With the switch to schema v8.x we allow for non compatible
changes in regards to the v7.x stream. Thus this commit also
deletes the support for clicfs from the schema
The grub terminal setup is divided into the setting for the output
and the input console. For both settings different parameters exists.
So far kiwi did not differentiate between the two parts of the
console setup and that could lead to a wrong setting if only one
value is provided in kiwi's console= attribute which lead to the
grub setting, GRUB_TERMINAL=value. If value is set to e.g gfxterm
grub takes this for both input and output and it's obviously
wrong for the input. To make this less error prune the kiwi code
changes with this commit to set GRUB_TERMINAL_INPUT and
GRUB_TERMINAL_OUTPUT rather than GRUB_TERMINAL and also runs sanity
checks on the provided values if they are applicable. The information
for setting up the console in the schema stays untouched though.
That's because it's used for all bootloaders and also because grub
supports multiple values for the console in/out setting in one
GRUB_TERMINAL variable even though kiwi does no longer use it.
To make this clear for the users also the documentation for the
console attribute setup has been updated. If we want to wish two
distinct attributes for input and output console settings a schema
change and also differentiation between bootloaders is needed and
that I only see for the kiwi-10 branch if at all. This Fixes#2419
allow value of GRUB_TERMINAL to be empty. When setting grub_console="none"
this now leads to an empty setting of GRUB_TERMINAL in the /etc/default/grub
system configuration file. This Fixes#2261
By default kiwi runs btrfs set-default on the volume that is
considered the default volume according to the btrfs settings
and defaults. btrfs_set_default_volume="false" allows
to deactivate this action. Along with the change also the
misleading name of the btrfs_create_toplevel_subvolume has
been changed to root_is_subvolume
For the btrfs volume management, allow to put a volume into a specific
parent volume. If not specified the volume is below the default volume
This Fixes#2316
Allow to explicitly select if a toplevel subvolume should
be created or not. To avoid a behavior change, kiwi will
create a toplevel based btrfs structure if this attribute
is not specified. However, a deprecation message to inform
about future behavior change will be printed. This is
related to Issue #2316
This commit adds more flexibility when using LUKS
encrypted images. In addition support for key derivation
on user provided passwords has been added. The following
new attributes were added to the schema:
type.luks_randomize
allow to enable/disable the data randomizing if luks
encryption is used
type.luks_pbkdf
When LUKS unlocks a key slot using a user provided
password, it uses a so-called key derivation function
to derive a symmetric encryption key from the password.
Not all boot loaders support all KDF algorithms, hence
this attribute can be used to select a specific algorithm
bootloader.use_disk_password
When /boot is encrypted, make the boot loader store the
password in its configuration file (in cleartext). This
is useful for full disk encryption images
Signed-off-by: Olaf Kirch <okir@suse.com>
With dnf5 there is a successor for dnf but there will also
be a transition period where there will be both, the former
dnf and the new dnf5 available. For a clear distinction
between the two we got the recommendation from the RedHat
team to support both in different namespaces. This commit
now implements a backward compatible change for kiwi which
includes the following modifications:
* XSL stylesheet for automatic schema transformation from
<packagemanager>dnf</packagemanager> to
<packagemanager>dnf4</packagemanager>
* Code copy of dnf API interface from
PackageManagerDnf -> PackageManagerDnf4
RepositoryDnf -> RepositoryDnf4
* Deprecation of former Dnf API interface
The code change here will force developers to adapt
their code if they used RepositoryDnf / PackageManagerDnf
classes in their python code. After this change developers
will be dropped into a raise condition which exits kiwi
at the time of the call. Related to Issue #2300
and Issue #2262
dnf5 is the next generation of the dnf package manager.
dnf5 is not a drop in replacement to dnf which is the reason
why this commit adds a new interface class for package and
repository management under a new name: dnf5. Beginning with
Fedora >= 39 dnf5 will be the standard. Thus the requirements
on the packaging level were adapted too.
This Fixes#2300
This Fixes#2262
Add new attribute delta_root="true|false" which in combination with
derived_from="OCI-base-image" allows to create a delta root tree
only containing the differences between the OCI-base-image and the
actions taken by the kiwi prepare step. Based on the delta root tree
the subsequent image creation process starts. Such an incomplete
root tree is only useful under certain circumstances which is also
the reason why the feature is only available to the oci and docker
image types.
