Anaconda, Lorax, lorax-composer, and livemedia-creator can all now run
with SELinux in Enforcing mode. It does not need to be disabled and if
there are denials they should be reported as a bug.
Log the current state of SELinux when starting, update the
documentation.
there's 7.2 in Fedora 29 (which we use in Jenkins) and 7.3 in
Rawhide which causes test jobs to fail with unsolved dependencies.
Alternatively we can switch to another recipe for cloud image tests.
otherwise composer-cli is unable to glob() the kickstart
files and we're left without supported compose types. Seen
during AWS testing for example.
Helps with running some of the tests via sudo b/c this is
what Jenkins requires.
If trying to execute test_cli.sh inside a git checkout
we are going to get the following exception:
Traceback (most recent call last):
File "./src/sbin/lorax-composer", line 251, in <module>
repo = open_or_create_repo(server.config["REPO_DIR"])
File "/home/jenkins/lorax/src/pylorax/api/recipes.py", line 306, in open_or_create_repo
gi.repository.GLib.Error: ggit-error: failed to stat '/home/jenkins/lorax/tests/pylorax/blueprints': Permission denied (-1)
Error in atexit._run_exitfuncs:
Traceback (most recent call last):
File "/usr/lib64/python3.7/multiprocessing/popen_fork.py", line 54, in _send_signal
os.kill(self.pid, sig)
From what I can tell open_or_create_repo() is trying to initialize
a git repository inside the blueprints directory which fails when
we have an active git checkout.
This doesn't happen when we run the tests in Travis CI because
rsync excludes .git/ inside the Docker container.
these targets help hooking up things in Jenkins and enable us to
perform build & deploy tests for cloud images.
NOTE: use sudo -E to preserve the environment
Running lorax-composer --no-system-repos will prevent it from copying
the dnf repositories from /etc/yum.repos.d/ into the lorax-composer repo
directory. It will *only* use repositories setup using the sources api
or written to /var/lib/lorax/composer/repos.d/
If lorax-composer has previously been run without this switch the system
repos will need to be removed from the composer/repos.d/ directory. It
would also be a good idea to remove the cached metadata in
/var/tmp/composer/
Resolves: rhbz#1650363
Most bootloaders used in Fedora already have BootLoaderSpec but extlinux
doesn't yet. So when using extlinux the old grubby must to be installed.
Resolves: rhbz#1649778
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
When I re-arranged the test-in-docker I didn't realize how .travis.yml
was extracting the results. This should fix it.
When running with test-in-docker we mount the source read-only on
/linux-ro/ inside the container and copy it over to /lorax/ for running
the tests.
The local directory ./.test-results/ is mounted on /test-results/ in the
container and the .coverage file is copied into there so that it is
available on the host.
To use podman run the tests like this:
DOCKER=podman make test-in-docker
This now builds the welder/lorax-tests image as a separate step from
running the tests.
Running the tests uses the welder/lorax-tests image and mounts the
source directory read-only, copies it into /lorax-test/ and runs the
tests from there.
Make runtime directly into squashfs image. This reduces largely
unreproducible ext4 layer, but requires anaconda's dracut module
modification to properly mount the image.
And in an intermediate version it returns a VectorString object which
isn't serializable by the json or toml modules.
So convert it to a list so that the type is consistent in the sources
code.
Some files are created in non-reproducible way, including including
random data explicitly (/etc/machine-id), timestamps (fontconfig cache,
ldconfig aux-cache, certs cache), or entries in random order (groups,
systemd catalog, package list).
Fix this by either making the files reproducible, or removing them.
By default mkfs.mksdos choose volume id based on current time. If
SOURCE_DATE_EPOCH is set, use that instead.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
The previous method worked, but wasn't exactly idiomatic. This is more
correct, and appears to work the same (templates depsolve, version globs
work, multiple repos work).
Note that this does use a private dnf attribute ._goal, but the word is
that this is going to become a public api soon, so yes it is there on
purpose.
Depending on how lorax-composer is run setting up an empty blueprints
directory can fail. So this moves checking/creation until after the
other directories are created and uses make_owned_dir to make sure
ownership is correct.