atomic: switch to build from updates ref

We build from the updates ref and set the system to upgrade from
the prod ref.

README.md

@@ -11,18 +11,18 @@ and modify the kickstart files for their local needs.
 
 ## To make a release ##
 
- * git clone ssh://git@pagure.io/fedora-kickstarts.git fedora-kickstarts
- * cd fedora-kickstarts
- * # If you need a specific branch other than master:
- * git checkout BRANCHNAME
- * # No tag has been added yet tag HEAD with
- * git tag VERSION
- * git push --tags
- * make
- * # Publish the released tar ball
- * make publish
- * # Clean up the generated files:
- * make clean
+    git clone ssh://git@pagure.io/fedora-kickstarts.git fedora-kickstarts
+    cd fedora-kickstarts
+    # If you need a specific branch other than master:
+    git checkout BRANCHNAME
+    # No tag has been added yet tag HEAD with
+    git tag VERSION
+    git push --tags
+    make
+    # Publish the released tar ball
+    make publish
+    # Clean up the generated files:
+    make clean
 
 # bug reports #
 

atomic-installer/lorax-configure-repo.tmpl

@@ -1,8 +0,0 @@
-## Lorax template to configure Anaconda to use the local OSTree
-## repository on disk.
-
-<%page args="ostree_osname, ostree_ref"/>
-append usr/share/anaconda/interactive-defaults.ks "ostreesetup --nogpg --osname=${ostree_osname} --remote=${ostree_osname} --url=file:////run/install/repo/content/repo --ref=${ostree_ref}\n"
-append usr/share/anaconda/interactive-defaults.ks "services --disabled cloud-init,cloud-config,cloud-final,cloud-init-local\n"
-append usr/share/anaconda/interactive-defaults.ks "%post --erroronfail\nrm -f /etc/ostree/remotes.d/${ostree_osname}.conf\nostree remote add --set=gpg-verify=false fedora-atomic 'https://dl.fedoraproject.org/pub/fedora/linux/atomic/22/'\n%end\n"
-

atomic-installer/lorax-embed-repo.tmpl

@@ -1,11 +0,0 @@
-## Lorax template to embed an OSTree repository into the installer.iso
-## and configure an interactive installer use to look for it.
-##
-## Note that we pull with depth=0 to only get *one* commit into the
-## ISO, because we obviously don't want the full history.
-
-<%page args="workdir, ostree_osname, ostree_repo, ostree_ref"/>
-runcmd mkdir -p ${workdir}/iso-graft/content/repo
-runcmd ostree --repo=${workdir}/iso-graft/content/repo init --mode=archive-z2
-runcmd ostree --repo=${workdir}/iso-graft/content/repo remote add ostree-mirror --set=gpg-verify=false ${ostree_repo}
-runcmd ostree --repo=${workdir}/iso-graft/content/repo pull --mirror ostree-mirror ${ostree_ref}

fedora-arm-base.ks

@@ -30,6 +30,7 @@ dracut-config-generic
 -dracut-config-rescue
 # install tools needed to manage and boot arm systems
 @arm-tools
+-uboot-images-armv8
 rng-tools
 chrony
 extlinux-bootloader
@@ -39,6 +40,8 @@ initial-setup-gui
 -iwl*
 -ipw*
 -trousers-lib
+-usb_modeswitch
+-iproute-tc
 #lets resize / on first boot
 # dracut-modules-growroot
 

fedora-arm-lxqt.ks

@@ -2,6 +2,8 @@
 %include fedora-arm-xbase.ks
 %include fedora-lxqt-common.ks
 
+part / --size=3800 --fstype ext4 --asprimary
+
 %packages
 # trojita not available on non-x86 platforms
 -trojita

fedora-arm-minimal.ks

@@ -4,3 +4,7 @@
 part /boot --size=512 --fstype ext4
 part swap --size=256 --fstype swap
 part / --size=1256 --fstype ext4
+
+%packages
+-xkeyboard-config
+%end

