From f28c5e3bc15e77ff8f5a652896557e8ec05404b6 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Fri, 7 Jul 2017 16:31:30 -0400 Subject: [PATCH] A stab at the Modular Fedora Docker kickstarts. Signed-off-by: Ralph Bean --- fedora-modular-docker-base-minimal.ks | 70 +++++++++++++++++++++++++ fedora-modular-docker-common.ks | 75 +++++++++++++++++++++++++++ 2 files changed, 145 insertions(+) create mode 100644 fedora-modular-docker-base-minimal.ks create mode 100644 fedora-modular-docker-common.ks diff --git a/fedora-modular-docker-base-minimal.ks b/fedora-modular-docker-base-minimal.ks new file mode 100644 index 0000000..897cecb --- /dev/null +++ b/fedora-modular-docker-base-minimal.ks @@ -0,0 +1,70 @@ +# See docker-base-common.ks for details on how to hack on docker image kickstarts +# This base is a stripped back Fedora image without python3/dnf. +# If you need that use the standard base image. + +%include fedora-modular-docker-common.ks + +%packages --excludedocs --instLangs=en --nocore --excludeWeakdeps +microdnf + +%end + +%post --erroronfail --log=/root/anaconda-post.log +# remove some random help txt files +rm -fv usr/share/gnupg/help*.txt + +# Pruning random things +rm usr/lib/rpm/rpm.daily +rm -rfv usr/lib64/nss/unsupported-tools/ # unsupported + +# Statically linked crap +rm -fv usr/sbin/{glibc_post_upgrade.x86_64,sln} +ln usr/bin/ln usr/sbin/sln + +# Remove some dnf info +rm -rfv /var/lib/dnf + +# don't need icons +rm -rfv /usr/share/icons/* + +#some random not-that-useful binaries +rm -fv /usr/bin/pinky + +# we lose presets by removing /usr/lib/systemd but we do not care +rm -rfv /usr/lib/systemd + +# if you want to change the timezone, bind-mount it from the host or reinstall tzdata +rm -fv /etc/localtime +mv /usr/share/zoneinfo/UTC /etc/localtime +rm -rfv /usr/share/zoneinfo + +# Final pruning +rm -rfv /var/cache/* /var/log/* /tmp/* + +%end + +%post --nochroot --erroronfail --log=/mnt/sysimage/root/anaconda-post-nochroot.log +set -eux + +# https://bugzilla.redhat.com/show_bug.cgi?id=1343138 +# Fix /run/lock breakage since it's not tmpfs in docker +# This unmounts /run (tmpfs) and then recreates the files +# in the /run directory on the root filesystem of the container +# NOTE: run this in nochroot because "umount" does not exist in chroot +umount /mnt/sysimage/run +# The file that specifies the /run/lock tmpfile is +# /usr/lib/tmpfiles.d/legacy.conf, which is part of the systemd +# rpm that isn't included in this image. We'll create the /run/lock +# file here manually with the settings from legacy.conf +# NOTE: chroot to run "install" because it is not in anaconda env +chroot /mnt/sysimage install -d /run/lock -m 0755 -o root -g root + + +# See: https://bugzilla.redhat.com/show_bug.cgi?id=1051816 +# NOTE: run this in nochroot because "find" does not exist in chroot +KEEPLANG=en_US +for dir in locale i18n; do + find /mnt/sysimage/usr/share/${dir} -mindepth 1 -maxdepth 1 -type d -not \( -name "${KEEPLANG}" -o -name POSIX \) -exec rm -rfv {} + +done + +%end diff --git a/fedora-modular-docker-common.ks b/fedora-modular-docker-common.ks new file mode 100644 index 0000000..427ba16 --- /dev/null +++ b/fedora-modular-docker-common.ks @@ -0,0 +1,75 @@ +# This is the common bits between Docker base images based on Modular Fedora. +# +# To keep this image minimal it only installs English language. You need to change +# dnf configuration in order to enable other languages. +# +# ## Hacking on this image ### +# This kickstart is processed using Anaconda-in-ImageFactory (via Koji typically), +# but you can run imagefactory locally too. +# +# To do so, testing local changes, first you'll need a TDL file. I store one here: +# https://pagure.io/fedora-atomic/raw/master/f/fedora-atomic-rawhide.tdl +# +# Then, once you have imagefactory and imagefactory-plugins installed, run: +# +# ksflatten -c fedora-modular-base[-minimal].ks -o fedora-modular-base-test.ks +# imagefactory --debug target_image --template /path/to/fedora-atomic-rawhide.tdl --parameter offline_icicle true --file-parameter install_script $(pwd)/fedora-modular-base-test.ks modular +# + +text # don't use cmdline -- https://github.com/rhinstaller/anaconda/issues/931 +bootloader --disabled +timezone --isUtc --nontp Etc/UTC +rootpw --lock --iscrypted locked +keyboard us +network --bootproto=dhcp --device=link --activate --onboot=on +reboot + +# boot partitions are irrelevant as the final docker image is a tarball +zerombr +clearpart --all +#autopart --noboot --nohome --noswap --nolvm + +%packages --excludedocs --instLangs=en --nocore +fedora-modular-release +bash +coreutils-single +glibc-minimal-langpack +libcrypt +rpm +shadow-utils +sssd-client +util-linux +-kernel +-dosfstools +-e2fsprogs +-fuse-libs +-gnupg2-smime +-libss # used by e2fsprogs +-libusbx +-pinentry +-shared-mime-info +-trousers +-xkeyboard-config + +%end + +%post --erroronfail --log=/root/anaconda-post.log +set -eux + +# Set install langs macro so that new rpms that get installed will +# only install langs that we limit it to. +LANG="en_US" +echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf + +# https://bugzilla.redhat.com/show_bug.cgi?id=1400682 +echo "Import RPM GPG key" +releasever=$(rpm -q --qf '%{version}\n' fedora-modular-release) +rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary + +echo "# fstab intentionally empty for containers" > /etc/fstab + +# Remove machine-id on pre generated images +rm -f /etc/machine-id +touch /etc/machine-id + +%end