Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add systemd boot standard image to the build matrix #2929

Merged
merged 1 commit into from
Oct 18, 2024

Conversation

jimmykarily
Copy link
Contributor

to make it easier to build UKI artifacts from it

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

@jimmykarily jimmykarily requested a review from a team October 9, 2024 13:54
@jimmykarily
Copy link
Contributor Author

This would also build an .iso file. What would happen if one booted it as-is, without passing it through enki first?

@jimmykarily
Copy link
Contributor Author

Hm, to begin with, an iso can't be built:

earthly -P +iso --FAMILY=ubuntu --FLAVOR=ubuntu --FLAVOR_RELEASE=24.04 --VARIANT=standard --MODEL=generic --BASE_IMAGE=ubuntu:24.04 --BOOTLOADER=systemd-boot --K3S_VERSION=1.31.1

...

                +iso *failed* | 2024-10-09T13:59:34Z DBG Running cmd: 'rsync --progress --partial --human-readable --archive --xattrs --acls --exclude=/mnt --exclude=/proc --exclude=/sys --exclude=/dev --exclude=/tmp --exclude=/host --exclude=/run /build/image/ /tmp/enki-iso183628896/rootfs/'
                +iso *failed* | 2024-10-09T13:59:37Z INF Finished syncing
                +iso *failed* | 2024-10-09T13:59:37Z INF Finished copying /build/image into /tmp/enki-iso183628896/rootfs
                +iso *failed* | 2024-10-09T13:59:37Z INF Preparing ISO image root tree...
                +iso *failed* | 2024-10-09T13:59:37Z INF Copying /grub2 source to /tmp/enki-iso183628896/iso
                +iso *failed* | 2024-10-09T13:59:37Z INF Starting rsync...
                +iso *failed* | 2024-10-09T13:59:37Z DBG Running cmd: 'rsync --progress --partial --human-readable --archive --xattrs --acls --exclude=/mnt --exclude=/proc --exclude=/sys --exclude=/dev --exclude=/tmp --exclude=/host --exclude=/run /grub2/ /tmp/enki-iso183628896/iso/'
                +iso *failed* | 2024-10-09T13:59:37Z INF Finished syncing
                +iso *failed* | 2024-10-09T13:59:37Z INF Finished copying /grub2 into /tmp/enki-iso183628896/iso
                +iso *failed* | 2024-10-09T13:59:37Z ERR No initrd file found
                +iso *failed* | 2024-10-09T13:59:37Z ERR Could not find kernel and/or initrd
                +iso *failed* | 2024-10-09T13:59:37Z ERR Failed preparing ISO's root tree: No file found with prefixes: [initrd initramfs]
                +iso *failed* | 2024-10-09T13:59:37Z ERR 1 error occurred:
                +iso *failed* | 	* No file found with prefixes: [initrd initramfs]

                +iso *failed* |
                +iso *failed* | ERROR Earthfile:576:4
                +iso *failed* |       The command
                +iso *failed* |           RUN /entrypoint.sh --name $ISO_NAME --debug build-iso --squash-no-compression --date=false dir:/build/image --output /build/
                +iso *failed* |       did not complete successfully. Exit code 1

Help: To debug your build, you can use the --interactive (-i) flag to drop into a shell of the failing RUN step: "earthly -i -P +iso --FAMILY=ubuntu --FLAVOR=ubuntu --FLAVOR_RELEASE=24.04 --VARIANT=standard --MODEL=generic --BASE_IMAGE=ubuntu:24.04 --BOOTLOADER=systemd-boot --K3S_VERSION=1.31.1"

@jimmykarily jimmykarily marked this pull request as draft October 9, 2024 14:20
@jimmykarily
Copy link
Contributor Author

The earthly target tries to build an iso with enki build-iso (through the earthly +iso target) and this doesn't work because it expects to find a /boot/initrd file and that doesn't happen because we don't have dracut around so we don't create the symlink. This PR was about creating a container image only. The iso is created with enki build-uki command.
The pipeline can't be re-used so it requires more work to get this to work. I will close this until there is a user request to have it.