fedora-arm-soas.ks

@@ -2,6 +2,8 @@
 %include fedora-arm-xbase.ks
 %include fedora-soas-common.ks
 
+part / --size=3300 --fstype ext4 --asprimary
+
 %post
 
 %end

fedora-atomic.ks

@@ -17,32 +17,57 @@ rootpw --lock --iscrypted locked
 
 firewall --disabled
 
-bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8 net.ifnames=0"
+# console=ttyAMA0 and console=hvc0 as kernel boot parameter to see
+# kernel boot messages on serial console as well on aarch64 and
+# ppc64le respectively.
+# https://pagure.io/atomic-wg/issue/347
+bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8 console=ttyAMA0 console=hvc0 net.ifnames=0"
 
 network --bootproto=dhcp --device=link --activate --onboot=on
 services --enabled=sshd,cloud-init,cloud-init-local,cloud-config,cloud-final
 
 zerombr
 clearpart --all
-# Atomic differs from cloud - we want LVM
-part /boot --size=300 --fstype="ext4"
+# Implement: https://pagure.io/atomic-wg/issue/281
+# The bare metal layout default is in http://pkgs.fedoraproject.org/cgit/rpms/fedora-productimg-atomic.git
+# However, the disk size is currently just 6GB for the cloud image (defined in pungi-fedora).  So the
+# "15GB, rest unallocated" model doesn't make sense.  The Vagrant box is 40GB (apparently a number of
+# Vagrant boxes come big and rely on thin provisioning).
+# In both cases, it's simplest to just fill all the disk space.
+#
+# Use reqpart to create hardware platform specific partitions
+# https://pagure.io/atomic-wg/issue/299
+reqpart --add-boot
 part pv.01 --grow
 volgroup atomicos pv.01
-logvol / --size=3000 --fstype="xfs" --name=root --vgname=atomicos
+# Start from 3GB as we did before, since we just need a size.  But we do --grow to fill all space.
+logvol / --size=3000 --grow --fstype="xfs" --name=root --vgname=atomicos
 
 # Equivalent of %include fedora-repo.ks
 # Pull from the ostree repo that was created during the compose
-ostreesetup --nogpg --osname=fedora-atomic --remote=fedora-atomic --url=https://kojipkgs.fedoraproject.org/compose/atomic/rawhide/ --ref=fedora/rawhide/x86_64/atomic-host
+ostreesetup --nogpg --osname=fedora-atomic --remote=fedora-atomic --url=https://kojipkgs.fedoraproject.org/atomic/27/ --ref=fedora/27/${basearch}/updates/atomic-host
 
 reboot
 
 %post --erroronfail
-# See https://github.com/projectatomic/rpm-ostree/issues/42
-# Set the ostree repo to the location we want users to upgrade from
-# This location is where the compose gets synced to after the compose
-# is done.
+# Find the architecture we are on
+arch=$(uname -m)
+
+# Set the origin to the "main ref", distinct from /updates/ which is where bodhi writes.
+# We want consumers of this image to track the two week releases.
+ostree admin set-origin --index 0 fedora-atomic https://kojipkgs.fedoraproject.org/atomic/27/ "fedora/27/${arch}/atomic-host"
+
+# Make sure the ref we're supposedly sitting on (according
+# to the updated origin) exists.
+ostree refs "fedora-atomic:fedora/27/${arch}/updates/atomic-host" --create "fedora-atomic:fedora/27/${arch}/atomic-host"
+
+# Remove the old ref so that the commit eventually gets
+# cleaned up.
+ostree refs "fedora-atomic:fedora/27/${arch}/updates/atomic-host" --delete
+
+# delete/add the remote with new options to enable gpg verification
 ostree remote delete fedora-atomic
-ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-27-primary fedora-atomic 'https://kojipkgs.fedoraproject.org/atomic/rawhide/'
+ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-27-primary fedora-atomic 'https://kojipkgs.fedoraproject.org/atomic/27/'
 
