From Adam Williamson:
The Python Classroom spin images no longer build in recent Rawhide,
because of a dnf behaviour change that exposes dependency issues as
failures rather than hiding them by silently excluding packages. (This
change will likely get into F29 soon too).
The issue is this. fedora-live-python-classroom.ks includes
fedora-live-minimization.ks , which does this:
-sane-backends
but it also includes fedora-live-workstation.ks, which includes fedora-
workstation-common.ks, which does this:
@gnome-desktop
...and @gnome-desktop includes sane-backends-drivers-scanners and
libsane-hpaio, which both require sane-backends.
Until recently dnf was simply silently excluding sane-backends-drivers-
scanners and libsane-hpaio from the image, to 'resolve' this. Now it
fails on the problem, and we get to make a choice.
You basically have three options:
1. Just drop fedora-live-minimization.ks from fedora-live-python-
classroom.ks . It's pretty old and random at this point. It's basically
trying to drop printing and scanning stuff to save a bit of space. Do
you actually want printing and scanning not to work on your image?
2. Keep fedora-live-minimization.ks but explicitly add back `sane-
backends` to %packages in fedora-live-python-classroom.ks . This would
override the exclusion and fix the dep issue, and include the scanning
bits in the image.
3. Keep fedora-live-minimization.ks and add excludes for sane-backends-
drivers-scanners and libsane-hpaio to fedora-live-python-classroom.ks .
This would lose scanning support, and save a bit of space.
I went with option 1.
For livemedia-creator builds, inject install code into the lorax
template live/x86.tmpl that copies the script livecd-iso-to-disk
into the .iso filesystem at /LiveOS when livecd-tools is present in
the install image. This fixes commit 1fd9547, which failed in this.
In the vagrant kickstarts we had something like
%include fedora-atomic-vagrant.ks
%include fedora-atomic-updates.ks
but both fedora-atomic-updates.ks and fedora-atomic-vagrant.ks
included fedora-atomic.ks which means we got duplicate things
in the flattened ks and we get errors. This splits it out a bit
farther so we don't get duplicates.
Inject install code in lorax template live/x86.tmpl for livemedia-
creator builds.
Also, remove wrong path for dracut;
give glib-compile-schemas the schemas directory;
update maintainers.
live-minimization is kinda old, and dates from the time we were
trying to fit in CD size. No-one cares much about that any more.
One of these exclusions (sane-backends) was contradictory for
Cinnamon lives and broke the compose since the recent dnf change
to fail compose on dependency issues (because the cinnamon comps
group explicitly includes sane-backends-drivers-scanners, but
this exclusion excludes one of its deps). To resolve that,
@grinnz is fine with just dropping the use of live-minimization
from the cinnamon images entirely, so this does that.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
All these packages used to be explicitly default or mandatory
in comps groups that were on live images, but no longer are.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
foomatic requires colord. Before dnf-3.5.1-2.fc30, this meant
foomatic was being silently excluded from MATE images. Now it
means they fail to compose. Let's drop the exclusion so the
images compose again. If the MATE maintainers want to reduce
size, they will have to explicitly exclude foomatic (and be OK
with doing so, as it probably breaks printing).
Signed-off-by: Adam Williamson <awilliam@redhat.com>
These are aiming to leave some weak dependencies out of minimal
images, it seems. From @core, gnutls recommends trousers which
requires trousers-lib, and iproute recommends iproute-tc.
However, both are *hard* dependencies of things that include
fedora-disk-base.ks. fedora-disk-workstation.ks includes
fedora-disk.base.ks and fedora-workstation-common.ks, so it
installs the Workstation package set, from which gnome-boxes
ultimately requires iproute-tc and NetworkManager-openconnect
ultimately requires trousers-lib.
Prior to the change I recently got merged into DNF, DNF would
silently drop gnome-boxes and NetworkManager-openconnect from
the Workstation disk image because of this. With the change, it
errors out on creation of the image.
To make the image compose again and actually include the right
packages, let's move the exclusions to fedora-minimal-common.ks,
where they make more sense anyway. This does mean the packages
will be pulled into other non-minimal images even if they're
not strictly required there, but that doesn't seem like a big
problem.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Changes so we hangle the firmware more simply and in the same manner
across ARMv7 and aarch64. Enabling for UEFI on ARMv7 too.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
These groups were added to the server environment group in comps
but the change was not mirrored here, so the ARM server disk
image is still missing wifi support etc.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
These groups were added to the server environment group in comps
but the change was not mirrored here, so the ARM server disk
image is still missing wifi support etc.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Use the anaconda-install-env-deps metapackage to pull in the
Anaconda dependencies needed in the installation environment.
