From 8a394fc81a04708066e7eee59cf4bd6fcc128f56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Tue, 10 Mar 2026 12:13:20 +0100 Subject: [PATCH 1/7] cmd/check-host-config: add container embedding check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Verify that containers listed in the blueprint are actually present in the booted image's podman storage. Signed-off-by: Tomáš Hozza --- .../check/container_embedding.go | 94 ++++++++++ .../check/container_embedding_test.go | 173 ++++++++++++++++++ 2 files changed, 267 insertions(+) create mode 100644 cmd/check-host-config/check/container_embedding.go create mode 100644 cmd/check-host-config/check/container_embedding_test.go diff --git a/cmd/check-host-config/check/container_embedding.go b/cmd/check-host-config/check/container_embedding.go new file mode 100644 index 0000000000..1724b81157 --- /dev/null +++ b/cmd/check-host-config/check/container_embedding.go @@ -0,0 +1,94 @@ +package check + +import ( + "encoding/json" + "fmt" + "log" + "strings" + + "github.com/osbuild/images/internal/buildconfig" +) + +func init() { + RegisterCheck(Metadata{ + Name: "container-embedding", + RequiresBlueprint: true, + }, containerEmbeddingCheck) +} + +type podmanImage struct { + Names []string `json:"Names"` +} + +// containerNameMatches reports whether a podman image name matches the +// expected needle. Short names (without a domain/path component) are +// normalized by the container runtime: skopeo/containers-storage adds +// "docker.io/library/" (the Docker default) while locally-built images +// may get "localhost/". We check the needle against all known +// normalizations. +func containerNameMatches(podmanName, needle string) bool { + candidates := []string{needle} + nameBeforeTag := strings.SplitN(needle, ":", 2)[0] + if !strings.Contains(nameBeforeTag, "/") { + candidates = append(candidates, + "localhost/"+needle, + "docker.io/library/"+needle, + ) + } + for _, c := range candidates { + if podmanName == c || strings.HasPrefix(podmanName, c+":") { + return true + } + } + return false +} + +func containerEmbeddingCheck(meta *Metadata, config *buildconfig.BuildConfig) error { + containers := config.Blueprint.Containers + if len(containers) == 0 { + return Skip("no containers to check") + } + + stdout, _, _, err := Exec("sudo", "podman", "images", "--format", "json") + if err != nil { + return Fail("failed to list podman images:", err) + } + + var images []podmanImage + if err := json.Unmarshal(stdout, &images); err != nil { + return Fail("failed to parse podman images output:", err) + } + + for _, ctr := range containers { + // The blueprint Name, when set, is used as the local name for the + // container in the image storage (see Spec.LocalName). When empty, + // the source reference is used instead. + needle := ctr.Source + if ctr.Name != "" { + needle = ctr.Name + } + if needle == "" { + continue + } + + found := false + for _, img := range images { + for _, name := range img.Names { + if containerNameMatches(name, needle) { + found = true + break + } + } + if found { + break + } + } + + if !found { + return Fail(fmt.Sprintf("embedded container %q (source %q) not found in podman images", needle, ctr.Source)) + } + log.Printf("Container %q found in podman images\n", needle) + } + + return Pass() +} diff --git a/cmd/check-host-config/check/container_embedding_test.go b/cmd/check-host-config/check/container_embedding_test.go new file mode 100644 index 0000000000..9f996eb1f6 --- /dev/null +++ b/cmd/check-host-config/check/container_embedding_test.go @@ -0,0 +1,173 @@ +package check_test + +import ( + "errors" + "testing" + + "github.com/osbuild/blueprint/pkg/blueprint" + check "github.com/osbuild/images/cmd/check-host-config/check" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestContainerEmbeddingCheck(t *testing.T) { + tests := []struct { + name string + containers []blueprint.Container + mockExec map[string]ExecResult + wantErr error + }{ + { + name: "skip when no containers", + containers: nil, + wantErr: check.ErrCheckSkipped, + }, + { + name: "pass when image name matches with tag suffix", + containers: []blueprint.Container{ + {Source: "registry.example.com/test"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Stdout: []byte(`[{"Names":["registry.example.com/test:latest"]}]`), + }, + }, + }, + { + name: "pass when image name matches exactly without tag", + containers: []blueprint.Container{ + {Source: "registry.example.com/test"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Stdout: []byte(`[{"Names":["registry.example.com/test"]}]`), + }, + }, + }, + { + name: "fail when container is not found", + containers: []blueprint.Container{ + {Source: "registry.example.com/missing"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Stdout: []byte(`[{"Names":["registry.example.com/other:latest"]}]`), + }, + }, + wantErr: check.ErrCheckFailed, + }, + { + name: "fail when podman command fails", + containers: []blueprint.Container{ + {Source: "registry.example.com/test"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Err: errors.New("podman not found"), + }, + }, + wantErr: check.ErrCheckFailed, + }, + { + name: "pass with multiple containers", + containers: []blueprint.Container{ + {Source: "registry.example.com/first"}, + {Source: "registry.example.com/second"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Stdout: []byte(`[{"Names":["registry.example.com/first:latest"]},{"Names":["registry.example.com/second:v1"]}]`), + }, + }, + }, + { + name: "pass when custom name matches", + containers: []blueprint.Container{ + {Source: "registry.example.com/source-image", Name: "custom-name:v1"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Stdout: []byte(`[{"Names":["custom-name:v1"]}]`), + }, + }, + }, + { + name: "pass when short name is stored with docker.io/library/ prefix", + containers: []blueprint.Container{ + {Source: "registry.example.com/source-image", Name: "manifest-list-test:v1"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Stdout: []byte(`[{"Names":["docker.io/library/manifest-list-test:v1"]}]`), + }, + }, + }, + { + name: "pass when short name is stored with localhost/ prefix", + containers: []blueprint.Container{ + {Source: "registry.example.com/source-image", Name: "manifest-list-test:v1"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Stdout: []byte(`[{"Names":["localhost/manifest-list-test:v1"]}]`), + }, + }, + }, + { + name: "pass when short name without tag gets docker.io/library/ prefix and tag", + containers: []blueprint.Container{ + {Source: "registry.example.com/source-image", Name: "my-image"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Stdout: []byte(`[{"Names":["docker.io/library/my-image:latest"]}]`), + }, + }, + }, + { + name: "fail when custom name does not match", + containers: []blueprint.Container{ + {Source: "registry.example.com/source-image", Name: "custom-name:v1"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Stdout: []byte(`[{"Names":["registry.example.com/source-image:latest"]}]`), + }, + }, + wantErr: check.ErrCheckFailed, + }, + { + name: "fail when image name is only a prefix match", + containers: []blueprint.Container{ + {Source: "registry.example.com/test"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman images --format json": { + Stdout: []byte(`[{"Names":["registry.example.com/testing:latest"]}]`), + }, + }, + wantErr: check.ErrCheckFailed, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + installMockExec(t, tt.mockExec) + + chk, found := check.FindCheckByName("container-embedding") + require.True(t, found, "container-embedding check not found") + + config := buildConfigWithBlueprint(func(bp *blueprint.Blueprint) { + bp.Containers = tt.containers + }) + + err := chk.Func(chk.Meta, config) + if