 # older versions of livecd-tools do not follow "rootpw --lock" line above
 # https://bugzilla.redhat.com/show_bug.cgi?id=964299
@@ -52,8 +77,10 @@ passwd -l root
 cp /etc/skel/.bash* /var/roothome
 
 # Configure docker-storage-setup to resize the partition table on boot
-# https://github.com/projectatomic/docker-storage-setup/pull/25
+# and extend the root filesystem to fill it.
+# https://pagure.io/atomic-wg/issue/343
 echo 'GROWPART=true' >> /etc/sysconfig/docker-storage-setup
+echo 'ROOT_SIZE=+100%FREE' >> /etc/sysconfig/docker-storage-setup
 
 echo -n "Getty fixes"
 # although we want console output going to the serial console, we don't

fedora-cloud-base.ks

@@ -13,12 +13,12 @@
 # http://worknotes.readthedocs.org/en/latest/cloudimages.html for some notes.
 #
 # For a TDL file, I store one here:
-# https://git.fedorahosted.org/cgit/fedora-atomic.git/tree/fedora-atomic-rawhide.tdl
+# https://pagure.io/fedora-atomic/raw/master/f/fedora-atomic-rawhide.tdl
 # (Koji generates one internally...what we really want is Koji to publish it statically)
 # 
 # Once you have imagefactory and imagefactory-plugins installed, run:
 # 
-#   curl -O https://git.fedorahosted.org/cgit/fedora-atomic.git/plain/fedora-atomic-rawhide.tdl 
+#   curl -O https://pagure.io/fedora-atomic/raw/master/f/fedora-atomic-rawhide.tdl
 #   tempfile=$(mktemp --suffix=.ks)
 #   ksflatten -v F22 -c fedora-cloud-base.ks > ${tempfile}
 #   imagefactory --debug base_image --file-parameter install_script ${tempfile} fedora-atomic-rawhide.tdl

fedora-disk-base.ks

@@ -19,7 +19,7 @@ network --bootproto=dhcp --device=link --activate
 rootpw --lock --iscrypted locked
 shutdown
 
-bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8"
+bootloader --timeout=1
 
 zerombr
 clearpart --all --initlabel --disklabel=msdos
@@ -40,15 +40,16 @@ dracut-config-generic
 -dracut-config-rescue
 # install tools needed to manage and boot arm systems
 @arm-tools
+-uboot-images-armv7
 rng-tools
 chrony
 bcm283x-firmware
-uboot-images-armv8
--uboot-images-armv7
 initial-setup
 -iwl*
 -ipw*
 -trousers-lib
+-usb_modeswitch
+-iproute-tc
 -generic-release*
 
 # make sure all the locales are available for inital0-setup and anaconda to work
@@ -80,6 +81,9 @@ rm -f /var/lib/rpm/__db*
 # remove random seed, the newly installed instance should make it's own
 rm -f /var/lib/systemd/random-seed
 
+# The enp1s0 interface is a left over from the imagefactory install, clean this up
+rm -f /etc/sysconfig/network-scripts/ifcfg-enp1s0
+
 dnf -y remove dracut-config-generic
 
 # Disable network service here, as doing it in the services line

fedora-disk-minimal.ks

@@ -4,3 +4,7 @@
 services --enabled=sshd,NetworkManager,chronyd,initial-setup
 
 autopart --type=plain
+
+%packages
+-xkeyboard-config
+%end

fedora-docker-base.ks

@@ -18,6 +18,9 @@ sssd-client
 rm -rf /var/cache/dnf/*
 rm -rf /tmp/*
 
+# https://pagure.io/atomic-wg/issue/308
+printf "tsflags=nodocs\n" >>/etc/dnf/dnf.conf
+
 #Mask mount units and getty service so that we don't get login prompt
 systemctl mask systemd-remount-fs.service dev-hugepages.mount sys-fs-fuse-connections.mount systemd-logind.service getty.target console-getty.service
 
@@ -34,5 +37,6 @@ systemctl mask systemd-remount-fs.service dev-hugepages.mount sys-fs-fuse-connec
 #
 umount /run
 systemd-tmpfiles --prefix=/run/ --prefix=/var/run/ --create --boot || true
+rm /run/nologin # https://pagure.io/atomic-wg/issue/316
 