The anaconda-install-env-deps metapackage lists all install time
dependencies and makes it possible for packages such as
Initial Setup to depend on Anaconda without pulling all
the (mainly storage related) install time dependencies
to the installed system.
The same is applicable for dirinstall which also does
not require the install time dependencies as it is just
installing to a local folder.
This also fixes rhbz#1561047 as anaconda-install-env-deps
package has a Requires on udisks2-iscsi.
It's confusing to have it be underneath Server, when in actuality
we really want at least the people using containers to have it
by default. So let's enable it by default there.
gnome-software session service automatically downloads yum metadata,
which all goes to the RAM-backed filesystem overlay when running the
live image. This is undesired as it can make it difficult to install
Workstation on low memory devices.
To fix this, this commit disables gnome-software xdg autostart service
and the gnome-shell search provider on the live media.
https://bugzilla.redhat.com/show_bug.cgi?id=1560504
in turn makes a ifcfg-en<something> file with this config. We don't
want to use this, we want to always use ifcfg-eth0 so it's the same
on all images. So, we remove ifcfg-en* (They are different on each
arch we make cloud images for, but en* gets them all).
Additionally we were using some old udev tricks to get eth0, but this
is error prone and already incorrect as systemd-udev has moved files
around, so instead we just switch to net.ifnames=0 on the boot line,
which should continue working.
Grabbing coredumps on live systems is not a good idea. Either there is
no persistent storage, or it will be really slow and also small. So
disable abrtd and stop it in the same way as other services.
glibc bumped in size. See [1]
fedora-arm-kde.ks
DEBUG util.py:439: At least 30MB more space needed on the / filesystem.
fedora-arm-python-classroom.ks
DEBUG util.py:439: At least 41MB more space needed on the / filesystem.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1551073
Signed-off-by: Dusty Mabe <dusty@dustymabe.com>
This is needed in the astronomy spin when trying to install the
plasma-desktop. This is the error that is seen without it:
```
- package plasma-applet-redshift-control-1.0.18-4.fc28.noarch requires plasma-desktop, but none of the providers can be installed
- nothing provides libibus-1.0.so.5 needed by plasma-desktop-5.12.2-1.fc29.i686
- nothing provides libibus-1.0.so.5()(64bit) needed by plasma-desktop-5.12.2-1.fc29.x86_64
```
Signed-off-by: Dusty Mabe <dusty@dustymabe.com>
ksvalidate complains that "bootloader extlinux" is invalid
ksflatten changes the bootloader option to
"bootloader --location=mbr" we get working configuration using
the updated option so setting the default to it. The Jenkins
job on pagure is failing due to invalide syntax
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
koji task 25278678 Fedora-Python-Classroom-armhfp
DEBUG util.py:439: At least 52MB more space needed on the / filesystem.
koji task: 25278682 Spins armhfp KDE
DEBUG util.py:439: At least 104MB more space needed on the / filesystem.
Signed-off-by: Dusty Mabe <dusty@dustymabe.com>
All of these images are failing because more disk space is needed
to install the required rpms. This PR bumps the sizes so that they
should succeed. See [1].
Here are the current failures in rawhide:
koji task: 25182851 Workstation armhfp live image
DEBUG util.py:439: At least 93MB more space needed on the / filesystem.
koji task: 25182858 Spins armhfp LXDE
DEBUG util.py:439: At least 926MB more space needed on the / filesystem.
koji task: 25182869 Spins armhfp Mate
DEBUG util.py:439: At least 121MB more space needed on the / filesystem.
koji task: 25182901 Spins armhfp LXQt
DEBUG util.py:439: At least 180MB more space needed on the / filesystem.
koji task: 25182854 Spins armhfp KDE
DEBUG util.py:439: At least 294MB more space needed on the / filesystem.