Allow to specify an optional <bootloadersettings> element
inside of the <bootloader> section. The information is used to
specify custom arguments for the tools called in a bootloader
setup procedure, e.g shim-install, grub-install or grub-mkconfig.
kiwi does not judge on the given parameters and if the provided
data is effectively used depends on the individual bootloader
implementation. In this commit the data will be effectively
handled if bootloader="grub2" is configured. More precisely
the custom additions to support SUSE's TPM model with grub2
can be configured as follows:
<bootloadersettings>
<shimoption name="--suse-enable-tpm"/>
<installoption name="--suse-enable-tpm"/>
<configoption name="--set-trusted-boot"/>
</bootloadersettings>
This Fixes#2224
Add a new attribute integrity_legacy_hmac="true|false" which
allows to use old flawed HMAC calculation (does not protect superblock).
Add a new attribute integrity_legacy_padding="true|false" which
allows to use inefficient legacy padding. Do not use these attributes
until compatibility with a specific old kernel is required!
Characters like spaces or other symbols used in repo alias names
can cause the package manager to fail setting up the repo. Thus
this patch changes the schema to only allow for safe POSIX names
matching: {pattern = "[a-zA-Z0-9_\-\.]+"}. This Fixes#2170
For ISO images (live and install) the EFI boot requires an embedded
FAT image. As of now a fixed size of 20M was used which leads to a
problem if the EFI image or the initrd or the kernel is bigger than
20M. With the new attribute:
efifatimagesize="nonNegativeInteger"
we can now set a different value for the FAT image. Please note the
value must be aligned to the also customizable efipartsize value
which allows to configure the size of the EFI partition
This change was inspired by a change done on Fedora's livecd-tools
from here: livecd-tools/livecd-tools#236. The patch corrects issues
with the setfiles SELinux relabel command. The issues become apparent
when the host and guest policies differ. Thus it becomes required
to explicitly set the policy to decouple from eventual unwanted
host settings.
Allow to specify the group id in the groups list a user
should belong to. The group id can be placed as part of
the group name separated by a colon like in the following
example:
<users>
<user groups="kiwi,admin:42,users" password="..." name="kiwi"/>
</users>
Please note kiwi checks if the provided group already
exists and only creates a group if it is not already present in
the system. As default groups are usually provided by the OS
itself including its preferred group id, you will intentionally
not be able to overwrite group id for existing groups.
This Fixes#2064
When using the apt packagemanager kiwi required the use of
debootstrap to create the initial rootfs. This works as long
as there is always a main distribution repository available
which follows the structure of the official debian mirrors.
However if such a main distribution is not present or an
alternative layout like e.g OBS repos is used, debootstrap
will refuse to work. To allow for an alternative and without
the dependency to debootstrap kiwi supports using a prebuilt
bootstrap package providing the mini rootfs to serve as
the bootstrap result. As all other package managers properly
supports installation into an empty new root, this feature
was only added when using the apt packagemanager
Support creating block level clones of certain partitions
used in the image. Clones can be created from the root, boot
and any partition listed in the <partitions> element.
Allow to protect the opening of the integrity data map and
journal through a keyfile. For setting the key file two new
optional type attributes were added:
* integrity_keyfile
* integrity_metadata_key_description
The key file format must be correct according to the selected
integrity algorithm. As of now the kiwi default hmac-sha256
algorithm is used with the selected keyfile
The optional integrity_metadata_key_description attribute
allows to specify a custom description of an integrity key
as it is expected to be present in the kernel keyring. The
information is placed in the integrity metadata block. If
not specified kiwi creates a key argument string instead
which is based on the given integrity_keyfile filename.
The format of this key argument is:
:BASENAME_OF_integrity_keyfile_WITHOUT_FILE_EXTENSION
Add option to set LUKS type to luks1
So far the LUKS type could be set to luks and luks2. However, what luks
version the value 'luks' evaluates to depends on how the distributor has
packaged luks. Thus it's possible that 'luks' is either luks1 or luks2. To
also have the opportunity to explicitly specify luks1 this commit adds
the opportunity in the schema.
There is support in kiwi to use dm_integrity in combination
with the LUKS header and dm_crypt. However there is also the
use case to setup dm_integrity in standalone mode. This commit
allows to create the dm_integrity layer outside of LUKS using
/etc/integritytab to activate the map through a systemd
generator if systemd is used.
Regarding systemd it's required to use a version of system which
provides: system-generators/systemd-integritysetup-generator.
