qcow2, raw, vhd, vmdk`), }, "all-bad": { imageTypes: []string{"bad1", "bad2", "bad3", "bad4", "bad5", "bad42"}, - expectedErr: errors.New(`unsupported image type "bad1", valid types are ami, anaconda-iso, bootc-installer, gce, iso, ova, qcow2, raw, vhd, vmdk`), + expectedErr: errors.New(`unsupported image type "bad1", valid types are ami, anaconda-iso, bootc-installer, gce, iso, ova, pxe-tar-xz, qcow2, raw, vhd, vmdk`), }, } From ee184614c4bd00034aec1543990997da9c153315 Mon Sep 17 00:00:00 2001 From: Justin Sherrill Date: Tue, 24 Feb 2026 22:17:07 -0500 Subject: [PATCH 245/254] add bootc manifest test --- test/containerbuild.py | 45 ++++++++++++++++++++++++++++++++++++++++++ test/test_manifest.py | 18 ++++++++++++++++- test/testcases.py | 6 +++++- 3 files changed, 67 insertions(+), 2 deletions(-) diff --git a/test/containerbuild.py b/test/containerbuild.py index 76fda8ba3..0e0d48b85 100644 --- a/test/containerbuild.py +++ b/test/containerbuild.py @@ -1,4 +1,5 @@ import os +import pathlib import platform import random import string @@ -49,6 +50,50 @@ def build_container_fixture(): return container_tag +@pytest.fixture(name="pxe_container", scope="session") +def pxe_container_fixture(tmpdir_factory): + """ + Build a PXE-capable bootc image (dracut-live, squashfs-tools, + dmsquash-live initramfs) with a dedicated tag for PXE tests. + Uses the same base as other tests (centos-bootc:stream9). + """ + if tag_from_env := os.getenv("BIB_TEST_PXE_CONTAINER_TAG"): + return tag_from_env + + tmp_path = pathlib.Path(tmpdir_factory.mktemp("build-pxe-container")) + containerfile = tmp_path / "Containerfile" + # Use echo/printf instead of heredoc so we avoid delimiter-at-line-start + # issues when the content is written via textwrap.dedent. + containerfile.write_text(textwrap.dedent("""\ + FROM quay.io/centos-bootc/centos-bootc:stream9 + RUN dnf -y install dracut-live squashfs-tools && dnf clean all + # Override using composefs for ostree (incompatible with squashfs rootfs) + RUN echo '[composefs]' > /usr/lib/ostree/prepare-root.conf && \\ + echo 'enabled = no' >> /usr/lib/ostree/prepare-root.conf && \\ + echo '[sysroot]' >> /usr/lib/ostree/prepare-root.conf && \\ + echo 'readonly = true' >> /usr/lib/ostree/prepare-root.conf + + # Include the dmsquash-live module in the initramfs + RUN echo 'compress="xz"' > /usr/lib/dracut/dracut.conf.d/40-pxe.conf && \\ + echo 'add_dracutmodules+=" qemu qemu-net livenet dmsquash-live "' >> \\ + /usr/lib/dracut/dracut.conf.d/40-pxe.conf && \\ + echo 'early_microcode="no"' >> /usr/lib/dracut/dracut.conf.d/40-pxe.conf + + # Rebuild the initrd + RUN set -xe; kver=$(ls /usr/lib/modules); \\ + env DRACUT_NO_XATTR=1 dracut -vf /usr/lib/modules/$kver/initramfs.img "$kver" + """), encoding="utf8") + pxe_container_tag = "localhost/bootc-image-builder-test-pxe" + subprocess.check_call([ + "podman", "build", + "--cache-ttl=1h", + "-f", str(containerfile), + "-t", pxe_container_tag, + str(tmp_path), + ]) + return pxe_container_tag + + @pytest.fixture(name="build_fake_container", scope="session") def build_fake_container_fixture(tmpdir_factory, build_container): """Build a container with a fake osbuild and returns the name""" diff --git a/test/test_manifest.py b/test/test_manifest.py index fee8acaa0..24b3a3f05 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -11,7 +11,8 @@ import pytest import testutil -from containerbuild import build_container_fixture as _ +from containerbuild import build_container_fixture # pylint: disable=unused-import +from containerbuild import pxe_container_fixture # pylint: disable=unused-import from containerbuild import make_container from testcases import gen_testcases @@ -96,6 +97,21 @@ def test_bootc_iso_manifest_smoke(build_container): assert [pipeline["name"] for pipeline in manifest["pipelines"]] == expected_pipeline_names +def test_pxe_tar_xz_manifest_smoke(pxe_container, build_container): + output = subprocess.check_output([ + *testutil.podman_run_common, + build_container, + "manifest", + "--type=pxe-tar-xz", + pxe_container, + ]) + manifest = json.loads(output) + pipeline_names = [pipeline["name"] for pipeline in manifest["pipelines"]] + assert manifest["version"] == "2" + assert "build" in pipeline_names + assert "bootc-pxe-tree" in pipeline_names + + @pytest.mark.parametrize("tc", gen_testcases("manifest")) def