[1] https://pagure.io/dusty/failed-composes/issue/9#comment-495037
Signed-off-by: Dusty Mabe <dusty@dustymabe.com>
When trying to build python classroom for armhfp we end up
in quite a dependency hell. Hunspell was the first issue
(fixed in the previous commit). Then there was all of this:
```
Problem 1: conflicting requests
- nothing provides libedataserver-1.2.so.23()(64bit) needed by gnome-shell-3.27.1-5.fc28.x86_64
Problem 2: conflicting requests
- nothing provides dleyna-renderer needed by gnome-photos-3.27.90-1.fc28.x86_64
Problem 3: conflicting requests
- nothing provides gnome-user-docs needed by gnome-getting-started-docs-3.26.2-2.fc28.noarch
Problem 4: package NetworkManager-openconnect-gnome-1.2.4-9.fc28.x86_64 requires libopenconnect.so.5()(64bit), but none of the providers can be installed
- conflicting requests
- nothing provides libtspi.so.1()(64bit) needed by openconnect-7.08-5.fc28.x86_64
Problem 5: package gnome-initial-setup-3.27.90-2.fc28.x86_64 requires gdm, but none of the providers can be installed
- package gdm-1:3.27.4-4.fc28.i686 requires gnome-shell, but none of the providers can be installed
- package gdm-1:3.27.4-4.fc28.x86_64 requires gnome-shell, but none of the providers can be installed
- conflicting requests
- nothing provides libedataserver-1.2.so.23()(64bit) needed by gnome-shell-3.27.1-5.fc28.x86_64
Problem 6: package gnome-shell-extension-window-list-3.27.1-3.fc28.noarch requires gnome-shell-extension-common = 3.27.1-3.fc28, but none of the providers can be installed
- package gnome-classic-session-3.27.1-3.fc28.noarch requires gnome-shell-extension-window-list = 3.27.1-3.fc28, but none of the providers can be installed
- package gnome-shell-extension-common-3.27.1-3.fc28.noarch requires gnome-shell >= 3.27.1, but none of the providers can be installed
- conflicting requests
- nothing provides libedataserver-1.2.so.23()(64bit) needed by gnome-shell-3.27.1-5.fc28.x86_64
Problem 7: conflicting requests
- package gdm-1:3.27.4-4.fc28.i686 requires gnome-shell, but none of the providers can be installed
- package gdm-1:3.27.4-4.fc28.x86_64 requires gnome-shell, but none of the providers can be installed
- nothing provides libedataserver-1.2.so.23()(64bit) needed by gnome-shell-3.27.1-5.fc28.x86_64
```
Note: I used an x86_64 machine to do the dependency debugging.
So here is what I decided to do:
- remove `-evolution*` (evolution-data-server provides libedataserver-1.2.so.23()(64bit))
- remove `-trousers-lib` (trousers-lib provides libtspi.so.1()(64bit))
- add `-gnome-photos` since a lot of other gnome apps were excluded
- add `-gnome-getting-started-docs` since gnome-user-docs was excluded
Signed-off-by: Dusty Mabe <dusty@dustymabe.com>
Needed by a few different things. For example to build the security live
image you run into these problems if you exclude wget:
Problem 1: conflicting requests
- nothing provides /usr/bin/wget needed by openvas-scanner-5.1.1-4.fc27.x86_64
Problem 2: package wireshark-gtk-1:2.4.4-2.fc28.x86_64 requires wireshark-cli = 1:2.4.4-2.fc28, but none of the providers can be installed
- package wireshark-cli-1:2.4.4-2.fc28.i686 requires libsmi.so.2, but none of the providers can be installed
- package wireshark-cli-1:2.4.4-2.fc28.x86_64 requires libsmi.so.2()(64bit), but none of the providers can be installed
- conflicting requests
- nothing provides wget needed by libsmi-0.4.8-21.fc28.i686
- nothing provides wget needed by libsmi-0.4.8-21.fc28.x86_64
Problem 3: package wireshark-1:2.4.4-2.fc28.x86_64 requires wireshark-cli = 1:2.4.4-2.fc28, but none of the providers can be installed
- package wireshark-cli-1:2.4.4-2.fc28.i686 requires libsmi.so.2, but none of the providers can be installed
- package wireshark-cli-1:2.4.4-2.fc28.x86_64 requires libsmi.so.2()(64bit), but none of the providers can be installed
- conflicting requests
- nothing provides wget needed by libsmi-0.4.8-21.fc28.i686
- nothing provides wget needed by libsmi-0.4.8-21.fc28.x86_64
Signed-off-by: Dusty Mabe <dusty@dustymabe.com>
Needed by anaconda. See [1].
```
- package anaconda-28.22-1.fc28.x86_64 requires anaconda-core = 28.22-1.fc28, but none of the providers can be installed
- nothing provides realmd needed by anaconda-core-28.22-1.fc28.x86_64.
```
[1] https://pagure.io/dusty/failed-composes/issue/9#comment-495037
Signed-off-by: Dusty Mabe <dusty@dustymabe.com>
This exclusion has never actually worked. Look at a successful
F27 container-minimal build:
https://koji.fedoraproject.org/koji/taskinfo?taskID=25064051
If you check one of the tasks and look at the oz log, it shows
that libusbx is actually installed.
This is because both dnf and microdnf require libdnf, which
requires librepo, which requires gpgme, which requires gnupg2,
which requires libusb.
In Fedora 27, anaconda/dnf handle this by ignoring the attempt
to exclude libusbx and just installing it anyway.