 %end

fedora-docker-common.ks

@@ -8,7 +8,7 @@
 # but you can run imagefactory locally too.
 #
 # To do so, testing local changes, first you'll need a TDL file.  I store one here:
-# https://git.fedorahosted.org/cgit/fedora-atomic.git/tree/fedora-atomic-rawhide.tdl
+# https://pagure.io/fedora-atomic/raw/master/f/fedora-atomic-rawhide.tdl
 #
 # Then, once you have imagefactory and imagefactory-plugins installed, run:
 #

fedora-kde-common.ks

@@ -61,9 +61,6 @@ wqy-microhei-fonts			# a compact CJK font, to replace:
 -ibus*
 -iok
 
-# save some space (from @standard)
--make
-
 # admin-tools
 -gnome-disk-utility
 # kcm_clock still lacks some features, so keep system-config-date around

fedora-live-astronomy_kde.ks

@@ -24,7 +24,13 @@ part / --size 14500
 # Installing the default/mandatory packages from engineering & scientific
 @engineering-and-scientific
 
+# Basic development
+@development-tools
+@c-development
+
 # astronomical data analysis
+astrometry
+astrometry-tycho2
 cdsclient
 fpack
 gcx
@@ -37,7 +43,7 @@ skyviewer
 swarp
 wcstools
 
-# Observatory: KStars + INDI drivers + Skychart
+# Observatory: KStars + INDI drivers
 indi-aagcloudwatcher
 indi-apogee
 indi-eqmod
@@ -45,10 +51,10 @@ indi-gphoto
 indi-sx
 indistarter
 kstars
-stellarium
 
 # misc. astronomy
 celestia
+stellarium
 virtualplanet
 
 # Some astro environment stuff

fedora-live-cinnamon.ks

@@ -32,6 +32,9 @@ sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/li
 # set Cinnamon as default session, otherwise login will fail
 sed -i 's/^#user-session=.*/user-session=cinnamon/' /etc/lightdm/lightdm.conf
 
+# no updater applet in live environment
+rm -f /etc/xdg/autostart/org.mageia.dnfdragora-updater.desktop
+
 # Show harddisk install on the desktop
 sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
 mkdir /home/liveuser/Desktop

fedora-live-design_suite.ks

@@ -16,10 +16,21 @@ part / --size 14336
 # Switch to groups for design suite
 @design-suite
 
+# Provides backup application
+deja-dup
+deja-dup-nautilus
+
 # Add extra gnome applications
 gnome-books
 gnome-calendar
 gnome-photos
+gnome-shell-extension-pomodoro
+gnome-todo
+
+# Add cosmetic for gnome-terminal
+powerline
+powerline-fonts
+
 
 # Extra wallpapers
 f26-backgrounds-extras-base
@@ -36,7 +47,7 @@ f26-backgrounds-extras-gnome
 #Override the favorite desktop application in Dash
 cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
 [org.gnome.shell]
-favorite-apps=['firefox.desktop', 'shotwell.desktop', 'gimp.desktop', 'darktable.desktop','krita', 'inkscape.desktop', 'blender.desktop', 'libreoffice-writer.desktop', 'scribus.desktop', 'nautilus.desktop', 'bijiben.desktop', 'anaconda.desktop', 'list-design-tutorials.desktop']
+favorite-apps=['firefox.desktop', 'shotwell.desktop', 'gimp.desktop', 'darktable.desktop','krita.desktop', 'inkscape.desktop', 'blender.desktop', 'libreoffice-writer.desktop', 'scribus.desktop', 'nautilus.desktop', 'bijiben.desktop', 'anaconda.desktop', 'list-design-tutorials.desktop']
 FOE
 
 # Add link to lists of tutorials

fedora-live-mate_compiz.ks

@@ -40,6 +40,9 @@ if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
   sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
 fi
 
