Added new <environment> section to the existing <bootloadersettings>
section which allows to specify environment variables for setting
up an environment blob for the selected loader. With this commit
we add support for grub by using grub2-editenv. Other loaders
do not yet have an implementation or does not support environment
blobs. Settings will be ignored for unsupported loaders.
This Fixes#2922
Co-authored-by: Rhys Oxenham <rhys.oxenham@suse.com>
This commit adds support for providing custom CA certificates
during the build process. It allows a user to specify one ore
more CA file(s) via the new <certificates> section and/or
via the command line. The certificate files will be imported
directly after the image bootstrap has finished (where the
required CA update tools are available), but before any
further packages are retrieved, solving for situations where
the chroot environment needs certificates, e.g. when there's
a proxy server in the build environment.
Co-authored-by: Marcus Schaefer <marcus.schaefer@gmail.com>
The console attribute in the bootloader section was used to
target both, output and input console setup using a space separator.
However, there can be multiple consoles specified for output
and input consoles and that turns the idea to handle both in
one attribute into a mess. This commit drops the console attribute
and offers two new attributes output_console and input_console which
can define multiple consoles each using space as a separator.
For example:
<bootloader ... output_console="console serial" input_console="console"/>
This change comes with a schema version bump to v8.4
An automatic XSL transformation template for the old console
attribute into the new output_console and input_console
attributes is also part of this commit.
This Fixes#2886
Add driver configuration support for dracut initrd
Add support for specifying kernel drivers to be included or omitted
in the dracut initrd configuration. This extends the existing dracut
configuration capabilities like in the following example
<initrd action="add">
<dracut driver="erofs"/>
</initrd>
Extend scope and content of the <initrd> section to be allowed
as part of the <type> section. This allows to specify custom
call options and modules for the dracut tool. In particular
this commit implementes support for passing the uefi option
to dracut to enable building an UKI EFI binary as follows:
<initrd action="setup">
<dracut uefi="true"/>
</initrd>
This Fixes#2809 and Fixes#2408
The attribute provide_system_files creates a meta file in the
root tree named 'systemfiles'. The contents of this file were
produced by just a dump of the package database so far. For
a more generic use of this data some adaptions were needed.
First we allow to skip packages matching a pattern from being
part of the system files. Next we do not put ghost and doc
files into account. And last we handle library files in a different
file named 'systemfiles.libs' where we do not add symlink targets
if the target path is also part of the package. The consumer
of this information is flake-pilot which syncs that library system
files from the host via --copy-links. This allows a more generic
use with regards to versioned libraries e.g. libc
Allow to specify references to OCI containers in the
image description like in the following example:
<containers source="registry.suse.com" backend="podman">
<container name="some" tag="some" path="/some/path"/>
</containers>
During the kiwi process the containers are fetched into a
temporary location and a systemd service is configured to
one time load the containers into the local registry at
first boot of the system. This Fixes#2663
The arch flag in a namedCollection was not taken into account.
This commit fixes this and also makes sure the result information
is sorted and unique like we have it for the package lists.
This Fixes#2600
Usually custom files are managed by placing them as overlay
files or archives. However, overlay files must be structured
inside of a root/ subdirectory and archive files are binary
data. It is therefore not straight forward to just reference
one or more files as source files to the image description
to be placed into the image. This commit adds a new <file>
element which allows to do this. This Fixes#1953
Allow to specify the stopsignal via the containerconfig
element as the following example shows
<type image="docker">
<containerconfig ...>
<stopsignal>SIGINT</stopsignal>
</containerconfig>
</type>
This Fixes#2543
So far the <ignore> stanza was only effective when placed
as part of the type="image" packages section. This commit
allows to place it also to the type="bootstrap" packages.
This Fixes#2499
Using one of the $releasever/${releasever} variable placeholders
in an URL as part of a <signing key="..."/> element did not replace
the placeholder with the value of the <release-version> element.
This commit fixes this and also makes sure that the result list
for downloading signing keys is unique. This Fixes#2381
With dnf5 there is a successor for dnf but there will also
be a transition period where there will be both, the former
dnf and the new dnf5 available. For a clear distinction
between the two we got the recommendation from the RedHat
team to support both in different namespaces. This commit
now implements a backward compatible change for kiwi which
includes the following modifications:
* XSL stylesheet for automatic schema transformation from
<packagemanager>dnf</packagemanager> to
<packagemanager>dnf4</packagemanager>
* Code copy of dnf API interface from
PackageManagerDnf -> PackageManagerDnf4
RepositoryDnf -> RepositoryDnf4
* Deprecation of former Dnf API interface
The code change here will force developers to adapt
their code if they used RepositoryDnf / PackageManagerDnf
classes in their python code. After this change developers
will be dropped into a raise condition which exits kiwi
at the time of the call. Related to Issue #2300
and Issue #2262
Allow to specify an optional <bootloadersettings> element
inside of the <bootloader> section. The information is used to
specify custom arguments for the tools called in a bootloader
setup procedure, e.g shim-install, grub-install or grub-mkconfig.