In Rawhide, however, anaconda/dnf behaviour is different. I
don't know when it changed, but now anaconda/dnf honor the
kickstart and exclude libusbx from the install transaction...
which means the image build just fails, because the deps for
dnf/microdnf cannot be satisfied. So we should just ditch the
exclusion, it's bogus. See a failed Rawhide build attempt:
https://koji.fedoraproject.org/koji/taskinfo?taskID=25077542
Signed-off-by: Adam Williamson <awilliam@redhat.com>
In cloud Images we do this becaue it's generally accepted that
in a cloud environment there are higher level firewall constructs
(i.e. security groups).
The arch-specific sub-packages that provide grub2-efi on each
arch are listed in @anaconda-tools comps group anyway (so this
is redundant), and requiring it by name in a kickstart causes
i686 live image composes to fail because it is no longer built
for i686.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
because Xfce spin is release blocking for arm, and firefox currently
does not build on arm so is excluding it until a fix is landed.
See https://bugzilla.redhat.com/show_bug.cgi?id=1523912
This should be reverted as soon as the above bug is fixed.
When building Fedora Server base images (such as when building F27
Modular Server), the --noboot option results in the container image
attempting to mount /boot with XFS like the rest of the system.
This results in the image-creation failing.
Since the partitions don't matter in the end (the files are tarred
up and shipped that way), we'll skip this optimization.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
This bit was cargo culted from the old school Fedora Cloud image, but we have
also been using `net.ifnames=0` on the kernel command line, which ensures that
we get `eth0` as "the" NIC name. (There's a huge amount of history behind
this and I'm not trying to change that behavior here)
The problem is that those udev rules do *other* things that we do want, such as
ensure that `veth` devices get `NM_CONTROLLED=no`. Without that e.g.
NetworkManager might try to do DHCP on those devices, which is at best slow
since they appear and disappear frequently, and at worst risks the host network
configuration.
For more information, see [RH bz#1503347](https://bugzilla.redhat.com/show_bug.cgi?id=1503347)
Signed-off-by: Colin Walters <walters@verbum.org>
We don't include firstboot in AH, we use cloud-init, so nothing
is ever going to parse this. Drop it, since it shows up as a delta
in `ostree admin config-diff`, and further we want to reduce the
amount of stuff in this ks.
Signed-off-by: Colin Walters <walters@verbum.org>
The `setup` package has this same content, let's not duplicate it. The only
difference between them today is trailing whitespace in our version.
Just trying to reduce the amount of stuff we do here to avoid deltas with bare
metal installs, containers, etc.
Signed-off-by: Colin Walters <walters@verbum.org>
Version 25 of livecd-tools has new tools to help in rebuilding LiveOS images. For example,
* editliveos permits overlay merging and image refreshing,
* editliveos allows overlay and home file system resizing and format changes
* livecd-iso-to-disk allows multi image installation on a single USB disk device
* livecd-iso-to-disk allows sourcing and writing to the same disk device.
Having the livecd-iso-to-disk installer onboard the .iso makes installation of a persistent overlay easier. (Persistent overlays are the standard for SoaS image in a pocket deployment.)
The new tools also work with OverlayFS overlays.
While booting Atomic cloudImage, we want to see kernel messages
on both VGA and serial console. It works fine with
tty1(vga console) and ttyS0(serial console) on x86_64 arch.
But, aarch64 and ppc64le doesn't use ttyS0 as serial console.
Instead, they use ttyAMA0(aarch64) and hvc0 (ppc64le).
Also, good point is that if a serial console specified in kernel
boot parameter is not supported on a given hardware platform, it
gets ignored. For example: console=ttyAMA0 and console=hvc0 will
get ignored on x86_64
Fixes: https://pagure.io/atomic-wg/issue/347
Signed-off-by: Sinny Kumari <sinny@redhat.com>
See https://pagure.io/atomic-wg/issue/281
This causes us to match the productimg setup. At some point hopefully we can use
`autopart` and not duplicate it.
The installs don't quite hit on the default base image size so
increase it for both spins so they will build.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
So make is needed by openssl and compat-openssl10 which is turn is needed
by key things such as qt5-qtbase, mariadb and other core things that are
explictly needed in the KDE spin. I have no idea why the ARM images fail
and the live media does not because all arches have this dep.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
So MATE removes PackageKit and then tried to add PackageKit-command-not-found
which is contradictary and will fail to install so drop the later so things
will at least compose.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
There's a number of dependencies that are being excluded but are needed by core
MATE components so the arm images fail because of this. Also fix the mp3 support
package as that's now in gstreamer1-plugins-ugly-free
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
These files are stored and used from the fedora-lorax-templates [1]
repo. They haven't been used/updated from this location in a long time.
[1] https://pagure.io/fedora-lorax-templates
The comments in release process should not render as headers. This will
make it a code block instead.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
Taking the first step towards enabling gpg verification for our
users we'll make it so that the media they download will verify
gpg signatures of commits by default.
