osbuild · ondrejbudai · Jan 23, 2024 · Jan 11, 2024 · Nov 16, 2023 · Jan 13, 2024
diff --git a/pkg/distro/fedora/distro.go b/pkg/distro/fedora/distro.go
@@ -131,6 +131,20 @@ var (
 		exports:          []string{"commit-archive"},
 	}
 
+	iotBootableContainer = imageType{
+		name:     "iot-bootable-container",
+		filename: "iot-bootable-container.tar",
+		mimeType: "application/x-tar",
+		packageSets: map[string]packageSetFunc{
+			osPkgsKey: bootableContainerPackageSet,
+		},
+		rpmOstree:        true,
+		image:            bootableContainerImage,
+		buildPipelines:   []string{"build"},
+		payloadPipelines: []string{"os", "ostree-commit", "ostree-encapsulate"},
+		exports:          []string{"ostree-encapsulate"},
+	}
+
 	iotOCIImgType = imageType{
 		name:        "iot-container",
 		nameAliases: []string{"fedora-iot-container"},
@@ -843,6 +857,7 @@ func newDistro(version int) distro.Distro {
 			},
 			iotSimplifiedInstallerImgType,
 		)
+
 		aarch64.addImageTypes(
 			&platform.Aarch64{
 				BasePlatform: platform.BasePlatform{
@@ -868,6 +883,63 @@ func newDistro(version int) distro.Distro {
 		)
 	}
 
+	if !common.VersionLessThan(rd.Releasever(), "39") {
+		// bootc was introduced in F39
+		x86_64.addImageTypes(
+			&platform.X86{
+				BasePlatform: platform.BasePlatform{
+					FirmwarePackages: []string{
+						"biosdevname",
+						"iwlwifi-dvm-firmware",
+						"iwlwifi-mvm-firmware",
+						"microcode_ctl",
+					},
+				},
+				BIOS:       true,
+				UEFIVendor: "fedora",
+			},
+			iotBootableContainer,
+		)
+		aarch64.addImageTypes(
+			&platform.Aarch64{
+				BasePlatform: platform.BasePlatform{
+					FirmwarePackages: []string{
+						"arm-image-installer",
+						"bcm283x-firmware",
+						"brcmfmac-firmware",
+						"iwlwifi-mvm-firmware",
+						"realtek-firmware",
+						"uboot-images-armv8",
+					},
+				},
+				UEFIVendor: "fedora",
+			},
+			iotBootableContainer,
+		)
+
+		ppc64le.addImageTypes(
+			&platform.PPC64LE{
+				BIOS: true,
+				BasePlatform: platform.BasePlatform{
+					ImageFormat: platform.FORMAT_QCOW2,
+					QCOW2Compat: "1.1",
+				},
+			},
+			iotBootableContainer,
+		)
+
+		s390x.addImageTypes(
+			&platform.S390X{
+				Zipl: true,
+				BasePlatform: platform.BasePlatform{
+					ImageFormat: platform.FORMAT_QCOW2,
+					QCOW2Compat: "1.1",
+				},
+			},
+			iotBootableContainer,
+		)
+	}
+
 	ppc64le.addImageTypes(
 		&platform.PPC64LE{
 			BIOS: true,

diff --git a/pkg/distro/fedora/distro_test.go b/pkg/distro/fedora/distro_test.go
@@ -215,6 +215,14 @@ func TestFilenameFromType(t *testing.T) {
 			},
 		},
 		"39": {
+			{
+				name: "iot-bootable-container",
+				args: args{"iot-bootable-container"},
+				want: wantResult{
+					filename: "iot-bootable-container.tar",
+					mimeType: "application/x-tar",
+				},
+			},
 			{
 				name: "iot-simplified-installer",
 				args: args{"iot-simplified-installer"},
@@ -225,6 +233,14 @@ func TestFilenameFromType(t *testing.T) {
 			},
 		},
 		"40": {
+			{
+				name: "iot-bootable-container",
+				args: args{"iot-bootable-container"},
+				want: wantResult{
+					filename: "iot-bootable-container.tar",
+					mimeType: "application/x-tar",
+				},
+			},
 			{
 				name: "iot-simplified-installer",
 				args: args{"iot-simplified-installer"},
@@ -236,7 +252,7 @@ func TestFilenameFromType(t *testing.T) {
 		},
 	}
 	for _, dist := range fedoraFamilyDistros {
-		t.Run(dist.name, func(t *testing.T) {
+		t.Run(dist.distro.Name(), func(t *testing.T) {
 			allTests := append(tests, verTypes[dist.distro.Releasever()]...)
 			for _, tt := range allTests {
 				t.Run(tt.name, func(t *testing.T) {
@@ -292,7 +308,7 @@ func TestImageType_BuildPackages(t *testing.T) {
 		"aarch64": aarch64BuildPackages,
 	}
 	for _, dist := range fedoraFamilyDistros {
-		t.Run(dist.name, func(t *testing.T) {
+		t.Run(dist.distro.Name(), func(t *testing.T) {
 			d := dist.distro
 			for _, archLabel := range d.ListArches() {
 				archStruct, err := d.GetArch(archLabel)
@@ -344,8 +360,14 @@ func TestImageType_Name(t *testing.T) {
 			},
 			verTypes: map[string][]string{
 				"38": {"iot-simplified-installer"},
-				"39": {"iot-simplified-installer"},
-				"40": {"iot-simplified-installer"},
+				"39": {
+					"iot-bootable-container",
+					"iot-simplified-installer",
+				},
+				"40": {
+					"iot-bootable-container",
+					"iot-simplified-installer",
+				},
 			},
 		},
 		{
@@ -365,14 +387,20 @@ func TestImageType_Name(t *testing.T) {
 			},
 			verTypes: map[string][]string{
 				"38": {"iot-simplified-installer"},
-				"39": {"iot-simplified-installer"},
-				"40": {"iot-simplified-installer"},
+				"39": {
+					"iot-bootable-container",
+					"iot-simplified-installer",
+				},
+				"40": {
+					"iot-bootable-container",
+					"iot-simplified-installer",
+				},
 			},
 		},
 	}
 
