Skip to content

Automotive initial work #928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Automotive initial work #928

wants to merge 5 commits into from

Conversation

alexlarsson
Copy link

@alexlarsson alexlarsson commented May 13, 2025
edited
Loading

This is some initial work for supporting bootc in the automotive projects. It includes the following:

  • Extract the active selinux policy from the image
  • Support specifying a custom build container image ref

This depends on: osbuild/images#1519

@alexlarsson alexlarsson mentioned this pull request May 13, 2025
Closed
@alexlarsson alexlarsson force-pushed the automotive-initial-work branch from bcd420b to d5f7e45 Compare May 13, 2025 13:31
@alexlarsson alexlarsson mentioned this pull request May 13, 2025
Open
7 tasks
@alexlarsson
Copy link
Author

I'm not sure what exactly is going wrong in the tests, but my guess is that it is caused by the verity change. I'm gonna try reverting that for now.

@alexlarsson alexlarsson force-pushed the automotive-initial-work branch 3 times, most recently from ff9f4a6 to 8e12982 Compare May 14, 2025 13:22
@alexlarsson
Copy link
Author

The CI failure is:

dracut[E]: Module 'prefixdevname-tools' cannot be found.

Which doesn't seem related to this change.

achilleas-k
achilleas-k reviewed May 14, 2025
View reviewed changes
Copy link
Member

@achilleas-k achilleas-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM so far. Holding off until images PR is merged.

One note about commit messages: Can you amend commit message to follow the preferred format?

Thanks!

bib/internal/source/source.go
Comment on lines +66 to +69
f, err := os.Open(path.Join(root, configPath))
if err != nil {
return "", fmt.Errorf("cannot read selinux config %s: %w", configPath, err)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The file isn't explicitly closed.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@achilleas-k
Copy link
Member

The CI failure is:

dracut[E]: Module 'prefixdevname-tools' cannot be found.

Which doesn't seem related to this change.

It seems there's a bunch of stuff failing in that dracut stage. Yes, it's unrelated. I'll look into it.

@achilleas-k
Copy link
Member

Opened #929 to update the images dependency to the latest release. I suspect something might have changed that is causing these issues. Either that, or it's a package / dracut module change (again). Either way, it should show up there and if not it'll minimise the changes being pulled into this PR.

@alexlarsson alexlarsson force-pushed the automotive-initial-work branch from 8e12982 to 29cde77 Compare May 15, 2025 15:44
@alexlarsson
Copy link
Author

I rebased this with some changes, and fixes to the commit messages.
This version depends on the API fixes in osbuild/images#1526,.
It also contains a commit to handle an API changes that happened upstream in osbuild-image.

@achilleas-k
Copy link
Member

#929 fixed the dracut stage issue and got merged.

@achilleas-k achilleas-k self-requested a review May 15, 2025 18:04
@alexlarsson alexlarsson force-pushed the automotive-initial-work branch from 29cde77 to 63c6937 Compare May 16, 2025 08:03
@alexlarsson
Copy link
Author

@achilleas-k Cool, i rebased on master, lets see if it passes CI now.

@alexlarsson alexlarsson force-pushed the automotive-initial-work branch from 63c6937 to df56bbd Compare May 16, 2025 11:42
@alexlarsson
bib: Extract what SELinux policy to us from container
7522d6e 
Currently we are always hardcoding "targeted", which is not working
for the centos automotive sig that use a custom policy.
@alexlarsson
bib: Add --build-container to run the build in a custom container
c264836 
The automotive project wants to build minimal bootc images which will
not contain tools like dnf, mkfs.ext, etc. We support this by allowing
the container used in the build pipeline to come from another (but
related) container image.

This depends on osbuild/images#1507
@alexlarsson
image: Always enable verity on the rootfs partition
ef93d05 
This rewrites the partition table after creation so that it works
both with filesystem and disk customizations.
@alexlarsson
bib: Update for osbuild-image arch.FromString API changes
31e8d6c 
arch.FromString can now return an error
@alexlarsson
WIP: Replace osbuild-images with PR #1526
25ef903 
This makes us able to use the new API changes from
osbuild/images#1526
@alexlarsson alexlarsson force-pushed the automotive-initial-work branch from df56bbd to 25ef903 Compare May 16, 2025 11:47
achilleas-k
achilleas-k reviewed May 16, 2025
View reviewed changes
Copy link
Member

@achilleas-k achilleas-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Tentative LGTM (pending images PR merge).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgwalters cgwalters cgwalters left review comments

@achilleas-k achilleas-k achilleas-k left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alexlarsson @achilleas-k @cgwalters