The next step is to enable gpg verification during install as well
but there is a race condition where the commit that was just created
might not yet be signed. See [1] for more details.
[1] https://pagure.io/pungi/issue/650
a59dfe5 caused us a few problems:
- sed was breaking the symlink on atomic systems
- /boot/grub2/grub.cfg is not the right file on a UEFI system
- etc..
We'll solve this problem a different way by just not installing
plymouth in our systems, which is another way [1] to make sure
rhgb/quiet don't appear on your kernel command line.
[1] ee91db6fa3/pyanaconda/payload/__init__.py (L722-L726)
We are seeing an error on aarch64 cloud image creation because
of the vfat filesystem and the fixfiles command failing:
+ /usr/sbin/fixfiles -R -a restore
/sbin/restorecon: Could not set context for /boot/efi/EFI/fedora/fonts/unicode.pf2: Operation not supported
/sbin/restorecon: Could not set context for /boot/efi/EFI/fedora/gcdaa64.efi: Operation not supported
/sbin/restorecon: Could not set context for /boot/efi/EFI/fedora/grub.cfg: Operation not supported
/sbin/restorecon: Could not set context for /boot/efi/EFI/fedora/grubaa64.efi: Operation not supported
/sbin/restorecon: Could not set context for /boot/efi/EFI/fedora/grubenv: Operation not supported
/sbin/restorecon: Could not set context for /boot/efi/EFI/BOOT/BOOTAA64.EFI: Operation not supported
/sbin/restorecon: Could not set context for /boot/efi/EFI/BOOT/fallback.efi: Operation not supported
/sbin/restorecon: Could not set context for /boot/efi/EFI/fedora/BOOT.CSV: Operation not supported
/sbin/restorecon: Could not set context for /boot/efi/EFI/fedora/MokManager.efi: Operation not supported
/sbin/restorecon: Could not set context for /boot/efi/EFI/fedora/shim-fedora.efi: Operation not supported
/sbin/restorecon: Could not set context for /boot/efi/EFI/fedora/shim.efi: Operation not supported
Ignore the return code of the systemd-tmpfiles command because
at this point we have already removed the /etc/machine-id (8f3beac)
and all tmpfiles lines with %m in them will fail and cause a bad
return code. Example failure:
[/usr/lib/tmpfiles.d/systemd.conf:26] Failed to replace specifiers: /run/log/journal/%m
In 96a6711 we added re-running systemd-tmpfiles to add files to /run
on the root fs of the container. Here we'll limit where systemd-tmpfiles
puts files by passing it --prefix /var and --prefix /var/run/
similar change was done for docker/cloud in f6ecdc3
cmdline makes it so that %post --erroronfail won't actually stop the
installation in a way that imagefactory will detect the problem and
fail the build. See [1] for more details.
[1] https://github.com/rhinstaller/anaconda/issues/931
Update the trac link to point to the pagure issue. Also
we don't actually want to enable legacy network service.
This was also reverted for f25 in 6f3661e.
* removes the extra ens3 ifcfg that seems to be added
by dracut at some point (cloud base did this in their
ks a year ago in c509863)
* adds net.ifnames=0 to the bootloader line, because
that seems to be necessary to actually disable consistent
device naming
* enables the network service
see https://pagure.io/atomic-wg/issue/174
(cherry picked from commit 5d987e82b3)
kdegames was retired, so ditch all references to it. This is
breaking KDE live image compose on Rawhide.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This is a generic disk image that should be usable on any architecture with
imagefactory or live-media-creator (possibly with package tweaks).
Minor tweaks to the autopart across Minimal/Workstation for Server defaults.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
This is a generic disk image that should be usable on any architecture with
imagefactory or live-media-creator (possibly with package tweaks).
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
This is a generic disk image that should be usable on any architecture with
imagefactory or live-media-creator (possibly with package tweaks). It creates a
minimal-common.ks to share as much as possible with the ARMv7 specific
fedora-arm-minimal.ks
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
Anaconda is writing an /etc/resolv.conf from the install environment.
The system should start out with an empty file, otherwise cloud-init
will try to use this information and may error:
https://bugs.launchpad.net/cloud-init/+bug/1670052
With moving to grub2 we now need to remove the extlinux bits from the
other cloud images. They were missed in the move
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
Filesytem tools, TPM tools, libusb and friends aren't of much use in
a docker container so remove them.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
There's a lot of similarities between base and base-minimal so
introduce a docker-common.ks to ensure as much as possible is shared
between the two ensure as much shared as possible.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
anaconda apparently fails now if the scriptlet fails which happens
on 32 bit arm:
Error
There was an error running the kickstart script at line 28. This is a fatal
error and installation will be aborted. The details of this error are:
+ LANG=en_US
+ echo '%_install_langs en_US'
+ echo 'Import RPM GPG key'
Import RPM GPG key
++ rpm -q --qf '%{version}\n' fedora-release
+ releasever=27
++ uname -i
+ basearch=armv7l
+ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-27-armv7l
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-27-armv7l: import read failed(2).