 	for _, dist := range fedoraFamilyDistros {
-		t.Run(dist.name, func(t *testing.T) {
+		t.Run(dist.distro.Name(), func(t *testing.T) {
 			for _, mapping := range imgMap {
 				arch, err := dist.distro.GetArch(mapping.arch)
 				if assert.NoError(t, err) {
@@ -534,8 +562,14 @@ func TestArchitecture_ListImageTypes(t *testing.T) {
 			},
 			verTypes: map[string][]string{
 				"38": {"iot-simplified-installer"},
-				"39": {"iot-simplified-installer"},
-				"40": {"iot-simplified-installer"},
+				"39": {
+					"iot-bootable-container",
+					"iot-simplified-installer",
+				},
+				"40": {
+					"iot-bootable-container",
+					"iot-simplified-installer",
+				},
 			},
 		},
 		{
@@ -557,8 +591,14 @@ func TestArchitecture_ListImageTypes(t *testing.T) {
 			},
 			verTypes: map[string][]string{
 				"38": {"iot-simplified-installer"},
-				"39": {"iot-simplified-installer"},
-				"40": {"iot-simplified-installer"},
+				"39": {
+					"iot-bootable-container",
+					"iot-simplified-installer",
+				},
+				"40": {
+					"iot-bootable-container",
+					"iot-simplified-installer",
+				},
 			},
 		},
 		{
@@ -567,18 +607,34 @@ func TestArchitecture_ListImageTypes(t *testing.T) {
 				"container",
 				"qcow2",
 			},
+			verTypes: map[string][]string{
+				"39": {
+					"iot-bootable-container",
+				},
+				"40": {
+					"iot-bootable-container",
+				},
+			},
 		},
 		{
 			arch: "s390x",
 			imgNames: []string{
 				"container",
 				"qcow2",
 			},
+			verTypes: map[string][]string{
+				"39": {
+					"iot-bootable-container",
+				},
+				"40": {
+					"iot-bootable-container",
+				},
+			},
 		},
 	}
 
 	for _, dist := range fedoraFamilyDistros {
-		t.Run(dist.name, func(t *testing.T) {
+		t.Run(dist.distro.Name(), func(t *testing.T) {
 			for _, mapping := range imgMap {
 				arch, err := dist.distro.GetArch(mapping.arch)
 				require.NoError(t, err)
@@ -624,7 +680,7 @@ func TestFedora37_GetArch(t *testing.T) {
 	}
 
 	for _, dist := range fedoraFamilyDistros {
-		t.Run(dist.name, func(t *testing.T) {
+		t.Run(dist.distro.Name(), func(t *testing.T) {
 			for _, a := range arches {
 				actualArch, err := dist.distro.GetArch(a.name)
 				if a.errorExpected {

diff --git a/pkg/distro/fedora/images.go b/pkg/distro/fedora/images.go
@@ -423,6 +423,32 @@ func iotCommitImage(workload workload.Workload,
 	return img, nil
 }
 
+func bootableContainerImage(workload workload.Workload,
+	t *imageType,
+	bp *blueprint.Blueprint,
+	options distro.ImageOptions,
+	packageSets map[string]rpmmd.PackageSet,
+	containers []container.SourceSpec,
+	rng *rand.Rand) (image.ImageKind, error) {
+
+	parentCommit, commitRef := makeOSTreeParentCommit(options.OSTree, t.OSTreeRef())
+	img := image.NewOSTreeArchive(commitRef)
+
+	d := t.arch.distro
+
+	img.Platform = t.platform
+	img.OSCustomizations = osCustomizations(t, packageSets[osPkgsKey], containers, bp.Customizations)
+	img.Environment = t.environment
+	img.Workload = workload
+	img.OSTreeParent = parentCommit
+	img.OSVersion = d.osVersion
+	img.Filename = t.Filename()
+	img.InstallWeakDeps = false
+	img.BootContainer = true
+
+	return img, nil
+}
+
 func iotContainerImage(workload workload.Workload,
 	t *imageType,
 	bp *blueprint.Blueprint,

diff --git a/pkg/distro/fedora/package_sets.go b/pkg/distro/fedora/package_sets.go
@@ -188,6 +188,104 @@ func iotCommitPackageSet(t *imageType) rpmmd.PackageSet {
 	return ps
 }
 