If this generator does not exist in the distribution it will
also be missing in the dracut generated initrd and the boot
will not be able to succeed. It's mentioned here because even
newer distributions might be missing the generator
Along with the implementation there are two new optional
attributes in the <type> section:
standalone_integrity="true|false"
embed_integrity_metadata="true|false"
standalone_integrity activates/deactivates the dm_integrity map
on top of the root filesystem. Similar to the veritysetup support
there is the opportunity to create an embedded magic metadata
block at the end of the device containing the root
filesystem via embed_integrity_metadata
Since #1759 was merged, the contents of /run/ and /tmp/ are excluded from
built images. This causes problems for some containers, notably Ceph when
deployed in a Rook/k8s environment, which needs to have certain directories
present inside /run/. This commit adds the ability to return to the previous
behaviour and *not* empty those temporary directories, if you specify
<image><preferences><type [...] ensure_empty_tmpdirs="false">.
Fixes: https://github.com/OSInside/kiwi/issues/2093
Signed-off-by: Tim Serong <tserong@suse.com>
Specifies to write a binary block at the end of the
partition serving the root filesystem, containing information
for dm_verity verification and to construct the device map
Added new luksformat element which allows to pass
along options to the luksFormat call. This allows users to
switch between LUKS and LUKS2 via e.g
<luksformat>
<option name="--type" value="luks2"/>
</luksformat>
It also allows to pass along a set of options only available
to LUKS2, e.g
<luksformat>
<option name="--type" value="luks2"/>
<option name="--cipher" value="aes-gcm-random"/>
<option name="--integrity" value="aead"/>
</luksformat>
In addition to the new attribute the existing luks attribute
can also be specified to read credentials from a keyfile by
using the file:// source locator, e.g
<type ... luks="file:///path/to/a/keyfile"/>
This Fixes#1898
So far the verity support was only available with the
overlayroot layout and the read-only squashfs root. This
commit adds a new attribute: verity_blocks="number|all"
which allows to create the verity setup also on the
standard root partition
In addition to the change it was needed to extend the
Filesystem API with an additional optional paramter to
allow setup of the filesystem UUID. Having the opportunity
to set the UUID at filesystem creation is generally useful
and with regards to this particular change it became also
required
Docker containers used to support the attribute `additionaltags` which
was used to provide multiple tags for the same image. Since only tags
were supported this commit renames the attribute to `additionalnames`
and now supports tags and names witht he following syntax:
* '<name>:<tag>' -> adds a full docker image reference including name
and tag
* ':<tag>' -> adds an additional tag while reusing the former name
* '<name>' -> adds an additional name while reusing the former tag
Fixes#2045
Signed-off-by: David Cassany <dcassany@suse.com>
This commit adds the following new type attribute
<type ... dosparttable_extended_layout="true|false"/>
If set it specifies to make use of logical partitions inside
of an extended one. Effective only on type configurations which
uses the msdos table type, it will cause the fourth partition
to be an extended partition and all following partitions will be
placed as logical partitions inside of that extended partition.
This setting is useful if more than 4 partitions needs to be
created in an msdos table.
In addition to the support for extended/logical partitions the
the attributes 'mountpoint' and 'filesystem' in the <partitions>
section becomes optional. This also allows to place partitions
as placeholders not mounted into the system
Setting this attribute to a number or 'all' in an overlayroot
configuration will create a dm verity hash from the number of
given blocks (or all) placed at the end of the squashfs compressed
read-only root filesystem. For later verification of the device,
and without further image description settings, the credentials
information produced by veritysetup from the cryptsetup tools, is
created as a file in /boot/overlayroot.verity and is stored as
such into the image by default.
For the oem type only, allows to specify if the extra read-write
partition in an overlayroot setup should be created or not.
By default the partition is created and the kiwi-overlay dracut
module also expect it to be present. However, the overlayroot
feature can also be used without an initrd and under certain
circumstances it is handy to configure if the partition table
should contain the read-write partition or not.
This allows the user to specify a template file to customize
the bootloader menu. This only applies to oem and iso image
types: other image types use the grub mkconfig toolchain.
This resolves Issue #1970
Co-authored-by: Marcus Schäfer <marcus.schaefer@gmail.com>
The firmware attribute in kiwi is used to indicate for
which boot firmware the image should be build. Specifying
the target firmware is helpful to create for example the
correct disk layout. If no firmware is specified KIWI
decides for a default according to the image architecture.