test_manifest_disksize(tmp_path, build_container, tc): testutil.pull_container(tc.container_ref, tc.target_arch) diff --git a/test/testcases.py b/test/testcases.py index 973261580..d6e9fddf1 100644 --- a/test/testcases.py +++ b/test/testcases.py @@ -86,7 +86,7 @@ def test_testcase_nameing(): assert f"{tc}" == expected, f"{tc} != {expected}" -def gen_testcases(what): # pylint: disable=too-many-return-statements +def gen_testcases(what): # pylint: disable=too-many-return-statements disable=too-many-branches if what == "manifest": return [TestCaseC9S(), TestCaseFedora(), TestCaseC10S()] if what == "default-rootfs": @@ -100,6 +100,10 @@ def gen_testcases(what): # pylint: disable=too-many-return-statements TestCaseC9S(image="anaconda-iso"), TestCaseC10S(image="anaconda-iso"), ] + if what == "pxe-tar-xz": + return [ + TestCaseC9S(image="pxe-tar-xz"), + ] if what == "qemu-cross": test_cases = [] if platform.machine() == "x86_64": From b4dc46626d44f30f0c7ff61390a76db033335e51 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Fri, 20 Mar 2026 07:14:06 +0100 Subject: [PATCH 246/254] readme: document `--in-vm` We can document rootless builds with `--in-vm` as experimental; just so it's at least somewhat discoverable. Signed-off-by: Simon de Vlieger --- README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/README.md b/README.md index 7ee2c6edc..f594dafd2 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,33 @@ Note that some images (like fedora) do not have a default root filesystem type. In this case adds the switch `--rootfs `, e.g. `--rootfs btrfs`. +### Rootless + +There is *experimental* support for rootless builds in `bootc-image-builder`. To perform a rootless build KVM is used. The above example can be tried like so: + +```bash +# Ensure the image is fetched +podman pull quay.io/fedora/fedora-bootc:latest +mkdir output +podman run \ + --rm \ + -it \ + --privileged \ + --pull=newer \ + --security-opt label=type:unconfined_t \ + -v ./config.toml:/config.toml:ro \ + -v ./output:/output \ + -v ~/.local/share/containers/storage:/var/lib/containers/storage \ + quay.io/centos-bootc/bootc-image-builder:latest \ + --in-vm \ + --type qcow2 \ + --use-librepo=True \ + --rootfs ext4 \ + quay.io/fedora/fedora-bootc:latest +``` + +Note the mounting of the users container storage, addition of the `--in-vm` argument and the removal of `sudo` in the commands. + ### Running the resulting QCOW2 file on Linux (x86_64) A virtual machine can be launched using `qemu-system-x86_64` or with `virt-install` as shown below; From 77bc76f8aa37e0642ba8ab3b0e3c15dbd0068f74 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Tue, 24 Mar 2026 06:30:19 +0100 Subject: [PATCH 247/254] deps: bump images to 0.251.0 Bump the version of images, should address [1]. [1]: https://github.com/osbuild/bootc-image-builder/issues/1205 Signed-off-by: Simon de Vlieger --- bib/cmd/bootc-image-builder/legacy_iso.go | 10 ++++++++-- bib/go.mod | 4 ++-- bib/go.sum | 10 ++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/bib/cmd/bootc-image-builder/legacy_iso.go b/bib/cmd/bootc-image-builder/legacy_iso.go index 04379960d..6f5eeae1e 100644 --- a/bib/cmd/bootc-image-builder/legacy_iso.go +++ b/bib/cmd/bootc-image-builder/legacy_iso.go @@ -324,8 +324,14 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro if c.Config != nil { customizations = c.Config.Customizations } - if customizations.GetISO() != nil && customizations.GetISO().VolumeID != "" { - img.ISOCustomizations.Label = customizations.GetISO().VolumeID + + isoCust, err := customizations.GetISO() + if err != nil { + return nil, err + } + + if isoCust != nil && isoCust.VolumeID != "" { + img.ISOCustomizations.Label = isoCust.VolumeID } else { img.ISOCustomizations.Label = labelForISO(&c.SourceInfo.OSRelease, &c.Architecture) } diff --git a/bib/go.mod b/bib/go.mod index e3df69bca..8e63892b4 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -5,9 +5,9 @@ go 1.24.12 require ( github.com/cheggaaa/pb/v3 v3.1.7 github.com/hashicorp/go-version v1.7.0 - github.com/osbuild/blueprint v1.23.0 + github.com/osbuild/blueprint v1.26.0 github.com/osbuild/image-builder-cli v0.0.0-20260212111125-e1480776d00e - github.com/osbuild/images v0.246.0 + github.com/osbuild/images v0.251.0 github.com/sirupsen/logrus v1.9.4 github.com/spf13/cobra v1.10.2 github.com/spf13/pflag v1.0.10 diff --git a/bib/go.sum b/bib/go.sum index 41e08be75..6d2081671 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -245,14 +245,12 @@ github.com/opencontainers/runtime-spec v1.3.0 h1:YZupQUdctfhpZy3TM39nN9Ika5CBWT5 github.com/opencontainers/runtime-spec v1.3.