+func bootableContainerPackageSet(t *imageType) rpmmd.PackageSet {
+	// Replicating package selection from centos-bootc:
+	// https://github.com/CentOS/centos-bootc/
+	ps := rpmmd.PackageSet{
+		Include: []string{
+			"acl",
+			"attr", // used by admins interactively
+			"bootc",
+			"bootupd",
+			"chrony", // NTP support
+			"container-selinux",
+			"container-selinux",
+			"crun",
+			"cryptsetup",
+			"dnf",
+			"e2fsprogs",
+			"fwupd",                 // if you're using linux-firmware, you probably also want fwupd
+			"iproute", "iproute-tc", // route manipulation and QoS
+			"iptables", "nftables", // firewall manipulation
+			"iptables-services", // additional firewall support
+			"kbd",               // i18n
+			"keyutils",          // Manipulating the kernel keyring; used by bootc
+			"libsss_sudo",       // allow communication between sudo and SSSD for caching sudo rules by SSSD
+			"linux-firmware",    // linux-firmware now a recommends so let's explicitly include it
+			"logrotate",         // There are things that write outside of the journal still (such as the classic wtmp, etc.). auditd also writes outside the journal but it has its own log rotation.  Anything package layered will also tend to expect files dropped in /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't have it then people's disks will slowly fill up with logs.
+			"lsof",
+			"lvm2",                       // Storage configuration/management
+			"nano",                       // default editor
+			"ncurses",                    // provides terminal tools like clear, reset, tput, and tset
+			"NetworkManager-cloud-setup", // support for cloud quirks and dynamic config in real rootfs: https://github.com/coreos/fedora-coreos-tracker/issues/320
+			"NetworkManager", "hostname", // standard tools for configuring network/hostname
+			"NetworkManager-team", "teamd", // teaming https://github.com/coreos/fedora-coreos-config/pull/289 and http://bugzilla.redhat.com/1758162
+			"NetworkManager-tui",               // interactive Networking configuration during coreos-install
+			"nfs-utils-coreos", "iptables-nft", // minimal NFS client
+			"nss-altfiles",
+			"openssh-clients",
+			"openssh-server",
+			"openssl",
+			"ostree",
+			"passwd", "shadow-utils", // User configuration
+			"podman",
+			"rpm-ostree",
+			"selinux-policy-targeted",
+			"sg3_utils",
+			"skopeo",
+			"socat", "net-tools", "bind-utils", // interactive network tools for admins
+			"sssd-client", "sssd-ad", "sssd-ipa", "sssd-krb5", "sssd-ldap", // SSSD backends
+			"stalld",               // Boost starving threads https://github.com/coreos/fedora-coreos-tracker/issues/753
+			"subscription-manager", // To ensure we can enable client certs to access RHEL content
+			"sudo",
+			"systemd",
+			"systemd-resolved",  // resolved was broken out to its own package in rawhide/f35
+			"tpm2-tools",        // needed for tpm2 bound luks
+			"WALinuxAgent-udev", // udev rules for Azure (rhbz#1748432)
+			"xfsprogs",
+			"zram-generator", // zram-generator (but not zram-generator-defaults) for F33 change
+		},
+		Exclude: []string{
+			"cowsay", // just in case
+			"grubby",
+			"initscripts",                         // make sure initscripts doesn't get pulled back in https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254
+			"NetworkManager-initscripts-ifcfg-rh", // do not use legacy ifcfg config format in NetworkManager See https://github.com/coreos/fedora-coreos-config/pull/1991
+			"nodejs",
+			"perl",
+			"perl-interpreter",
+			"plymouth",         // for (datacenter/cloud oriented) servers, we want to see the details by default.  https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/
+			"systemd-networkd", // we use NetworkManager
+		},
+	}
+
+	switch t.Arch().Name() {
+	case arch.ARCH_AARCH64.String():
+		ps.Append(rpmmd.PackageSet{
+			Include: []string{
+				"irqbalance",
+				"ostree-grub2",
+			},
+		})
+	case arch.ARCH_PPC64LE.String():
+		ps.Append(rpmmd.PackageSet{
+			Include: []string{
+				"irqbalance",
+				"librtas",
+				"powerpc-utils-core",
+				"ppc64-diag-rtas",
+			},
+		})
+	case arch.ARCH_X86_64.String():
+		ps.Append(rpmmd.PackageSet{
+			Include: []string{
+				"irqbalance",
+			},
+		})
+	}
+
+	return ps
+}
+
 // INSTALLER PACKAGE SET
 
 func installerPackageSet(t *imageType) rpmmd.PackageSet {