This adds support for creating Vagrant boxes using virt-install. It also
includes an example kickstart that sets up the vagrant user with the
default ssh key.
The default result, without passing --image-name, is in
/var/tmp/vagrant.tar.xz
Sometimes you don't want to include the selinux xattrs in the tar (eg.
bsdtar has problems extracting them). They are still included by
default, but pass selinux=False to remove '--selinux --acls --xattrs'
from the tar cmdline.
This implements the bundle spec from:
https://github.com/opencontainers/specs
It creates a tar with the filesystem under /rootfs/ and includes user
provided config.json and runtime.json files.
This allows the partition to be mounted on a directory underneath the
temporary directory, eg. /rootfs/, to help support creating other image
types without needed to move the files around.
The etc portion of systemd-tmpfiles creates a broken /etc/resolv.conf,
which breaks networking, and the rest of the stuff in the there is
already installed to the stage2.
The size estimate was counting the /EFI/BOOT/ contents twice and then
doubling that. Only count things once, then double it for the
System/Library/CoreServices/ copy.
hard-links don't work. With CoreServices hardlinked to /EFI/BOOT/ the
Mac won't boot. With /EFI/BOOT/ hardlinked to CoreServices grub2 cannot
read the config file so there are 2 real copies.
This reduces the image size from 21M to about 12M
When running the transaction in a separate process it crashes if you use
a https repo source. There's really no need for threads or processes in
lorax so drop it.
Also switched to using the DNF TransactionProgress API for progress
reporting.
systemd uses /var/lib/systemd/random-seed to add entropy to /dev/urandom
at boot time. During image creation this file is created, and if not
removed everything using the image will be adding the same seed.
This is only additional entropy, NOT a seed in the sense of a starting
point for a PRNG, so it will be mixed with other entropy as the system
runs. It isn't a good idea to use the same value everywhere so make sure
it is removed in %post
Resolves: rhbz#1258986
The system the image boots on will likely not match the host where lorax
was run, and in some cases this can cause systems to hang.
Resolves: rhbz#1258498
fedup is deprecated and abandoned. Let's save time and disk by not
building `upgrade.img` when nothing is going to use it anymore.
For the record, performing upgrades using an initramfs from the new
system turns out to be fragile and hard to support:
* dracut initramfs isn't generic enough to handle booting all systems
(e.g. missing vconsole.conf means you get keymaps wrong, so users
can't unlock encrypted disks)
* The ABI differences between the two versions of plymouth, systemd,
etc. requires nasty workarounds at best and causes nightmarish
systemd crashes at worst
This patch removes all the code that built and installed `upgrade.img`.
For backwards compatibility, the API retains the `doupgrade` keyword
argument, and the `--noupgrade` flag is still accepted.
Some callers expect CalledProcessError.output to have the output, so
pass up the stdout + stderr output.
This means failed runcmd template commands will log to program.log and
lorax.log
We should have as much of the logic of how the CI tests are run in source
control as possible, so that's what this target is for. Besides this, jenkins
just runs a "git clean" first.
We really shouldn't need to run ldconfig on boot from read-only media,
unless someone messed up %post in a package. And the verify step will
catch that.
This reverts commit 3981ff5b79.
systemd-nspawn is some kind of container thing, and cairo-sphinx, as far
as I can tell (go ahead, try to google it) is a cairo debugging tool.
Neither of these are particularly useful on installer media and both use
libraries that are removed during cleanup.
After the cleanup step, check that everything in /usr/bin and /usr/sbin
can still run. Currently, this just checks that ELF files have
everything they need to link, and scripts have an interpreter.
Verifying is on by default but can be skipped with --noverify
In order for selinux to properly label the system it needs to see that
the config file exists.
Also remove the old code trying to copy in a selinux config file, it
never worked -- the removepkg would remove it.