kiwi does not judge on the given parameters and if the provided
data is effectively used depends on the individual bootloader
implementation. In this commit the data will be effectively
handled if bootloader="grub2" is configured. More precisely
the custom additions to support SUSE's TPM model with grub2
can be configured as follows:
<bootloadersettings>
<shimoption name="--suse-enable-tpm"/>
<installoption name="--suse-enable-tpm"/>
<configoption name="--set-trusted-boot"/>
</bootloadersettings>
This Fixes#2224
Allow to specify the group id in the groups list a user
should belong to. The group id can be placed as part of
the group name separated by a colon like in the following
example:
<users>
<user groups="kiwi,admin:42,users" password="..." name="kiwi"/>
</users>
Please note kiwi checks if the provided group already
exists and only creates a group if it is not already present in
the system. As default groups are usually provided by the OS
itself including its preferred group id, you will intentionally
not be able to overwrite group id for existing groups.
This Fixes#2064
Added new luksformat element which allows to pass
along options to the luksFormat call. This allows users to
switch between LUKS and LUKS2 via e.g
<luksformat>
<option name="--type" value="luks2"/>
</luksformat>
It also allows to pass along a set of options only available
to LUKS2, e.g
<luksformat>
<option name="--type" value="luks2"/>
<option name="--cipher" value="aes-gcm-random"/>
<option name="--integrity" value="aead"/>
</luksformat>
In addition to the new attribute the existing luks attribute
can also be specified to read credentials from a keyfile by
using the file:// source locator, e.g
<type ... luks="file:///path/to/a/keyfile"/>
This Fixes#1898
Docker containers used to support the attribute `additionaltags` which
was used to provide multiple tags for the same image. Since only tags
were supported this commit renames the attribute to `additionalnames`
and now supports tags and names witht he following syntax:
* '<name>:<tag>' -> adds a full docker image reference including name
and tag
* ':<tag>' -> adds an additional tag while reusing the former name
* '<name>' -> adds an additional name while reusing the former tag
Fixes#2045
Signed-off-by: David Cassany <dcassany@suse.com>
In CentOS Stream 8 and Red Hat Enterprise Linux 8, there are
Application Streams that are offered in the form of modules
(using Fedora Modularity technology). To build images that use
this content KIWI needs to support to enable/disable various
modules. This commit allows to configure collection modules
in a new element as shown below
<packages type="bootstrap">
<collectionModule name="module" stream="stream" enable="true|false"/>
</packages>
This Fixes Issue #1999
Currently the release version is not set or set to '0'
for package managers which requires a value to operate.
However, in order to support leveraging the same description
across different releases it is important to have the
opportunity to specify a setting for the release version.
This commit adds a new optional attribute to the preferences
section which allows to specify a custom value which
serves as the release version:
<preferences>
<release-version>TEXT</release-version>
</preferences>
If not specified the default setting as before applies.
Please note the release version information is currently
used in dnf and microdnf package managers only. It might
happen that it gets applied to the other package manager
backends as well. This will happen on demand though.
Related to Issue #1918. This Fixes#1927
This commit adds a new and optional child element <signing>
to the repository/source element as shown in the following
example:
<repository>
<source path="...">
<signing key="keyfile"/>
</source>
</repository>
The collection of all keyfiles from all repositories will be
added to the keyring as used by the selected package manager.
Signing keys specified on the commandline and signing keys
specified in the image description will be combined.
This Fixes#1883
repo files allows for several customization options
which could not be set by kiwi through the current
repository schema. As the options used do not follow
any standard and are not compatible between package
managers and distributions the only generic way to
handle this is through a script which is invoked
with the repo file as parameter for each file created
to describe a repo for the selected package manager.
This allows users to update/change the repo file content
on their individual needs. In the kiwi description the
path to the custom script can be specified as follows
<repository ... customize="/path/to/custom_script">
<source path="..."/>
</repository>
This Fixes#1896
This commit adds the `<installinitrd>` element in kiwi schema to
facilitate the dracut modules configuration for the installation initrds
on OEM images. Within installinitrd element is possible list the dracut
modules to append, to omit or to just set an static list of dracut
modules to include.