Press ENTER to exit: systemd-localed.service: Got notification message from PID 2286 (STOPPING=1)
as all the rpms in f27 are signed by the sole key lets just import that
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
anaconda apparently fails now if the scriptlet fails which happens
on 32 bit arm:
Error
There was an error running the kickstart script at line 28. This is a fatal
error and installation will be aborted. The details of this error are:
+ LANG=en_US
+ echo '%_install_langs en_US'
+ echo 'Import RPM GPG key'
Import RPM GPG key
++ rpm -q --qf '%{version}\n' fedora-release
+ releasever=27
++ uname -i
+ basearch=armv7l
+ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-27-armv7l
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-27-armv7l: import read failed(2).
Press ENTER to exit: systemd-localed.service: Got notification message from PID 2286 (STOPPING=1)
as all the rpms in f27 are signed by the sole key lets just import that
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
all workstation based spins are failing due to packagekit causing gpg-agent
spawning and keeping /dev/null open inside the compose environemnet.
36389 ? Ss 0:00 gpg-agent --homedir /tmp/tmp.XJ49JiQYpU/var/cache/PackageKit/26/metadata/updates-testing.tmp/gpgdir --use-standard-socket --daemon
36417 ? Ss 0:00 gpg-agent --homedir /tmp/tmp.XJ49JiQYpU/var/cache/PackageKit/26/metadata/updates.tmp/gpgdir --use-standard-socket --daemon
we end up with process like above running. this only hit us as the urls
pointed to stopped giving 404 errors
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
The old means of enabling the graphical service is obsolete so remove it.
It's now detected by explicitly enabling graphical.target so do this by default
for all graphical UXes
We drop the explicit grub2 as aarch64 only has grub2-efi but anaconda will
sort that out and ensure all the right bits are installed during the install
so we should get the right grub2 bootloader options for each arch OOTB.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
Add the EFI partition in so anaconda doesn't lose it. Ulimately doesn't affect
docker image size as boot and friends are discarded as part of the process.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
Add the EFI partition in so anaconda doesn't lose it. Ulimately doesn't affect
docker image size as boot and friends are discarded as part of the process.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
The main reason for cloud to use extlinux is the size of deps being
pulled in by grub2-tools. This will be fixed in F-26 with the ability
to use grub2/grub2-efi without the tools package and it's deps fixing
this issue for good. There will no doubt need to be be some tweaking
required here.
We need grub2 in cloud images for non x86 as well as for the increasing
x86 cloud platforms that require the support of uEFI which extlinux
doesn't support.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
cmdline makes it so that %post --erroronfail won't actually stop the
installation in a way that imagefactory will detect the problem and
fail the build. See [1] for more details.
[1] https://github.com/rhinstaller/anaconda/issues/931
The new DNF based appliance build is stricter about additions and exclusions
in the %packages section, so things that expressly conflict will fail the
build.
The DNF-based appliance-tools build of the ARM image complains
that it is short by 54MB, so we're increasing by a bit more than that
to give some wiggle room for the future.
I'm trying to keep things in sync - this mostly ensures the root
password is unlocked, and drops the `services` line that is useless
because that's not how kickstart inheritance works.
for rhbz#1392468 I was told that what we had should never have worked.
A bug in anaconda was fixed causing the need for the user or root
spokes to have to be dealt with. locking the root account should
satisfy everything.
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
So is seems that if you remove the machine-id file it won't regenerate the file
but if you touch the file and leave it empty on boot it'll put a new machine-id
in the empty file. So work around this bug ("feature"?) by touching the file
so we don't have other issues in the process.
We're track the outcome of this in RHBZ 1379800
images without any change to the process (except they have a small 30Mb
partition at the begining of the image) but all exisiting documented
processe work for image writing. The RPi is auto configured and a pure
dd to the card, plug and boot.
it's no longer pulled in by cloud-init (since 2014...). None
of these kickstarts has it in %packages, and it's not in any
of the cloud environment or package groups in comps either. So
it seems like no-one particularly wants rsyslog in the cloud
images.
From compose logs, it looks like trying to enable a non-existent
service in anaconda in Fedora 24 and earlier wasn't a fatal
error (anaconda more or less logged a warning and continued),
but in Fedora 25 and later it does seem to be fatal. It at least
causes one anaconda thread to crash, though the image compose
completes. I think possibly at least the way anaconda's run
in the Cloud compose process, the main thread manages to exit,
but it seems pretty likely the thread crash will result in
problems in the produced image.