@jimmykarily
Copy link
Contributor Author

All I had to do actually was change this to include a standard image:

content=`cat ./.github/flavors.json | jq -r 'map(select(.arch == "amd64" and .variant == "core" and (.flavor == "fedora" or (.flavor == "ubuntu" and (.flavorRelease == "24.04")))))'`

@jimmykarily jimmykarily reopened this Oct 11, 2024
@jimmykarily jimmykarily force-pushed the build-systemd-boot-standard-ubuntu branch from 97a764e to c21ca74 Compare October 14, 2024 12:44
to make it easier to build UKI artifacts from it

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
@jimmykarily jimmykarily force-pushed the build-systemd-boot-standard-ubuntu branch from c21ca74 to e95bbad Compare October 14, 2024 12:45
@jimmykarily jimmykarily marked this pull request as ready for review October 14, 2024 12:46
@jimmykarily
Copy link
Contributor Author

Do we intentionally point to non existent files here? https://github.com/kairos-io/kairos/pull/2929/files#diff-e426ed45842837026e10e66af23d9c7077e89eacbe6958ce7cb991130ad05adaR373

(https://github.com/kairos-io/kairos/actions/runs/11211362726/job/31166937967#step:16:12)

We don't release uki isos at the moment. If we want to fix it, I think we will need to name the isos differently with enki because the "core" and "standard" one would get the same name I think.

@jimmykarily jimmykarily requested a review from a team October 14, 2024 12:51
Copy link
Member

@mauromorales mauromorales left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm but we'll only test with a release so I'd suggest some alpha

@Itxaka
Copy link
Member

Itxaka commented Oct 14, 2024

Do we intentionally point to non existent files here? https://github.com/kairos-io/kairos/pull/2929/files#diff-e426ed45842837026e10e66af23d9c7077e89eacbe6958ce7cb991130ad05adaR373

(https://github.com/kairos-io/kairos/actions/runs/11211362726/job/31166937967#step:16:12)

We don't release uki isos at the moment. If we want to fix it, I think we will need to name the isos differently with enki because the "core" and "standard" one would get the same name I think.

I think that's a leftover as we cannot release isos or EFI files as they are not signed or would be signed with our test keys.

Artifacts being pushed is ok as you can generate your own isos or upgrade artifacts with them, but isos and EFI files are a big no no

@bencorrado
Copy link
Contributor

Do we intentionally point to non existent files here? https://github.com/kairos-io/kairos/pull/2929/files#diff-e426ed45842837026e10e66af23d9c7077e89eacbe6958ce7cb991130ad05adaR373

(https://github.com/kairos-io/kairos/actions/runs/11211362726/job/31166937967#step:16:12)

We don't release uki isos at the moment. If we want to fix it, I think we will need to name the isos differently with enki because the "core" and "standard" one would get the same name I think.

I think that's a leftover as we cannot release isos or EFI files as they are not signed or would be signed with our test keys.

Artifacts being pushed is ok as you can generate your own isos or upgrade artifacts with them, but isos and EFI files are a big no no

I think the realistic option to build iso files is to use shim similar to what mkosi did systemd/mkosi#1863

This would allow for quicker testing for people who want to try out Kairos.

@Itxaka
Copy link
Member

Itxaka commented Oct 16, 2024

Do we intentionally point to non existent files here? https://github.com/kairos-io/kairos/pull/2929/files#diff-e426ed45842837026e10e66af23d9c7077e89eacbe6958ce7cb991130ad05adaR373

(https://github.com/kairos-io/kairos/actions/runs/11211362726/job/31166937967#step:16:12)

We don't release uki isos at the moment. If we want to fix it, I think we will need to name the isos differently with enki because the "core" and "standard" one would get the same name I think.

I think that's a leftover as we cannot release isos or EFI files as they are not signed or would be signed with our test keys.

Artifacts being pushed is ok as you can generate your own isos or upgrade artifacts with them, but isos and EFI files are a big no no

I think the realistic option to build iso files is to use shim similar to what mkosi did systemd/mkosi#1863

This would allow for quicker testing for people who want to try out Kairos.

This is just for uki where you sign the full EFI files. In that case the shim does not help at all. For non-uki isos under UEFI we already use the upstream shim so it should work under secureboot without issues and without needing to sign anything.

@jimmykarily jimmykarily merged commit 409dc0d into master Oct 18, 2024
45 checks passed
@jimmykarily jimmykarily deleted the build-systemd-boot-standard-ubuntu branch October 18, 2024 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

4 participants