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= -github.com/osbuild/blueprint v1.23.0 h1:HGMuRKpYg2xBy1QnAQDaIM6xnmzXh4QBrjic86C6Xr8= -github.com/osbuild/blueprint v1.23.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= +github.com/osbuild/blueprint v1.26.0 h1:OIXnlrPh2wcmuw3ZKfxTuXS4T0MHbFWSWF7AarWd220= +github.com/osbuild/blueprint v1.26.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4= github.com/osbuild/image-builder-cli v0.0.0-20260212111125-e1480776d00e h1:y8AKA9HROboNWnAmgUhwA4YFQM9x0i7XbCPw+Peswqo= github.com/osbuild/image-builder-cli v0.0.0-20260212111125-e1480776d00e/go.mod h1:d3rG7oIFj/SeqYVX6AWJeEbyJL6maGiIOjSfxakRhiA= -github.com/osbuild/images v0.239.1-0.20260212111935-feab839e30a1 h1:dOPfLnQEcO2dEoLJWJwmoiOtHUEjEeFl+c/n4sST1r8= -github.com/osbuild/images v0.239.1-0.20260212111935-feab839e30a1/go.mod h1:lr0fqJjjOCurTMbgMSDxTwnEalx6CkOVqyB0QmvNqO4= -github.com/osbuild/images v0.246.0 h1:wR1ViXOp4m/UWwecDTfR+yOfLiW0k8J/jEL7gVcGOsg= -github.com/osbuild/images v0.246.0/go.mod h1:lr0fqJjjOCurTMbgMSDxTwnEalx6CkOVqyB0QmvNqO4= +github.com/osbuild/images v0.251.0 h1:wBDQPgtjVSXN+tv0v0Q0jqxAFAvlFwNDYtA8z7uly1I= +github.com/osbuild/images v0.251.0/go.mod h1:Wq/bMjrzTBCn0S+wn6AZ0eqA3vRAy4TYOw5bXDnOlmk= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= From 6237ed60a4431566e671d3bbf5ba69c9f3249a94 Mon Sep 17 00:00:00 2001 From: Simon de Vlieger Date: Tue, 24 Mar 2026 06:24:48 +0100 Subject: [PATCH 248/254] readme: bootc-installer In an issue [1] it was noted that we don't document `--installer-payload-ref` in our documentation. Let's add it, and an example `Containerfile` for such an installer. [1]: https://github.com/osbuild/bootc-image-builder/issues/1202 Signed-off-by: Simon de Vlieger --- README.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/README.md b/README.md index f594dafd2..1d932a065 100644 --- a/README.md +++ b/README.md @@ -213,6 +213,44 @@ The following image types are currently available via the `--type` argument: The container image being built must have the `dracut-live` and `squashfs-tools` packages installed as well as a rebuilding the initramfs with the 'dmsquash-live' module. See [osbuild documentation](https://github.com/osbuild/images/blob/main/data/files/pxetree/README) for more information and a sample Containerfile. +### bootc-installer + +When building `bootc-installer` the positional container argument is expected to be a container that has Anaconda inside it; an example `Containerfile` for such a container is: + +``` +FROM your-favorite-bootc-container:latest +RUN dnf install -y \ + anaconda \ + anaconda-install-env-deps \ + anaconda-dracut \ + dracut-config-generic \ + dracut-network \ + net-tools \ + squashfs-tools \ + grub2-efi-x64-cdboot \ + python3-mako \ + lorax-templates-* \ + biosdevname \ + prefixdevname \ + && dnf clean all + +# On Fedora 42 this is necessary to get files in the right places +# RUN dnf reinstall -y shim-x64 + +# On Fedora 43 and up this is necessary to get files in the right +# places +RUN mkdir -p /boot/efi && cp -ra /usr/lib/efi/*/*/EFI /boot/efi + +# lorax wants to create a symlink in /mnt which points to /var/mnt +# on bootc but /var/mnt does not exist on some images. +# +# If https://gitlab.com/fedora/bootc/base-images/-/merge_requests/294 +# gets merged this will be no longer needed +RUN mkdir /var/mnt +``` + +You must also pass the `--bootc-installer-payload-ref` argument. This is a container reference to the payload to be installed by Anaconda. It will be embedded inside the installer and Anaconda will be configured to install it. + ## 💾 Target architecture Specify the target architecture of the system on which the disk image will be installed on. By default, From 2cc5e958a1e14d0ee93cca293ddaf2607dc67363 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Mar 2026 17:27:46 +0000 Subject: [PATCH 249/254] build(deps): bump actions/cache from 4 to 5 Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 77f553bb7..7a2f44d32 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -145,7 +145,7 @@ jobs: - run: | mkdir -p /var/tmp/osbuild-test-store - name: Cache osbuild env - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: /var/tmp/osbuild-test-store key: no-key-needed-here From 1c8123250ae3db73e9915db408e90a098e1eee3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anna=20V=C3=ADtov=C3=A1?