Needed on master and f25.
Due to #1369794 , anaconda cannot currently manipulate sysv
services in F25+. So to work around this, take 'network' out of
the services lines in all kickstarts and instead manipulate
it in the %post section, with chkconfig.
Also remove rsyslog from the Atomic image services line because
it doesn't appear to be included in the OStree tree at present
and so attempting to enable the service breaks Atomic image
compose, see e.g.:
https://kojipkgs.fedoraproject.org//work/tasks/9022/15349022/oz-x86_64.log
also correct the name of the ssh service in fedora-arm-base.ks;
it's sshd not ssh.
With e2fsprogs after 1.43 the 64bit and metadata_csum features are
enabled by default. These features are not currently supported in
u-boot and the 64bit feature introduces changes such that it cannot
be read by implementations that do not support it. U-Boot does not
support the functionality and hence now won't mount it just in case
it corrupts the filesystem, which is a reasonable response, this how
ever stops us from booting when we have a ext4 /boot file system
which means basically we end up with a pot plant. Go back to using
ext3 for the time being as the mkfs.ext3 option doesn't enable these
features and we get booting systems!! YAY \o/
We need to have chronyd start after livesys has finished so that
the config for chronyd gets rewritten before it starts. If not it
will overwrite the system clock with a time that will be incorrect
(US eastern stored as local time instead of UTC) for most people.
This fixes bug 1018162.
Now that F24 images are made with livemedia-creator instead of
livecd-creator, the kickstart parser has changed; the new kickstart
parser doesn't understand the $INSTALL_ROOT variable we'd been using in
%post --nochroot scripts. This commit fixes this by replacing
$INSTALL_ROOT usage with hardcoded /mnt/sysimage as docs suggest.
While at this, this commit also fixes a case where resolv.conf would be
incorrectly copied if it is a symlink, thanks to dgilmore for pointing
this out.
After removing grub2 the which package gets removed. Let's add it back
because it is generally useful and because it is needed for many vagrant
utilities to work.
Hopefully eventually Midori will get fixed, so firefox can be dropped
and we'll find a way to get the i686 version not to be 400 MB larger
than the x86_64 version.
With livemedia putting both PAE and non-PAE kernels on i686,
i686 images are a lot bigger than x86_64 images and what i686
used to be. Removing freedroid looks to be enough.
@gnome-desktop addition was reverted in comps in commit
db13483cc5bdb39b8d9f066e7706335fb9ae3048; this reverts it here too.
This reverts commit 6b42371f72.
pinball pulls in fluid-soundfont-lite-patches. I thought I had already
removed everything that did. I am not sure if I missed something or
if pinball changed.
This patch is for the spin-kickstarts repository.
Call out to the `bootentry` script in the kickstart %post so that the
Developer Mode option is added to the GRUB 2 menu.
initail-setup.service now handles running both the gui mode and text
mode running of initial-setup so just enable the one service and no
longer do any special handling rhbz#1296495
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
Per discussion on #1169979, fontconfig upstream think they have
the bugs licked, so this shouldn't be needed any more. We need
to check the nightly lives after this and see if their caches
are now correct.
This effectively reverts the recent change by rdieter, without undoing
the refactoring.
As per the IRC discussion, it looks like caching the metadata is not all
that helpful with Apper or Muon (and I doubt it is actually helpful with
ANY frontend, because updates will necessarily be outdated, and even the
Everything repo usually changes one last time after the last RC, to
officially push packages that the RC took from a side repo), we would
only be increasing our spin size with stale metadata.
Fedora has gotten significantly bigger since we started doing final TCs
and even between final RCs. I am not sure why. But this cut will get
the Games spin safely under 4 GiB.
As livecd-creator is still yum based, we only get yum's yumdb during
live image composes. To work this around, this commit adds a %post
script to fedora-live-base.ks to migrate yum's yumdb over to dnf.
https://bugzilla.redhat.com/show_bug.cgi?id=1274319
Instead of taking the metadata from PackageKit-cached-metadata package
as we were doing previously, copy it over directly during the compose
from https://kojipkgs.fedoraproject.org/mash/
This makes it much less error prone as we always get the very latest
metadata, and makes maintenance much simpler as we don't need to roll
PackageKit-cached-metadata by hand. Users are also going to appreciate
this because it makes post-GA updates smaller as they won't have to
download updates for the PackageKit-cached-metadata subpackage each time
PackageKit gets updated.
We have had -kbd in the kickstart for a long time, but because of BZ#1199868
it wasn't actually getting excluded. Not having it causes
systemd-vconsole-setup.service to fail so we are adding it back for now.
Additionally we need to add back plymouth to cover up the subsequent failure
of systemd-vconsole-setup.service. See BZ#1272684.