Fixes#1676Fixes#1683
This commits adds the attribute 'arch' to preferences. It works
as any other 'arch' attribute within the schema. Preferences defined
with architectures that do not match the host are ignored. If no 'arch'
is provided it matches all any host architecture.
Fixes#1640
Added a new element <oem-swapname> below the <oemconfig>
section which allows to specify a name for the swap volume
in case the LVM volume manager is used. The default if
not specified continuous to stay at: LVSwap. This
Fixes#1638
A vmx image is the same disk as an oem just without the dracut
repart/resize feature. This difference is better handled with
an oemconfig parameter <oem-resize> which allows to switch resize
on or off. The extra image type vmx will be dropped and an XSLT
stylesheet automatically transforms a vmx description to be a
oem image with the resize feature switched off.
This Fixes#1425
The bootloader settings are handled through attributes in the
type element. Over the years some attributes were added and
there are requests for more settings. Therefore the bootloader
setup deservers its own section. With this commit the schema
changes from v7.1 to v7.2 and moves bootloader, bootloader_console
boottimeout and zipl_targettype into a new bootloader subsection
below type. The commit also adds an auto transformation template
such that customers don't have to change their image descriptions.
This is related to Issue #1401
Added new type attribute:
```xml
<type ... spare_part_fs_attributes="..."/>
```
which can be a comma separated list of the following currently
supported filesystem attributes:
* no-copy-on-write
* synchronous-updates
See chattr and filesystem manual pages for details on those
attributes. More attributes for the spare part context can be
added on request. This Fixes#1233
In an OEM deployment that requested the creation of a swap
partition via <oem-swap> that swap partition was created
at first boot and was always the last partition on the disk.
This was required because it could not be placed before
any other partition without destroying those partition
contents. This process leaves the system in an inflexible
condition if the storage device can change its geometry
dynamicly as it's the case for SAN systems. The typical
deployment target for OEM images are SAN storage clusters
and it's cumbersome to resize the root partition if swap
is last.
This commit Fixes#1231 and changes the handling of swap if
requested via <oem-swap> as follows:
1. The swap space is created as part of the image build process
and no longer on first boot of the image via dracut code.
This increases the size of the non compressed .raw disk image
by the configured swap space size or the default. The
compressed versions are not affected since zero initialized
swap space compresses to almost no space. Deployment of
the image however also deploys the swap partition which
increases deployment time. For big swap configurations
it's advisable to switch off image verification via
oem-skip-verify. For very big swap configurations it's
also recommended to prevent kiwi from adding them as part
of the image and let them be created on first boot via
a systemd service that e.g places a swap file, or creates
a swap volume when possible such that the fexibility to
resize the rootfs is still available.
2. The setup of the swap space is now explicit. It's no longer
calculated by twice times RAM size because on newer machines
this could lead to huge numbers. Either the kiwi encoded
default swap size applies or the user configured value.
3. LVM based oem disks creates the swap space as logical volume.
The volume is created as part of the image build process
and no longer on first boot. The swap volume at build time
of the image is of a minimal size and gets resized on first
boot.
4. The move of the swap creation into the builder code also
handles swap per configured device persistency schema like
any other devices. This means by default swap is mounted
via by-uuid name and thus also Fixes#1259
This commit makes home attribute of users definition optional. This way
the home directory is created according to the distribution defaults.
Note that `-m` option is passed to user add, thus the home directory is
requested to be created even without having an explicit home path
defined.
Fixes#1025
The message that display the selected source type was
using the former metalink text which is wrong. This
patch corrects the message and only display it if a
sourcetype was specified
Along with the fsmountoptions attribute there is now also the
fscreateoptions attribute which allows to control the options
used for creating the filesystem. Please note, it's not kiwi's
task to validate that the given option string is supported
by the selected filesystem. This means providing wrong values
here will cause the build to fail at the time the filesystem
gets created. This Fixes#1109
In the preferences section the following optional subsection
can be configured:
<rpm-locale-filtering>true|false</rpm-locale-filtering>
If set to true the default locales POSIX, C, and C.UTF-8 are
applied as rpm install_lang macro. If the locale section is
configured in addition the list is extended by that information
too
During the image build the custom rpm macro %_install_langs
is configured with the <locale> setup from the KIWI XML
description. This allows to filter language specific packages
on the rpm level and Fixes#771
This commit adds the history section in contianerconfig. With it
'author', 'created_by' and 'comment' can be customized. In addition
'created' is always included with the image creation date time.
'created_by' entry is set to 'KIWI __version__' by default if nothing
is provided.
Fixes#852
