atomic-desktops/ci-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ci-test/fedora-common-ostree.yaml
Timothée Ravier 5bbc140133 Revert "Revert "common: Add readonly sysroot migration unit and script"" 
Updated to fix indentation/syntax issue

This reverts commit 30f2880cfc.
2022-08-19 11:35:46 +02:00

223 lines
6.7 KiB
YAML
Raw Blame History

ref: fedora/rawhide/${basearch}/ostree-base
automatic_version_prefix: "38"
mutate-os-release: "38"
include: fedora-common-ostree-pkgs.yaml
packages:
- git-core
- lvm2
- rpm-ostree
- bootupd
# Container management
- buildah
- podman
- skopeo
- toolbox
# Provides terminal tools like clear, reset, tput, and tset
- ncurses
# Flatpak support
- flatpak
- xdg-desktop-portal
# HFS filesystem tools for Apple hardware
# See https://github.com/projectatomic/rpm-ostree/issues/1380
- hfsplus-tools
# Contains default ostree remote config to be used on client's
# system for fetching ostree update
- fedora-repos-ostree
# the archive repo for more reliable package layering
# https://github.com/coreos/fedora-coreos-tracker/issues/400
- fedora-repos-archive
selinux: true
documentation: true
boot-location: modules
etc-group-members:
- wheel
tmp-is-dir: true
ignore-removed-users:
- root
ignore-removed-groups:
- root
check-passwd:
type: file
filename: passwd
check-groups:
type: file
filename: group
default_target: graphical.target
# Keep this in sync with fedora-atomic-host.json from fedora-atomic
packages-aarch64:
- grub2-efi
- ostree-grub2
- efibootmgr
- shim
packages-armhfp:
- extlinux-bootloader
- xorg-x11-drv-armada
packages-ppc64:
- grub2
- ostree-grub2
packages-ppc64le:
- grub2
- ostree-grub2
packages-x86_64:
- grub2-efi-ia32
- grub2-efi-x64
- grub2-pc
- ostree-grub2
- efibootmgr
- shim-ia32
- shim-x64
- microcode_ctl
- mcelog
- thermald
- hyperv-daemons
- open-vm-tools-desktop
- virtualbox-guest-additions
- xorg-x11-drv-intel
- xorg-x11-drv-openchrome
- xorg-x11-drv-vesa
- xorg-x11-drv-vmware
# Make sure the following are not pulled in when Recommended by other packages
exclude-packages:
- PackageKit
# We can not include openh264. See https://fedoraproject.org/wiki/OpenH264
- gstreamer1-plugin-openh264
- mozilla-openh264
- openh264
postprocess:
- |
#!/usr/bin/env bash
set -xeuo pipefail
# Work around https://bugzilla.redhat.com/show_bug.cgi?id=1265295
# From https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf
install -dm0755 /usr/lib/systemd/journald.conf.d/
echo -e "[Journal]\nStorage=persistent" > /usr/lib/systemd/journald.conf.d/10-persistent.conf
# See: https://src.fedoraproject.org/rpms/glibc/pull-request/4
# Basically that program handles deleting old shared library directories
# mid-transaction, which never applies to rpm-ostree. This is structured as a
# loop/glob to avoid hardcoding (or trying to match) the architecture.
for x in /usr/sbin/glibc_post_upgrade.*; do
if test -f ${x}; then
ln -srf /usr/bin/true ${x}
fi
done
- |
#!/usr/bin/env bash
set -xeuo pipefail
# Setup unit & script for readonly sysroot migration:
# - https://fedoraproject.org/wiki/Changes/Silverblue_Kinoite_readonly_sysroot
# - https://bugzilla.redhat.com/show_bug.cgi?id=2060976
cat > /usr/lib/systemd/system/fedora-silverblue-readonly-sysroot.service <<'EOF'
[Unit]
Description=Fedora Silverblue Read-Only Sysroot Migration
Documentation=https://fedoraproject.org/wiki/Changes/Silverblue_Kinoite_readonly_sysroot
ConditionPathExists=!/var/lib/.fedora_silverblue_readonly_sysroot
RequiresMountsFor=/sysroot /boot
ConditionPathIsReadWrite=/sysroot
[Service]
Type=oneshot
ExecStart=/usr/libexec/fedora-silverblue-readonly-sysroot
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
'EOF'
chmod 644 /usr/lib/systemd/system/fedora-silverblue-readonly-sysroot.service
cat > /usr/libexec/fedora-silverblue-readonly-sysroot <<'EOF'
#!/bin/bash
# Update an existing system to use a read only sysroot
# See https://fedoraproject.org/wiki/Changes/Silverblue_Kinoite_readonly_sysroot
# and https://bugzilla.redhat.com/show_bug.cgi?id=2060976
set -euo pipefail
main() {
# Used to condition execution of this unit at the systemd level
local -r stamp_file="/var/lib/.fedora_silverblue_readonly_sysroot
if [[ -f "${stamp_file}" ]]; then
exit 0
fi
local -r ostree_sysroot_readonly="$(ostree config --repo=/sysroot/ostree/repo get "sysroot.readonly" &> /dev/null || echo "false")"
if [[ "${ostree_sysroot_readonly}" == "true" ]]; then
# Nothing to do
touch "${stamp_file}"
exit 0
fi
local -r boot_entries="$(ls -A /boot/loader/entries/ | wc -l)"
# Ensure that we can read BLS entries to avoid touching systems where /boot
# is not mounted
if [[ "${boot_entries}" -eq 0 ]]; then
echo "No BLS entry found: Maybe /boot is not mounted?" 1>&2
echo "This is unexpected thus no migration will be performed" 1>&2
touch "${stamp_file}"
exit 0
fi
# Check if any existing deployment is still missing the rw karg
local rw_kargs_found=0
local count=0
for f in "/boot/loader/entries/"*; do
count="$(grep -c "^options .* rw" "${f}" || true)"
if [[ "${count}" -ge 1 ]]; then
rw_kargs_found=$((rw_kargs_found + 1))
fi
done
# Some deployments are still missing the rw karg. Let's try to update them
if [[ "${boot_entries}" -ne "${rw_kargs_found}" ]]; then
ostree admin kargs edit-in-place --append-if-missing=rw || \
echo "Failed to edit kargs in place with ostree" 1>&2
fi
# Re-check if any existing deployment is still missing the rw karg
rw_kargs_found=0
count=0
for f in "/boot/loader/entries/"*; do
count="$(grep -c "^options .* rw" "${f}" || true)"
if [[ "${count}" -ge 1 ]]; then
rw_kargs_found=$((rw_kargs_found + 1))
fi
done
unset count
# If all deployments are good, then we can set the sysroot.readonly option
# in the ostree repo config
if [[ "${boot_entries}" -eq "${rw_kargs_found}" ]]; then
echo "Setting up the sysroot.readonly option in the ostree repo config"
ostree config --repo=/sysroot/ostree/repo set "sysroot.readonly" "true"
touch "${stamp_file}"
exit 0
fi
# If anything else before failed, we will retry on next boot
echo "Will retry next boot" 1>&2
exit 0
}
main "${@}"
'EOF'
chmod 755 /usr/libexec/fedora-silverblue-readonly-sysroot
# Enable the corresponding unit
systemctl enable fedora-silverblue-readonly-sysroot.service
Reference in a new issue View git blame Copy permalink