Workaround BZ1262040 by removing the --instLangs arg from the
%packages line and rely on our previous hack to manually remove
langs after install. This fixes BZ1261249.
Signed-off-by: Kushal Das <kushaldas@gmail.com>
The ModemManager package is already installed for all live images;
it should be enabled so users can connect to WWAN right after boot
using the NetworkManager applet.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
For some reason the kernel-core is not protected by dnf, so when
we are trying to remove linux-firmware, it was actually removing
kernel-core package. Commenting out the lines for now.
This is pretty cosmetic as live and cloud images don't use passwords
and they install with sha512 fine, but some people may use these
kickstarts as a base for their spins, so we should use best practices.
We were getting grub2 in the base image again. Apparently
for a while Anaconda has supported a cleaner syntax for this, and
since it fixes the bug, let's use it.
https://bugzilla.redhat.com/show_bug.cgi?id=1222132
Best practice is to use unprivileged service daemons inside Docker
containers. But with this hardcoded root password, in the case of
remote code execution, an attacker could trivially escalate their
privileges to root/uid 0. And while that's uid 0 inside a container,
that's a much larger attack surface.
Instead, do the same thing we're doing for the Cloud images: lock the
root password, create a user to make Anaconda happy, then delete the
user in %post.
https://bugzilla.redhat.com/show_bug.cgi?id=1175997
We control the actual size of the virtual disks with options on the
koji command line. This change will allow the Vagrant root
partition to grow to the 40 GB we allocate in the koji image build
while the base cloud image will remain essentially unchanged, as it
is set to 3 GB in the rel-eng koji call.
It gets installed at box launch time anyway. Save users the
annoyance of having to wait. This is in line with the Atomic
Vagrant images as well, which contain rsync in the composed tree.
Comps commit b802fd1c8472bcf5eb2587cd9ba20fb301bbaa6e changed
workstation-product-environment to include the whole of @firefox group,
as opposed to just including the firefox package in the
workstation-product group. This commit syncs the change here too.
I committed this 5 years ago with only a minimum of review, its main
feature was easier SSH key injection, a problem which has been solved
much better by the cloud image which uses `cloud-init`, as well as the
Vagrant boxes which use hardcoded vagrant SSH keys.
it is not included in f22 and will need ot be re reviewed and sumbitted
if interested parties step up and want to actively maintain and test
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
boswars is building again and no longer has a library conflict.
Hower this will put the games spin very close to 4 GiB and some
more tweaking might be needed.
Even though it's silly, the ImageFactory-in-Koji use case calls into
libguestfs to introspect the target system, and libguestfs relies on
/etc/fstab to detect installed operating systems.
rpm-ostree-toolbox always uses this code path now; we spawn an "ostree
trivial-httpd" even for local use. That way the same template can be
used for both remote repositories and local ones.
Now that cloud-init is enabled in the systemd unit, that change
goes in /usr/lib...which we can't easily change. There are
two potentially sane solutions:
- Refactor the kickstarts here
- Some support for systemd presets in kickstart files would
allow us to have a later override here
You can use environment groups in kickstarts with this @^ syntax.
So we don't need to duplicate the environment group here, just
use it. We also don't need to list the productimg package, as
it's in the @workstation-product group which the environment
pulls in.
Things are going to be very close with removing just neverball. So it
looks like we need another removal and it is stellarium.
This is for bug 1168983.
Pungi and lorax pull in the complete repository set and then try
to load all possible fedora-productimg-* packages. We need to
explicitly exclude the ones for the different products.
We were doing gyrations here between the "installmedia" remote and the
intended "fedora-atomic" remote. Thinking about this, it's *far*
simpler if we pretend installmedia is the target remote.
We still need to delete the remote configuration Anaconda added and
re-add it with the real target URL.
Conflicts:
fedora-cloud-atomic.ks
While it makes sense to import the GPG key, it has to be done
as part of the treecompose, because it'll drop out of the rpmdb
on the next upgrade.
For yum, it was run as part of the treecompose, not Anaconda, so
there's already no history.
Add fedora-release-nonproduct to fedora-live-base.ks to ensure it gets
pulled in for all spins. In order to avoid it getting pulled in to
the Workstation product that is also based on fedora-live-base.ks,
explicitly exclude fedora-release-nonproduct in workstation kickstart
file.
https://bugzilla.redhat.com/show_bug.cgi?id=1154235
# - French Fedora Live Spin with the Gnome Desktop Environment
@@ -6,7 +6,7 @@
# Maintainer(s):
# - Matthieu Saulnier <fantom@fedoraproject.org>
%include ../fedora-livecd-desktop.ks
%include ../fedora-live-workstation.ks
lang fr_FR.UTF-8
keyboard fr-latin9
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