+# no updater applet in live environment
+rm -f /etc/xdg/autostart/org.mageia.dnfdragora-updater.desktop
+
 # make sure to set the right permissions and selinux contexts
 chown -R liveuser:liveuser /home/liveuser/
 restorecon -R /home/liveuser/

fedora-live-scientific_kde.ks

@@ -90,11 +90,13 @@ julia-doc
 
 # IDEs for the IDE folks
 @eclipse
-spyder
+#spyder
 
 #writing & publishing
-emacs
-emacs-color-theme
+# https://bugzilla.redhat.com/show_bug.cgi?id=1506888
+#emacs
+#emacs-color-theme
+
 vim
 scribus
 #scite

fedora-mate-common.ks

@@ -1,6 +1,5 @@
 %packages
 -PackageKit*                # we switched to dnfdragora, so we don't need this
-PackageKit-command-not-found  # nifty for installing not-found cli-commands
 firefox
 @mate
 compiz
@@ -31,7 +30,7 @@ lightdm-gtk-greeter-settings
 # audio video
 parole
 exaile
-gstreamer1-plugin-mpg123  # mp3 support
+gstreamer1-plugins-ugly-free # mp3 support
 
 # blacklist applications which breaks mate-desktop
 -audacious
@@ -55,13 +54,9 @@ nss-mdns
 -brasero
 -colord
 -fedora-icon-theme
--GConf2
--gnome-bluetooth-libs
 -gnome-icon-theme
 -gnome-icon-theme-symbolic
 -gnome-software
--gnome-themes
--gnome-themes-standard
 -gnome-user-docs
 
 -@mate-applications

fedora-modular-arm-server.ks

@@ -0,0 +1,27 @@
+%include fedora-arm-base.ks
+
+# server defaults to xfs for / so lets do so on arm also
+part / --size=2500 --fstype xfs
+
+%packages
+# install the default groups for the server evironment since installing the environment is not working
+@server-product
+@standard
+@headless-management
+@container-management
+@domain-client
+-initial-setup-gui
+-generic-release*
+fedora-modular-release
+%end
+
+%post
+
+# setup systemd to boot to the right runlevel
+echo -n "Setting default runlevel to multiuser text mode"
+rm -f /etc/systemd/system/default.target
+ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+echo .
+
+%end
+

fedora-modular-container-base-minimal.ks

@@ -0,0 +1,70 @@
+# See fedora-modular-container-common.ks for details on how to hack on container image kickstarts
+# This base is a stripped back Fedora image without python3/dnf.
+# If you need that use the standard base image.
+
+%include fedora-modular-container-common.ks
+
+%packages --excludedocs --instLangs=en --nocore --excludeWeakdeps
+microdnf
+
+%end
+
+%post --erroronfail --log=/root/anaconda-post.log
+# remove some random help txt files
+rm -fv usr/share/gnupg/help*.txt
+
+# Pruning random things
+rm usr/lib/rpm/rpm.daily
+rm -rfv usr/lib64/nss/unsupported-tools/  # unsupported
+
+# Statically linked crap
+rm -fv usr/sbin/{glibc_post_upgrade.x86_64,sln}
+ln usr/bin/ln usr/sbin/sln
+
+# Remove some dnf info
+rm -rfv /var/lib/dnf
+
+# don't need icons
+rm -rfv /usr/share/icons/*
+
+#some random not-that-useful binaries
+rm -fv /usr/bin/pinky
+
+# we lose presets by removing /usr/lib/systemd but we do not care
+rm -rfv /usr/lib/systemd
+
+# if you want to change the timezone, bind-mount it from the host or reinstall tzdata
+rm -fv /etc/localtime
+mv /usr/share/zoneinfo/UTC /etc/localtime
+rm -rfv  /usr/share/zoneinfo
+
+# Final pruning
+rm -rfv /var/cache/* /var/log/* /tmp/*
+
+%end
+
+%post --nochroot --erroronfail --log=/mnt/sysimage/root/anaconda-post-nochroot.log
+set -eux
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1343138
+# Fix /run/lock breakage since it's not tmpfs in container
+# This unmounts /run (tmpfs) and then recreates the files
+# in the /run directory on the root filesystem of the container
+# NOTE: run this in nochroot because "umount" does not exist in chroot
+umount /mnt/sysimage/run
+# The file that specifies the /run/lock tmpfile is
+# /usr/lib/tmpfiles.d/legacy.conf, which is part of the systemd
+# rpm that isn't included in this image. We'll create the /run/lock
+# file here manually with the settings from legacy.conf
+# NOTE: chroot to run "install" because it is not in anaconda env
+chroot /mnt/sysimage install -d /run/lock -m 0755 -o root -g root
+
+
+# See: https://bugzilla.redhat.com/show_bug.cgi?id=1051816
+# NOTE: run this in nochroot because "find" does not exist in chroot
+KEEPLANG=en_US
+for dir in locale i18n; do
+    find /mnt/sysimage/usr/share/${dir} -mindepth  1 -maxdepth 1 -type d -not \( -name "${KEEPLANG}" -o -name POSIX \) -exec rm -rfv {} +
+done
+
+%end

