Add another build using grub instead of systemd-boot and use
btrfs as write partition instead of xfs. Please note this test
requires a boot partition because grub cannot read from erofs
and unlike systemd-boot grub does not read all boot data from
the ESP.
If a volume capable filesystem like btrfs is requested, there
must also be a volume definition available to report that
the volume management is actively used. Just the request of
the filesystem can also mean it's being used without volumes
like it could be the case for an overlayroot setup that
requests btrfs as write partition.
So far no luck with the systemd verity generator. This
commit adds the parsing of /etc/veritytab in the existing
kiwi-verity dracut module and uses it in the overlayroot
integration test.
Switch to erofs for overlay testing. Additionally split the build
into two profiles. The first one just builds a simple overlayroot
oem disk based on erofs. The second one adds a veritysetup layer
and configures the systemd-veritysetup-generator for use in dracut.
This Fixes#2799
Add new overlayroot_readonly_filesystem attribute which allows
to select for either squashfs or erofs as the read-only filesystem
in an OEM overlay disk setup.
When building an image with overlayroot set to true and
activated verity data, the root= parameter must be
set to root=overlay:MAPPER=verityroot instead of the standard
overlay:PARTUUID mapping.
The check_efi_mode_for_disk_overlay_correctly_setup exists because
shim-install does not work on read-only devices. However, shim-install
is a SUSE only tool that runs a SUSE specific secure boot setup.
For other secure boot processes this runtime check is not useful.
As runtime checks aims to be generally useful, this one gets
dropped.
If the root_clone attribute is specified without providing a
fixed size for the system, kiwi estimates the size needed for
the root part and assigns the rest to the clone. This leads to
different partition sizes for the root clones. As per definition
of a clone the expectation is that the size is the same, this
commit changes the behavior such that the calculated size for
the system is applied to the origin root and all its clones.
As a consequence this can leave unpartitioned space free in
the image. This Fixes#2463
Make sure to use the correct passphrase for the master
key such that it can be decrypted with the same credentials
as before. The credentials reset is a subsequent task
after reencryption.
Fixed get_build_type_bootloader_bls behavior in case the bls
attribute is not set. In this case get_bls() returns a None value
which was returned. However in this case the attribute value
should not be taken into account and the method defined default
value for bls should be returned. This Fixes#2542
Using `kiwi-ng` version 10.2.18 (EL9)
Currently with:
```
sudo kiwi-ng system build \
--description kiwi/build-tests/x86/fedora/test-image-docker
--set-repo http://ftp.fau.de/fedora/linux/development/rawhide/Everything/x86_64/os/ \
--target-dir /tmp/myimage1
```
This fails with:
```
[ INFO ]: 09:46:38 | Setting up user root
[ INFO ]: 09:46:38 | --> Modifying user: root
[ INFO ]: 09:46:38 | --> Primary group for user root: root
[ ERROR ]: 09:46:38 | KiwiCommandError: chroot: stderr: /sbin/chroot: failed to run command ‘usermod’: No such file or directory
```
Install the package `shadow-utils` to provide `usermod`.
Copying the modules creates a situation where future updates
applied to a running system can cause GRUB to crash due to mixed
modules and GRUB EFI binaries.
It is not needed anyway since GRUB EFI binaries for Secure Boot have
all modules compiled into the binaries.
Fixes: https://github.com/OSInside/kiwi/issues/2790
These are the Linux distributions that are developed and actively
tested for with the latest kiwi releases.
This should offer greater clarity about what we're able to support
as an upstream project.
The ImageSystem.mount() method implemented its own handling
for mounting the volumes of a volume manager based system.
First and foremost this duplicates code that already exists
in the respective VolumeManager implementation and second
the code behaved wrong in case of btrfs when there is no
default subvolume configured