This selection is not 100% accurate and as we don't know
the later target system. Especially for embedded devices
the correct disk layout and other settings can be
board specific and KIWI's default settings regarding the
firmware could be invalid. For compatibility reasons we
cannot switch off the default selection case and therefore
a new attribute value "custom" is introduced with this
commit. If set KIWI does not select any firmware and
consequently all settings caused by a firmware setup will
be skipped. On the other hand this means all needed
settings for the target to boot and not done by KIWI
needs to be specified explicitly and as needed.
In CentOS Stream 8 and Red Hat Enterprise Linux 8, there are
Application Streams that are offered in the form of modules
(using Fedora Modularity technology). To build images that use
this content KIWI needs to support to enable/disable various
modules. This commit allows to configure collection modules
in a new element as shown below
<packages type="bootstrap">
<collectionModule name="module" stream="stream" enable="true|false"/>
</packages>
This Fixes Issue #1999
Currently the release version is not set or set to '0'
for package managers which requires a value to operate.
However, in order to support leveraging the same description
across different releases it is important to have the
opportunity to specify a setting for the release version.
This commit adds a new optional attribute to the preferences
section which allows to specify a custom value which
serves as the release version:
<preferences>
<release-version>TEXT</release-version>
</preferences>
If not specified the default setting as before applies.
Please note the release version information is currently
used in dnf and microdnf package managers only. It might
happen that it gets applied to the other package manager
backends as well. This will happen on demand though.
Related to Issue #1918. This Fixes#1927
This commit adds a new and optional child element <signing>
to the repository/source element as shown in the following
example:
<repository>
<source path="...">
<signing key="keyfile"/>
</source>
</repository>
The collection of all keyfiles from all repositories will be
added to the keyring as used by the selected package manager.
Signing keys specified on the commandline and signing keys
specified in the image description will be combined.
This Fixes#1883
In addition to the volume volume management settings also
allow to setup low level table entries like in the following
example:
<partitions>
<partition name="var" size="100" mountpoint="/var" filesystem="ext3"/>
</partitions>
Allow to specify a bundle_format per <type> which is used
at the time of the result bundle creation to create image
output names matching the provided pattern.
This Fixes#1943
On the toplevel of an image description you can now
specify include directive(s) like in the following
example
<image ...>
...
<include from="filename_a.xml"/>
...
<include from="filename_b.xml"/>
</image>
At the place of their occurrence the include statement
will be replaced with the contents of the given filename.
The implementation is based on a XSLT stylesheet and
applies very early in the process. The stylesheet reads
the contents of the given file as XML document().
Thus only valid XML documents gets accepted by this
include concept. This Fixes#1929 and is related to
Issue #1918
From the compact form of the schema the RNG schema
is created. The latest changes to support the target_dir
attribute in the <archive> section were added wrong
to the compact form of the schema
repo files allows for several customization options
which could not be set by kiwi through the current
repository schema. As the options used do not follow
any standard and are not compatible between package
managers and distributions the only generic way to
handle this is through a script which is invoked
with the repo file as parameter for each file created
to describe a repo for the selected package manager.
This allows users to update/change the repo file content
on their individual needs. In the kiwi description the
path to the custom script can be specified as follows
<repository ... customize="/path/to/custom_script">
<source path="..."/>
</repository>
This Fixes#1896
The new attribute <volume ... filesystem_check="true|false"/>
allows to change the default value for the fs_passno field in
the generated fstab file. By default kiwi sets "0" in this
field and leaves it up to the user to customize this as
appropriate via script code. Coding changes to the fstab file
via scripts are not very user friendly and with respect that
systemd takes over control and generates checkers depending on
the value of fs_passno it would be good if there is a way to
explicitly specify if checks to the filesystem are wanted or
not. Therefore the new attribute now exists. If set to: true
this results in a value of "2" for the fs_passno field. Please
note the root/boot and efi entries are excluded from this
setup. This Fixes#1728
Auto convert yum to dnf if set as packagemanager. This allows
to delete the yum handling from code parts in kiwi where this
was still present. In addition this fixes the inclusion of yum
into the packagelist. This Fixes#1768
In kiwi we use the name of the section as package name to install this
package manager capability. However on Debian based distros there is
no package named apt-get. There is only a package named apt which
provides a tool named apt-get. To avoid inconsistencies like we had it
in Issue #1735 and to bring this setting in line with all other
packagemanager settings the setting was moved to just apt.
This Fixes#1738
This commit adds the `<installinitrd>` element in kiwi schema to
facilitate the dracut modules configuration for the installation initrds
on OEM images. Within installinitrd element is possible list the dracut
modules to append, to omit or to just set an static list of dracut
modules to include.
Fixes#1676Fixes#1683