fedora-modular-container-base.ks

@@ -0,0 +1,38 @@
+# See fedora-modular-container-common.ks for details on how to hack on container image kickstarts
+# This base is a standard Fedora image with python3 and dnf
+
+%include fedora-modular-container-common.ks
+
+%packages --excludedocs --instLangs=en --nocore
+rootfiles
+tar # https://bugzilla.redhat.com/show_bug.cgi?id=1409920
+vim-minimal
+dnf
+dnf-yum  # https://pagure.io/fesco/ticket/1312#comment:29
+sssd-client
+
+%end
+
+%post --erroronfail --log=/root/anaconda-post.log
+# remove some extraneous files
+rm -rf /var/cache/dnf/*
+rm -rf /tmp/*
+
+#Mask mount units and getty service so that we don't get login prompt
+systemctl mask systemd-remount-fs.service dev-hugepages.mount sys-fs-fuse-connections.mount systemd-logind.service getty.target console-getty.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1343138
+# Fix /run/lock breakage since it's not tmpfs in container
+# This unmounts /run (tmpfs) and then recreates the files
+# in the /run directory on the root filesystem of the container
+#
+# We ignore the return code of the systemd-tmpfiles command because
+# at this point we have already removed the /etc/machine-id and all
+# tmpfiles lines with %m in them will fail and cause a bad return
+# code. Example failure:
+#   [/usr/lib/tmpfiles.d/systemd.conf:26] Failed to replace specifiers: /run/log/journal/%m
+#
+umount /run
+systemd-tmpfiles --prefix=/run/ --prefix=/var/run/ --create --boot || true
+
+%end

fedora-modular-container-common.ks

@@ -0,0 +1,75 @@
+# This is the common bits between Container base images based on Modular Fedora.
+#
+# To keep this image minimal it only installs English language. You need to change
+# dnf configuration in order to enable other languages.
+#
+# ##  Hacking on this image ###
+# This kickstart is processed using Anaconda-in-ImageFactory (via Koji typically),
+# but you can run imagefactory locally too.
+#
+# To do so, testing local changes, first you'll need a TDL file.  I store one here:
+# https://pagure.io/fedora-atomic/raw/master/f/fedora-atomic-rawhide.tdl
+#
+# Then, once you have imagefactory and imagefactory-plugins installed, run:
+#
+#   ksflatten -c fedora-modular-base[-minimal].ks -o fedora-modular-base-test.ks
+#   imagefactory --debug target_image --template /path/to/fedora-atomic-rawhide.tdl --parameter offline_icicle true --file-parameter install_script $(pwd)/fedora-modular-base-test.ks modular
+#
+
+text # don't use cmdline -- https://github.com/rhinstaller/anaconda/issues/931
+bootloader --disabled
+timezone --isUtc --nontp Etc/UTC
+rootpw --lock --iscrypted locked
+keyboard us
+network --bootproto=dhcp --device=link --activate --onboot=on
+reboot
+
+# boot partitions are irrelevant as the final container image is a tarball
+zerombr
+clearpart --all
+autopart --nohome --noswap --nolvm
+
+%packages --excludedocs --instLangs=en --nocore
+fedora-modular-release
+bash
+coreutils-single
+glibc-minimal-langpack
+libcrypt
+rpm
+shadow-utils
+sssd-client
+util-linux
+-kernel
+-dosfstools
+-e2fsprogs
+-fuse-libs
+-gnupg2-smime
+-libss # used by e2fsprogs
+-libusbx
+-pinentry
+-shared-mime-info
+-trousers
+-xkeyboard-config
+
+%end
+
+%post --erroronfail --log=/root/anaconda-post.log
+set -eux
+
+# Set install langs macro so that new rpms that get installed will
+# only install langs that we limit it to.
+LANG="en_US"
+echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1400682
+echo "Import RPM GPG key"
+releasever=$(rpm -q --qf '%{version}\n' fedora-modular-release)
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary
+
+echo "# fstab intentionally empty for containers" > /etc/fstab
+
+# Remove machine-id on pre generated images
+rm -f /etc/machine-id
+touch /etc/machine-id
+
+%end