= Date: Mon, 20 Apr 2026 11:22:11 +0200 Subject: [PATCH 250/254] deps: bump grpc to 1.79.3 Fix a security issue by bumping grpc manually to 1.79.3 (RHEL-160722, RHEL-160834) (CVE-2026-33186) --- bib/go.mod | 27 ++++++++++---------- bib/go.sum | 72 +++++++++++++++++++++++++++--------------------------- 2 files changed, 50 insertions(+), 49 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index 8e63892b4..d248907af 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -43,6 +43,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.40.0 // indirect github.com/aws/smithy-go v1.23.2 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/clipperhouse/stringish v0.1.1 // indirect github.com/clipperhouse/uax29/v2 v2.3.0 // indirect github.com/containerd/cgroups/v3 v3.0.5 // indirect @@ -117,20 +118,20 @@ require ( github.com/vbatts/tar-split v0.12.2 // indirect github.com/vbauerster/mpb/v8 v8.10.2 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect - go.opentelemetry.io/otel v1.38.0 // indirect - go.opentelemetry.io/otel/metric v1.38.0 // indirect - go.opentelemetry.io/otel/trace v1.38.0 // indirect - golang.org/x/crypto v0.43.0 // indirect - golang.org/x/net v0.46.0 // indirect - golang.org/x/sync v0.17.0 // indirect - golang.org/x/sys v0.37.0 // indirect - golang.org/x/term v0.36.0 // indirect - golang.org/x/text v0.30.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect - google.golang.org/grpc v1.76.0 // indirect + go.opentelemetry.io/otel v1.39.0 // indirect + go.opentelemetry.io/otel/metric v1.39.0 // indirect + go.opentelemetry.io/otel/trace v1.39.0 // indirect + golang.org/x/crypto v0.46.0 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/term v0.38.0 // indirect + golang.org/x/text v0.32.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/grpc v1.79.3 // indirect google.golang.org/protobuf v1.36.10 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/bib/go.sum b/bib/go.sum index 6d2081671..5fe1bef44 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -267,8 +267,8 @@ github.com/prometheus/common v0.67.2 h1:PcBAckGFTIHt2+L3I33uNRTlKTplNzFctXcWhPyA github.com/prometheus/common v0.67.2/go.mod h1:63W3KZb1JOKgcjlIr64WW/LvFGAqKPj0atm+knVGEko= github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= @@ -321,24 +321,24 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= -go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= -go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 h1:xJ2qHD0C1BeYVTLLR9sX12+Qb95kfeD/byKj6Ky1pXg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0/go.mod h1:u5BF1xyjstDowA1R5QAO9JHzqK+ublenEW/dyqTjBVk= -go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= -go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= -go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= -go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= -go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM= -go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA= -go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= -go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4= go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE= go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= @@ -353,8 +353,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= -golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY= golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70= @@ -368,8 +368,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= -golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= +golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= +golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -386,8 +386,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= -golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -400,8 +400,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -417,8 +417,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= -golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -428,8 +428,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= -golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= +golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= +golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -439,8 +439,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= -golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -455,8 +455,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= -golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= +golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= +golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -468,17 +468,17 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 h1:mepRgnBZa07I4TRuomDE4sTIYieg/osKmzIf4USdWS4= -google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8/go.mod h1:fDMmzKV90WSg1NbozdqrE64fkuTv6mlq2zxo9ad+3yo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:M1rk8KBnUsBDg1oPGHNCxG4vc1f49epmTO7xscSajMk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= -google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 4eec024b5284a9596313e4bcce7ff8e034dda54a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anna=20V=C3=ADtov=C3=A1?= Date: Tue, 21 Apr 2026 13:58:59 +0200 Subject: [PATCH 251/254] ci/testing-farm: add git into packages Testing farm is failing with an error suggesting git is missing. Trying out this as a solution. --- plans/integration.fmf | 1 + 1 file changed, 1 insertion(+) diff --git a/plans/integration.fmf b/plans/integration.fmf index ce7d56172..6ce3b2a1c 100644 --- a/plans/integration.fmf +++ b/plans/integration.fmf @@ -12,6 +12,7 @@ prepare: how: install package: - edk2-aarch64 + - git - osbuild-depsolve-dnf - osbuild-lvm2 - osbuild-ostree From 67c1d6123253f0a719d147e99123e55b6c4fe66b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anna=20V=C3=ADtov=C3=A1?= Date: Tue, 21 Apr 2026 13:09:20 +0200 Subject: [PATCH 252/254] deps: bump gojose to 4.1.4 Fix a security issue by bumping go jose manually to 4.1.4 (RHEL-165033, RHEL-165005) (CVE-2026-34986) --- bib/go.mod | 2 +- bib/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bib/go.mod b/bib/go.mod index d248907af..58863a781 100644 --- a/bib/go.mod +++ b/bib/go.mod @@ -68,7 +68,7 @@ require ( github.com/docker/go-units v0.5.0 // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-jose/go-jose/v4 v4.1.3 // indirect + github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gobwas/glob v0.2.3 // indirect diff --git a/bib/go.sum b/bib/go.sum index 5fe1bef44..8b65e7da7 100644 --- a/bib/go.sum +++ b/bib/go.sum @@ -126,8 +126,8 @@ github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= -github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= +github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= +github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= From 9c52ad3d8cf773ab9621b738758acf59dbec03e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anna=20V=C3=ADtov=C3=A1?= Date: Mon, 27 Apr 2026 17:10:27 +0200 Subject: [PATCH 253/254] ci/testing-farm: replace paramiko with sshpass Python3 paramiko was dropped in f4895ae but only in regular tests. It was replaced by sshpass but not in testing farms which then results in failures. --- plans/integration.fmf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/integration.fmf b/plans/integration.fmf index 6ce3b2a1c..16a4d21f3 100644 --- a/plans/integration.fmf +++ b/plans/integration.fmf @@ -20,9 +20,9 @@ prepare: - pytest - python3-boto3 - python3-flake8 - - python3-paramiko - python3-pip - skopeo + - sshpass - qemu-kvm - qemu-system-aarch64 - qemu-user-static From 515c11284be5a5793c28156c201e8201d411f3a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anna=20V=C3=ADtov=C3=A1?= Date: Tue, 28 Apr 2026 10:40:21 +0200 Subject: [PATCH 254/254] ci: build on PRs of all branches In order to merge pull requests into different branches, the build is expected to run. However, that is not working which is blocking the ci for other branches than the main one. Add running the build.yaml pipeline for pull requests on all branches. --- .github/workflows/build.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ee2f50846..f01253fb6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -2,7 +2,9 @@ name: Build containers on: pull_request: - branches: [main] + branches: + - main + - rhel-* workflow_dispatch: # for merge queue merge_group: