Merge branch 'main' into fix_container_dir

2025-12-25 10:57:55 +01:00 · 2024-03-07 11:24:53 -06:00 · 2024-03-07 11:24:53 -06:00 · e3f6371041
commit e3f6371041
parent b9e35f3311 0b68c00dcf
5 changed files with 37 additions and 14 deletions
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@ -13,7 +13,7 @@ env:
  ARCH: 'x86_64'
  IMAGE_NAME: 'base'
  IMAGE_REPO: 'quay.io/fedora-ostree-desktops'
-  VERSION: '39'
+  IMAGE_TAG: '39'
  VARIANT: 'Server'
  SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
  ENROLLMENT_PASSWORD: 'container-installer'
@ -62,10 +62,15 @@ jobs:
    permissions:
      contents: read
      packages: write
+    strategy:
+      matrix:
+        version:
+          - 38
+          - 39
    steps:
      - name: Set Environment Variables
        run: |
-          echo "ISO_NAME=${{ env.IMAGE_NAME }}-${{ env.VERSION }}" >> $GITHUB_ENV
+          echo "ISO_NAME=${{ env.IMAGE_NAME }}-${{ matrix.VERSION }}" >> $GITHUB_ENV

      - name: Checkout repo
        uses: actions/checkout@v4
@ -91,7 +96,8 @@ jobs:
          arch: ${{ env.ARCH}}
          image_name: ${{ env.IMAGE_NAME}}
          image_repo: ${{ env.IMAGE_REPO}}
-          version: ${{ env.VERSION }}
+          image_tag: ${{ env.IMAGE_TAG }}
+          version: ${{ matrix.version }}
          variant: ${{ env.VARIANT }}
          secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }}
          enrollment_password: ${{ env.ENROLLMENT_PASSWORD }}
@ -117,6 +123,11 @@ jobs:
    permissions:
      contents: read
      packages: write
+    strategy:
+      matrix:
+        version:
+          - 38
+          - 39
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
@ -133,15 +144,15 @@ jobs:
      - name: Download generated ISO
        uses: actions/download-artifact@v4
        with:
-          name: ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso
+          name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
    
      - name: Verify ISO
-        run: checkisomd5 ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso
+        run: checkisomd5 ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso

      - name: Run ISO checks
        run: |
-          mv ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso deploy.iso
-          make test-iso
+          mv ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso deploy.iso
+          make test-iso VERSION=${{ matrix.version }}

      - name: Add Kickstart and Grub options to ISO
        run: |
--- a/5
+++ b/5
@ -10,7 +10,8 @@ WEB_UI = false
 REPOS = /etc/yum.repos.d/fedora.repo /etc/yum.repos.d/fedora-updates.repo
 ENROLLMENT_PASSWORD =
 SECURE_BOOT_KEY_URL =
-ADDITIONAL_TEMPLATES = 
+ADDITIONAL_TEMPLATES =
+EXTRA_BOOT_PARAMS =
 ROOTFS_SIZE = 4
 ISO_NAME = $(IMAGE_NAME)-$(IMAGE_TAG)

@ -153,6 +154,8 @@ container/$(IMAGE_NAME)-$(IMAGE_TAG):

 # Step 5: Generate xorriso script
 xorriso/%.sh: xorriso/%.sh.in
+	sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' results/boot/grub2/grub.cfg
+	sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' results/EFI/BOOT/grub.cfg
 	$(eval _VARS = IMAGE_NAME IMAGE_TAG ARCH VERSION)
 	$(foreach var,$(_VARS),$(var)=$($(var))) envsubst '$(foreach var,$(_VARS),$$$(var))' < $(_BASE_DIR)/xorriso/$*.sh.in > $(_BASE_DIR)/xorriso/$*.sh 

--- a/external/fedora-lorax-templates
+++ b/external/fedora-lorax-templates
@ -0,0 +1 @@
+Subproject commit cc1155372046baa58f9d2cc27a9e5473bf05a3fb
--- a/lorax_templates/scripts/post/configure_upgrades
+++ b/lorax_templates/scripts/post/configure_upgrades
@ -1,7 +1,7 @@
 <%page args="image_repo, _image_repo_double_escaped, image_name, image_tag"/>
 if (which bootc &> /dev/null)
 then
-  bootc switch ${image_repo}/${image_name}:${image_tag}
+  bootc switch --mutate-in-place --enforce-container-sigpolicy --transport registry ${image_repo}/${image_name}:${image_tag}
 else
  sed -i 's/container-image-reference=.*/container-image-reference=ostree-image-signed:docker:\/\/${_image_repo_double_escaped}\/${image_name}:${image_tag}/' /ostree/deploy/default/deploy/*.origin
 fi
--- a/xorriso/gen_input.sh.in
+++ b/xorriso/gen_input.sh.in
@ -5,14 +5,22 @@ echo "-outdev $(pwd)/build/deploy.iso"
 echo "-boot_image any replay"
 echo "-joliet on"
 echo "-compliance joliet_long_names"
-if [ -f $(pwd)/sb_pubkey.der ]; then
+echo "-map $(pwd)/results/boot/grub2/grub.cfg boot/grub2/grub.cfg"
+echo "-chmod 0444 boot/grub2/grub.cfg"
+echo "-map $(pwd)/results/EFI/BOOT/grub.cfg EFI/BOOT/grub.cfg"
+echo "-chmod 0444 EFI/BOOT/grub.cfg"
+
+if [ -f $(pwd)/sb_pubkey.der ]
+then
 	echo "-map $(pwd)/sb_pubkey.der sb_pubkey.der"
 	echo "-chmod 0444 /sb_pubkey.der"
 fi
-pushd container >/dev/null
-for file in $(find ${IMAGE_NAME}-${IMAGE_TAG}); do
-	echo "-map $(pwd)/${file} ${file}"
-	echo "-chmod 0444 ${file}"
+
+pushd container > /dev/null
+for file in $(find ${IMAGE_NAME}-${IMAGE_TAG})
+do
+    echo "-map $(pwd)/${file} ${file}"
+    echo "-chmod 0444 ${file}"
 done
 popd > /dev/null
 echo "-end"
				`@ -0,0 +1 @@`
				`Subproject commit cc1155372046baa58f9d2cc27a9e5473bf05a3fb`