fedora-modular-disk-minimal.ks

@@ -0,0 +1,81 @@
+text
+lang en_US.UTF-8
+keyboard us
+timezone US/Eastern
+auth --useshadow --passalgo=sha512
+selinux --enforcing
+# Disabled for modular compose (for now)
+#firewall --enabled --service=mdns
+# Disabled for modular compose (for now)
+#services --enabled=sshd,NetworkManager,chronyd,initial-setup
+network --bootproto=dhcp --device=link --activate
+rootpw --lock --iscrypted locked
+shutdown
+
+bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8"
+
+zerombr
+clearpart --all --initlabel --disklabel=msdos
+autopart --type=plain
+
+# make sure that initial-setup runs and lets us do all the configuration bits
+firstboot --reconfig
+
+%include fedora-repo.ks
+
+%packages --excludedocs --excludeWeakdeps --nocore
+bash
+fedora-modular-release
+filesystem
+coreutils-single
+util-linux
+rpm
+shadow-utils
+microdnf
+glibc-minimal-langpack
+grubby
+kernel
+libcrypt
+sssd-client
+dhcp-client
+-fedora-logos
+-coreutils
+-dosfstools
+-e2fsprogs
+-fuse-libs
+-gnupg2-smime
+-libss # used by e2fsprogs
+-libusbx
+-pinentry
+-shared-mime-info
+-trousers
+-xkeyboard-config
+-dracut
+%end
+
+%post
+
+# Setup Raspberry Pi firmware
+#cp -Pr /usr/share/bcm283x-firmware/* /boot/efi/
+mv -f /boot/efi/config-64.txt /boot/efi/config.txt
+cp -P /usr/share/uboot/rpi_3/u-boot.bin /boot/efi/rpi3-u-boot.bin
+
+releasever=$(rpm -q --qf '%{version}\n' fedora-modular-release)
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary
+echo "Packages within this disk image"
+rpm -qa
+# Note that running rpm recreates the rpm db files which aren't needed or wanted
+rm -f /var/lib/rpm/__db*
+
+# remove random seed, the newly installed instance should make it's own
+rm -f /var/lib/systemd/random-seed
+
+# Disable network service here, as doing it in the services line
+# fails due to RHBZ #1369794
+/sbin/chkconfig network off
+
+# Remove machine-id on pre generated images
+rm -f /etc/machine-id
+touch /etc/machine-id
+
+%end

fedora-repo.ks

@@ -3,7 +3,7 @@
 # Exactly one of the following should be uncommented
 
 # For the master branch the following should be uncommented
-%include fedora-repo-rawhide.ks
+# %include fedora-repo-rawhide.ks
 
 # For non-master branches the following should be uncommented
-# %include fedora-repo-not-rawhide.ks
+%include fedora-repo-not-rawhide.ks