containers/bootc
1
0
Fork 0
mirror of https://github.com/containers/bootc.git synced 2026-02-05 15:45:53 +01:00
Code Issues Activity
Files
release-1.13.0
bootc/hack/provision-derived.sh
Colin Walters 27487f1145 build-sys: Avoid propagating local perms into /usr 
The `cp -a lbi/usr/. /usr` command was preserving local directory
permissions which in one case for me have a restrictive mode 0750
which breaks booting.

Switch to `install -D -m 0644` which explicitly sets file modes and
creates parent directories with correct 755 permissions, while also
simplifying the directory structure.

Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
2026-01-12 19:52:34 +01:00

142 lines
4.5 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
set -xeu
# I'm a big fan of nushell for interactive use, and I want to support
# using it in our test suite because it's better than bash. First,
# enable EPEL to get it.
cloudinit=0
case ${1:-} in
cloudinit) cloudinit=1 ;;
"") ;;
*) echo "Unhandled flag: ${1:-}" 1>&2; exit 1 ;;
esac
# Ensure this is pre-created
mkdir -p -m 0700 /var/roothome
mkdir -p ~/.config/nushell
echo '$env.config = { show_banner: false, }' > ~/.config/nushell/config.nu
touch ~/.config/nushell/env.nu
. /usr/lib/os-release
case "${ID}-${VERSION_ID}" in
"centos-9")
dnf config-manager --set-enabled crb
dnf -y install epel-release epel-next-release
dnf -y install nu
;;
"rhel-9."*)
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
dnf -y install nu
;;
"centos-10"|"rhel-10."*)
# nu is not available in CS10
td=$(mktemp -d)
cd $td
curl -kL "https://github.com/nushell/nushell/releases/download/0.103.0/nu-0.103.0-$(uname -m)-unknown-linux-gnu.tar.gz" --output nu.tar.gz
mkdir -p nu && tar zvxf nu.tar.gz --strip-components=1 -C nu
mv nu/nu /usr/bin/nu
rm -rf nu nu.tar.gz
cd -
rm -rf "${td}"
;;
"fedora-"*)
dnf -y install nu
;;
esac
# Extra packages we install
grep -Ev -e '^#' packages.txt | xargs dnf -y install
# Cloud bits
cat <<KARGEOF >> /usr/lib/bootc/kargs.d/20-console.toml
kargs = ["console=ttyS0,115200n8"]
KARGEOF
if test $cloudinit = 1; then
dnf -y install cloud-init
ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants
# Allow root SSH login for testing with bcvk/tmt
mkdir -p /etc/cloud/cloud.cfg.d
cat > /etc/cloud/cloud.cfg.d/80-enable-root.cfg <<'CLOUDEOF'
# Enable root login for testing
disable_root: false
# In image mode, the host root filesystem is mounted at /sysroot, not /
# That is the one we should attempt to resize, not what is mounted at /
growpart:
mode: auto
devices: ["/sysroot"]
resize_rootfs: false
CLOUDEOF
fi
dnf clean all
# Stock extra cleaning of logs and caches in general (mostly dnf)
rm /var/log/* /var/cache /var/lib/{dnf,rpm-state,rhsm} -rf
# And clean root's homedir
rm /var/roothome/.config -rf
cat >/usr/lib/tmpfiles.d/bootc-cloud-init.conf <<'EOF'
d /var/lib/cloud 0755 root root - -
EOF
# Fast track tmpfiles.d content from the base image, xref
# https://gitlab.com/fedora/bootc/base-images/-/merge_requests/92
if test '!' -f /usr/lib/tmpfiles.d/bootc-base-rpmstate.conf; then
cat >/usr/lib/tmpfiles.d/bootc-base-rpmstate.conf <<'EOF'
# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=771713
d /var/lib/rpm-state 0755 - - -
EOF
fi
if ! grep -q -r var/roothome/buildinfo /usr/lib/tmpfiles.d; then
cat > /usr/lib/tmpfiles.d/bootc-contentsets.conf <<'EOF'
# Workaround for https://github.com/konflux-ci/build-tasks-dockerfiles/pull/243
d /var/roothome/buildinfo 0755 - - -
d /var/roothome/buildinfo/content_manifests 0755 - - -
# Note we don't actually try to recreate the content; this just makes the linter ignore it
f /var/roothome/buildinfo/content_manifests/content-sets.json 0644 - - -
EOF
fi
# And add missing sysusers.d entries
if ! grep -q -r sudo /usr/lib/sysusers.d; then
cat >/usr/lib/sysusers.d/bootc-sudo-workaround.conf <<'EOF'
g sudo 16
EOF
fi
# dhcpcd
if rpm -q dhcpcd &>/dev/null; then
if ! grep -q -r dhcpcd /usr/lib/sysusers.d; then
cat >/usr/lib/sysusers.d/bootc-dhcpcd-workaround.conf <<'EOF'
u dhcpcd - 'Minimalistic DHCP client' /var/lib/dhcpcd
EOF
fi
cat >/usr/lib/tmpfiles.d/bootc-dhcpd.conf <<'EOF'
d /var/lib/dhcpcd 0755 root dhcpcd - -
EOF
rm -rf /var/lib/dhcpcd
fi
# dhclient
if test -d /var/lib/dhclient; then
cat >/usr/lib/tmpfiles.d/bootc-dhclient.conf <<'EOF'
d /var/lib/dhclient 0755 root root - -
EOF
rm -rf /var/lib/dhclient
fi
# The following configs are skipped when SKIP_CONFIGS=1, which is used
# for testing bootc install on Fedora CoreOS where these would conflict.
if test -z "${SKIP_CONFIGS:-}"; then
# For test-22-logically-bound-install
install -D -m 0644 -t /usr/share/containers/systemd/ lbi/*
for x in curl.container curl-base.image podman.image; do
ln -s /usr/share/containers/systemd/$x /usr/lib/bootc/bound-images.d/$x
done
# Add some testing kargs into our dev builds
install -D -t /usr/lib/bootc/kargs.d test-kargs/*
# Also copy in some default install configs we use for testing
install -D -t /usr/lib/bootc/install/ install-test-configs/*
else
echo "SKIP_CONFIGS is set, skipping LBIs, test kargs, and install configs"
fi
View Git Blame Copy Permalink