coreos/fedora-coreos-config
1
0
Fork 0
mirror of https://github.com/coreos/fedora-coreos-config.git synced 2026-02-05 09:45:30 +01:00
Code Issues Releases Activity
1,124 Commits 27 Branches 0 Tags
62199ac51ccffddd4ebb0b986f38f21921eeb192
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
CoreOS Bot 62199ac51c tree: import changes from testing-devel at cc6e504e28
2021-07-13 13:59:35 +00:00
.github/workflows
tree: import changes from testing-devel at c4d47315b8
2021-06-15 12:24:28 +00:00
ci
tree: import changes from testing-devel at cc6e504e28
2021-07-13 13:59:35 +00:00
live
live: move kernel/initramfs and rename initramfs
2020-08-07 21:23:31 -04:00
manifests
tree: import changes from testing-devel at cf0e29e14f
2021-05-27 20:17:30 +00:00
overlay.d
tree: import changes from testing-devel at 8b804863c6
2021-07-09 21:27:13 +00:00
tests
tree: import changes from testing-devel at 1c5dffe828
2021-07-10 07:27:38 +00:00
.cci.jenkinsfile
tree: import changes from testing-devel at cf0e29e14f
2021-05-27 20:17:30 +00:00
COPYING
Initial commit
2018-08-20 20:18:53 -04:00
fedora-coreos-pool.repo
repos: move to coreos-pool repo
2019-05-14 10:17:45 -04:00
fedora-next.repo
tree: import changes from testing-devel at f634cb32a4
2021-06-11 03:06:24 +00:00
fedora-rawhide.repo
Add rawhide repo file
2020-12-18 15:15:10 -05:00
fedora.repo
tree: import changes from testing-devel at f634cb32a4
2021-06-11 03:06:24 +00:00
image-base.yaml
tree: import changes from testing-devel at 4e335e4de1
2021-07-01 19:01:01 +00:00
image.yaml
tree: import changes from testing-devel at bf0e7decbe
2021-03-26 14:31:21 +00:00
kola-denylist.yaml
tree: import changes from testing-devel at 76586f014f
2021-07-02 20:16:44 +00:00
LICENSE
Initial commit
2018-08-20 20:18:53 -04:00
manifest.yaml
add in newly split out systemd-resolved package
2021-06-28 16:04:09 -04:00
README.md
tree: import changes from testing-devel at c730db2d15
2021-06-11 14:37:00 +00:00

README.md

Fedora CoreOS Config

Base manifest configuration for Fedora CoreOS.

Use https://github.com/coreos/coreos-assembler to build it.

Discussions in https://discussion.fedoraproject.org/c/server/coreos. Bug tracking and feature requests at https://github.com/coreos/fedora-coreos-tracker.

About this repo

There is one branch for each stream. The default branch is testing-devel, on which all development happens. See the design and tooling docs for more information about streams.

All file changes in testing-devel are propagated to other branches (to bodhi-updates through config-bot, and to testing through usual promotion), with the following exceptions:

  • manifest.yaml: contains the stream "identity", such as the ref, additional commit metadata, and yum input repos.
  • lockfiles (manifest-lock.* files): lockfiles are imported from bodhi-updates to testing-devel. Overrides (manifest-lock.overrides.*) are manually curated.

Layout

We intend for Fedora CoreOS to be used directly for a wide variety of use cases. However, we also want to support "custom" derivatives such as Fedora Silverblue, etc. Hence the configuration in this repository is split up into reusable "layers" and components on the rpm-ostree side.

To derive from this repository, the recommendation is to add it as a git submodule. Then create your own manifest.yaml which does include: fedora-coreos-config/ignition-and-ostree.yaml for example. You will also want to create an overlay.d and symlink in components in this repository's overlay.d.

Overriding packages

By default, all packages for FCOS come from the stable Fedora repos. However, it is sometimes necessary to either hold back some packages, or pull in fixes ahead of Bodhi. To add such overrides, one needs to add the packages to manifest-lock.overrides.yaml (there are also arch-specific variants of these files for the rare occasions the override should only apply to a specific arch).

Note that comments are not preserved in these files. The lockfile supports arbitrary keys under the metadata key to carry information. Some keys are semantically meaningful to humans or other tools.

Fast-tracking

Example:

packages:
  selinux-policy:
    evra: 34.10-1.fc34.noarch
    metadata:
      type: fast-track
      bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f014ca8326
      reason: https://github.com/coreos/fedora-coreos-tracker/issues/850
  selinux-policy-targeted:
    evra: 34.10-1.fc34.noarch
    metadata:
      type: fast-track
      # you don't have to repeat the other keys for related packages

Whenever possible, it is important that the package be submitted as an update to Bodhi so that we don't have to carry the override for a long time.

Fast-tracked packages will automatically be removed by the remove-graduated-overrides GitHub Action in this repo once they reach the stable Fedora repos (or newer versions). They are detected by the type: fast-track key.

Pinning

Example:

packages:
  dracut:
      evr: 053-5.fc34
      metadata:
        type: pin
        reason: https://github.com/coreos/fedora-coreos-tracker/issues/842
  dracut-network:
      evr: 053-5.fc34
      metadata:
        type: pin
        reason: https://github.com/coreos/fedora-coreos-tracker/issues/842

All pinned packages must have a reason key containing more information about why the pin is necessary.

Once an override PR is merged, coreos-koji-tagger will automatically tag overridden packages into the pool.

Adding packages to the OS

Since testing-devel is directly promoted to testing, it must always be in a known state. The way we enforce this is by requiring all packages to have a corresponding entry in the lockfile.

Therefore, to add new packages to the OS, one must also add the corresponding entries in the lockfiles:

  • for packages which should follow Bodhi updates, place them in manifest-lock.$basearch.json
  • for packages which should remain pinned, place them in manifest-lock.overrides.$basearch.yaml

There will be better tooling to come to enable this, though one easy way to do this is for now:

  • add packages to the correct YAML manifest
  • run cosa fetch --update-lockfile
  • commit only the new package entries

Moving to a new major version (N) of Fedora

Create a rebase checklist in fedora-coreos-tracker.

CoreOS CI

Pull requests submitted to this repo are tested by CoreOS CI. You can see the pipeline executed in .cci.jenkinsfile. For more information, including interacting with CI, see the CoreOS CI documentation.

View Git Blame Copy Permalink
Description
Base configuration for Fedora CoreOS
Readme 73 MiB