tt.wantErr != nil { + require.Error(t, err) + assert.True(t, errors.Is(err, tt.wantErr)) + } else { + require.NoError(t, err) + } + }) + } +} From a0b00313a8c380cb4139ef0476be4c74e7266ff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Tue, 10 Mar 2026 12:14:15 +0100 Subject: [PATCH 2/7] cmd/check-host-config: add podman network backend consistency check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Verify that rootful and rootless podman report the same network backend. When containers are embedded as root into the image (the default behavior), some podman versions interpret the existing storage as a migration and fall back to 'cni' for rootful only, leaving rootless on 'netavark'. In practice, the desired behavior is that podman uses the same network backend, regardless if there is an embedded container or not. Signed-off-by: Tomáš Hozza --- .../check/podman_network_backend.go | 74 +++++++++++++ .../check/podman_network_backend_test.go | 103 ++++++++++++++++++ 2 files changed, 177 insertions(+) create mode 100644 cmd/check-host-config/check/podman_network_backend.go create mode 100644 cmd/check-host-config/check/podman_network_backend_test.go diff --git a/cmd/check-host-config/check/podman_network_backend.go b/cmd/check-host-config/check/podman_network_backend.go new file mode 100644 index 0000000000..dddc525c68 --- /dev/null +++ b/cmd/check-host-config/check/podman_network_backend.go @@ -0,0 +1,74 @@ +package check + +import ( + "encoding/json" + "log" + + "github.com/osbuild/images/internal/buildconfig" +) + +func init() { + RegisterCheck(Metadata{ + Name: "podman-network-backend", + RequiresBlueprint: true, + }, podmanNetworkBackendCheck) +} + +type podmanInfo struct { + Host struct { + NetworkBackend string `json:"networkBackend"` + } `json:"host"` +} + +func getPodmanNetworkBackend(sudo bool) (string, error) { + var stdout []byte + var err error + + if sudo { + stdout, _, _, err = Exec("sudo", "podman", "info", "--format", "json") + } else { + stdout, _, _, err = Exec("podman", "info", "--format", "json") + } + if err != nil { + return "", err + } + + var info podmanInfo + if err := json.Unmarshal(stdout, &info); err != nil { + return "", err + } + + backend := info.Host.NetworkBackend + if backend == "" { + backend = "undefined" + } + return backend, nil +} + +// podmanNetworkBackendCheck verifies that rootful and rootless podman use the +// same network backend. When containers are embedded into the image as root, +// certain podman versions may interpret the existing storage as a migration +// and fall back to 'cni' for rootful only, creating an inconsistency. +func podmanNetworkBackendCheck(meta *Metadata, config *buildconfig.BuildConfig) error { + if len(config.Blueprint.Containers) == 0 { + return Skip("no embedded containers") + } + + rootful, err := getPodmanNetworkBackend(true) + if err != nil { + return Fail("failed to get rootful podman network backend:", err) + } + log.Printf("Rootful podman network backend: %s\n", rootful) + + rootless, err := getPodmanNetworkBackend(false) + if err != nil { + return Fail("failed to get rootless podman network backend:", err) + } + log.Printf("Rootless podman network backend: %s\n", rootless) + + if rootful != rootless { + return Fail("podman network backends are inconsistent:", "rootful="+rootful, "rootless="+rootless) + } + + return Pass() +} diff --git a/cmd/check-host-config/check/podman_network_backend_test.go b/cmd/check-host-config/check/podman_network_backend_test.go new file mode 100644 index 0000000000..4fbd4a7dc8 --- /dev/null +++ b/cmd/check-host-config/check/podman_network_backend_test.go @@ -0,0 +1,103 @@ +package check_test + +import ( + "errors" + "testing" + + "github.com/osbuild/blueprint/pkg/blueprint" + check "github.com/osbuild/images/cmd/check-host-config/check" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestPodmanNetworkBackendCheck(t *testing.T) { + tests := []struct { + name string + containers []blueprint.Container + mockExec map[string]ExecResult + wantErr error + }{ + { + name: "skip when no containers", + containers: nil, + wantErr: check.ErrCheckSkipped, + }, + { + name: "pass when backends match", + containers: []blueprint.Container{ + {Source: "registry.example.com/test"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman info --format json": { + Stdout: []byte(`{"host":{"networkBackend":"netavark"}}`), + }, + "podman info --format json": { + Stdout: []byte(`{"host":{"networkBackend":"netavark"}}`), + }, + }, + }, + { + name: "fail when backends differ", + containers: []blueprint.Container{ + {Source: "registry.example.com/test"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman info --format json": { + Stdout: []byte(`{"host":{"networkBackend":"cni"}}`), + }, + "podman info --format json": { + Stdout: []byte(`{"host":{"networkBackend":"netavark"}}`), + }, + }, + wantErr: check.ErrCheckFailed, + }, + { + name: "fail when rootless podman command fails", + containers: []blueprint.Container{ + {Source: "registry.example.com/test"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman info --format json": { + Stdout: []byte(`{"host":{"networkBackend":"netavark"}}`), + }, + "podman info --format json": { + Err: errors.New("podman not found"), + }, + }, + wantErr: check.ErrCheckFailed, + }, + { + name: "fail when rootful podman command fails", + containers: []blueprint.Container{ + {Source: "registry.example.com/test"}, + }, + mockExec: map[string]ExecResult{ + "sudo podman info --format json": { + Err: errors.New("podman not found"), + }, + }, + wantErr: check.ErrCheckFailed, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + installMockExec(t, tt.mockExec) + + chk, found := check.FindCheckByName("podman-network-backend") + require.True(t, found, "podman-network-backend check not found") + + config := buildConfigWithBlueprint(func(bp *blueprint.Blueprint) { + bp.Containers = tt.containers + }) + + err := chk.Func(chk.Meta, config) + if tt.wantErr != nil { + require.Error(t, err) + assert.True(t, errors.Is(err, tt.wantErr)) + } else { + require.NoError(t, err) + } + }) + } +} From c7105b184f0260af9ffd7ae90fdf4763f5e1e55e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Tue, 10 Mar 2026 11:42:21 +0100 Subject: [PATCH 3/7] pkg/container: add podman default network backend file generation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Certain versions of Podman (notably on RHEL 9) fall back to the legacy 'cni' network backend when they find existing container images in the system storage, assuming a migration from an older version. This is problematic for disk images that embed containers as a customization, because the legacy backend packages are not installed by default. Add a NetworkBackend type and a helper to generate the /var/lib/containers/storage/defaultNetworkBackend file, which tells Podman which backend to use and prevents the unwanted fallback. Signed-off-by: Tomáš Hozza --- pkg/container/podman.go | 40 +++++++++++++++++++++++++++ pkg/container/podman_test.go | 52 ++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+) create mode 100644 pkg/container/podman.go create mode 100644 pkg/container/podman_test.go diff --git a/pkg/container/podman.go b/pkg/container/podman.go new file mode 100644 index 0000000000..6fd243c4a0 --- /dev/null +++ b/pkg/container/podman.go @@ -0,0 +1,40 @@ +package container + +import ( + "path/filepath" + + "github.com/osbuild/images/pkg/customizations/fsnode" +) + +// NetworkBackend is the type of network backend used by Podman. +type NetworkBackend string + +const ( + NetworkBackendCNI NetworkBackend = "cni" + NetworkBackendNetavark NetworkBackend = "netavark" + + // DefaultStoragePath is the default container storage path used by Podman. + DefaultStoragePath = "/var/lib/containers/storage" +) + +// GenDefaultNetworkBackendFile creates an fsnode.File that writes the given +// network backend name to /defaultNetworkBackend. +// +// Certain versions of Podman fall back to 'cni' when they find existing +// container images in the system storage, assuming a migration from an older +// version. Writing this file prevents that behavior and forces Podman to use +// the specified backend. +// +// The storagePath parameter must match the container storage location for the +// image type. OSTree-based images relocate container storage to /usr/share +// because /var is not part of the ostree commit. +func GenDefaultNetworkBackendFile(storagePath string, backend NetworkBackend) (*fsnode.File, error) { + if storagePath == "" { + storagePath = DefaultStoragePath + } + file, err := fsnode.NewFile(filepath.Join(storagePath, "defaultNetworkBackend"), nil, nil, nil, []byte(backend)) + if err != nil { + return nil, err + } + return file, nil +} diff --git a/pkg/container/podman_test.go b/pkg/container/podman_test.go new file mode 100644 index 0000000000..3bf1a680fc --- /dev/null +++ b/pkg/container/podman_test.go @@ -0,0 +1,52 @@ +package container_test + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/osbuild/images/pkg/container" +) + +func TestGenDefaultNetworkBackendFile(t *testing.T) { + tests := []struct { + name string + storagePath string + backend container.NetworkBackend + expectedPath string + expectedContent string + }{ + { + name: "netavark backend with default path", + storagePath: "", + backend: container.NetworkBackendNetavark, + expectedPath: "/var/lib/containers/storage/defaultNetworkBackend", + expectedContent: "netavark", + }, + { + name: "cni backend with default path", + storagePath: "", + backend: container.NetworkBackendCNI, + expectedPath: "/var/lib/containers/storage/defaultNetworkBackend", + expectedContent: "cni", + }, + { + name: "netavark backend with custom storage path", + storagePath: "/usr/share/containers/storage", + backend: container.NetworkBackendNetavark, + expectedPath: "/usr/share/containers/storage/defaultNetworkBackend", + expectedContent: "netavark", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + file, err := container.GenDefaultNetworkBackendFile(tt.storagePath, tt.backend) + require.NoError(t, err) + require.NotNil(t, file) + assert.Equal(t, tt.expectedPath, file.Path()) + assert.Equal(t, []byte(tt.expectedContent), file.Data()) + }) + } +} From 5eda6c02ceaaccfd6139cd9755b3b6702a2cad0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Tue, 10 Mar 2026 11:53:19 +0100 Subject: [PATCH 4/7] pkg/distro: add PodmanDefaultNetBackend to ImageConfig and wire it up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a new ImageConfig option that specifies the default network backend for Podman. When set and the image embeds container images, the value is written to /var/lib/containers/storage/defaultNetworkBackend during image build. This prevents Podman from falling back to the legacy 'cni' backend when it finds pre-existing container images in storage, which it interprets as a system migration. Signed-off-by: Tomáš Hozza --- pkg/distro/generic/images.go | 12 ++++++++++++ pkg/distro/image_config.go | 10 ++++++++++ 2 files changed, 22 insertions(+) diff --git a/pkg/distro/generic/images.go b/pkg/distro/generic/images.go index 773552da7e..3f413feefe 100644 --- a/pkg/distro/generic/images.go +++ b/pkg/distro/generic/images.go @@ -336,6 +336,18 @@ func osCustomizations(t *imageType, osPackageSet rpmmd.PackageSet, options distr osc.Files = append(osc.Files, imageConfig.Files...) osc.Directories = append(osc.Directories, imageConfig.Directories...) + if len(containers) > 0 && imageConfig.PodmanDefaultNetBackend != nil { + var storagePath string + if osc.ContainersStorage != nil { + storagePath = *osc.ContainersStorage + } + defaultNetBackendFile, err := container.GenDefaultNetworkBackendFile(storagePath, *imageConfig.PodmanDefaultNetBackend) + if err != nil { + return osc, fmt.Errorf("generating default network backend file: %w", err) + } + osc.Files = append(osc.Files, defaultNetBackendFile) + } + if imageConfig.NoBLS != nil { osc.NoBLS = *imageConfig.NoBLS } diff --git a/pkg/distro/image_config.go b/pkg/distro/image_config.go index 8b656d6894..33ffe75e54 100644 --- a/pkg/distro/image_config.go +++ b/pkg/distro/image_config.go @@ -5,6 +5,7 @@ import ( "reflect" "github.com/osbuild/images/internal/common" + "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/customizations/fsnode" "github.com/osbuild/images/pkg/customizations/oci" "github.com/osbuild/images/pkg/customizations/ostreeserver" @@ -153,6 +154,15 @@ type ImageConfig struct { // /usr/lib/ostree-boot into bootupd-compatible update metadata. // Only set this to true if the bootupd package is available in the image. BootupdGenMetadata *bool `yaml:"bootupd_gen_metadata,omitempty"` + + // PodmanDefaultNetBackend sets the default network backend for Podman. + // The value is written to /var/lib/containers/storage/defaultNetworkBackend + // only when the image embeds container images. + // + // Certain versions of Podman fall back to 'cni' when they find existing + // containers in the storage, assuming a migration from an older version. + // This option prevents that behavior. + PodmanDefaultNetBackend *container.NetworkBackend `yaml:"podman_default_net_backend,omitempty"` } // shallowMerge creates a new struct by merging a child and a parent. From e7c9569d7309d7762f7a42237a502a54753c2d6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Tue, 10 Mar 2026 11:58:01 +0100 Subject: [PATCH 5/7] distro/rhel-9: set podman default network backend to netavark MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RHEL 9 Podman falls back to the legacy 'cni' network backend when it finds pre-existing container images in storage, but the 'cni' packages are not installed by default. Force 'netavark' so that images with embedded containers work out of the box. This only affects RHEL 9 / CentOS Stream 9; newer distros (and newer podman versions) don't have this fallback logic. Regenerate test manifests. All el9 / c9s manifests that embed containers now get the podman default network backend set. Signed-off-by: Tomáš Hozza --- data/distrodefs/rhel.yaml | 1 + .../manifest-checksums/centos_9-aarch64-ami-all_customizations | 2 +- .../centos_9-aarch64-edge_commit-embed_containers | 2 +- .../centos_9-aarch64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/centos_9-x86_64-ami-all_customizations | 2 +- .../centos_9-x86_64-edge_commit-embed_containers | 2 +- .../centos_9-x86_64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.0-aarch64-ami-all_customizations | 2 +- .../rhel_9.0-aarch64-edge_commit-embed_containers | 2 +- .../rhel_9.0-aarch64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.0-x86_64-ami-all_customizations | 2 +- .../rhel_9.0-x86_64-edge_commit-embed_containers | 2 +- .../rhel_9.0-x86_64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.2-aarch64-ami-all_customizations | 2 +- .../rhel_9.2-aarch64-edge_commit-embed_containers | 2 +- .../rhel_9.2-aarch64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.2-x86_64-ami-all_customizations | 2 +- .../rhel_9.2-x86_64-edge_commit-embed_containers | 2 +- .../rhel_9.2-x86_64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.4-aarch64-ami-all_customizations | 2 +- .../rhel_9.4-aarch64-edge_commit-embed_containers | 2 +- .../rhel_9.4-aarch64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.4-x86_64-ami-all_customizations | 2 +- .../rhel_9.4-x86_64-edge_commit-embed_containers | 2 +- .../rhel_9.4-x86_64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.6-aarch64-ami-all_customizations | 2 +- .../rhel_9.6-aarch64-edge_commit-embed_containers | 2 +- .../rhel_9.6-aarch64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.6-x86_64-ami-all_customizations | 2 +- .../rhel_9.6-x86_64-edge_commit-embed_containers | 2 +- .../rhel_9.6-x86_64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.7-aarch64-ami-all_customizations | 2 +- .../rhel_9.7-aarch64-edge_commit-embed_containers | 2 +- .../rhel_9.7-aarch64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.7-x86_64-ami-all_customizations | 2 +- .../rhel_9.7-x86_64-edge_commit-embed_containers | 2 +- .../rhel_9.7-x86_64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.8-aarch64-ami-all_customizations | 2 +- .../rhel_9.8-aarch64-edge_commit-embed_containers | 2 +- .../rhel_9.8-aarch64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.8-x86_64-ami-all_customizations | 2 +- .../rhel_9.8-x86_64-edge_commit-embed_containers | 2 +- .../rhel_9.8-x86_64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.9-aarch64-ami-all_customizations | 2 +- .../rhel_9.9-aarch64-edge_commit-embed_containers | 2 +- .../rhel_9.9-aarch64-edge_container-embed_containers_2 | 2 +- .../manifest-checksums/rhel_9.9-x86_64-ami-all_customizations | 2 +- .../rhel_9.9-x86_64-edge_commit-embed_containers | 2 +- .../rhel_9.9-x86_64-edge_container-embed_containers_2 | 2 +- 49 files changed, 49 insertions(+), 48 deletions(-) diff --git a/data/distrodefs/rhel.yaml b/data/distrodefs/rhel.yaml index 0aeca60c9b..719a66497c 100644 --- a/data/distrodefs/rhel.yaml +++ b/data/distrodefs/rhel.yaml @@ -220,6 +220,7 @@ distros: image_config: default: default_kernel: "kernel" + podman_default_net_backend: "netavark" default_oscap_datastream: "/usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml" install_weak_deps: true locale: "C.UTF-8" diff --git a/test/data/manifest-checksums/centos_9-aarch64-ami-all_customizations b/test/data/manifest-checksums/centos_9-aarch64-ami-all_customizations index 436b9c9bb3..173da6ba71 100644 --- a/test/data/manifest-checksums/centos_9-aarch64-ami-all_customizations +++ b/test/data/manifest-checksums/centos_9-aarch64-ami-all_customizations @@ -1 +1 @@ -3f094884ed1b2fa9a0cbe96eae4f23fb857cc740 +c2e9dd5807b8481792fb9d6f446ebc9ad286a82c diff --git a/test/data/manifest-checksums/centos_9-aarch64-edge_commit-embed_containers b/test/data/manifest-checksums/centos_9-aarch64-edge_commit-embed_containers index 0f4faf0411..8421ac51f2 100644 --- a/test/data/manifest-checksums/centos_9-aarch64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/centos_9-aarch64-edge_commit-embed_containers @@ -1 +1 @@ -075bf33624b99dcb41e5555b92244f2c0458f6a5 +a4d773b32f0011f9241f4ab0b3e9868a0041762b diff --git a/test/data/manifest-checksums/centos_9-aarch64-edge_container-embed_containers_2 b/test/data/manifest-checksums/centos_9-aarch64-edge_container-embed_containers_2 index 0689905d65..369b93645c 100644 --- a/test/data/manifest-checksums/centos_9-aarch64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/centos_9-aarch64-edge_container-embed_containers_2 @@ -1 +1 @@ -f4b2f8ff81c589887e8f371b92223f076420dd3a +b1cfe7a2be1451c4c33c4e2d9cd86d46881d97d3 diff --git a/test/data/manifest-checksums/centos_9-x86_64-ami-all_customizations b/test/data/manifest-checksums/centos_9-x86_64-ami-all_customizations index d29987b331..ef5d44c624 100644 --- a/test/data/manifest-checksums/centos_9-x86_64-ami-all_customizations +++ b/test/data/manifest-checksums/centos_9-x86_64-ami-all_customizations @@ -1 +1 @@ -d22e41b2027b7d8714932fa951b91680c0b92b6f +fc726f87add5fc33ebf0b7c78a3eccdd607a8edf diff --git a/test/data/manifest-checksums/centos_9-x86_64-edge_commit-embed_containers b/test/data/manifest-checksums/centos_9-x86_64-edge_commit-embed_containers index 2395792e58..338d846429 100644 --- a/test/data/manifest-checksums/centos_9-x86_64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/centos_9-x86_64-edge_commit-embed_containers @@ -1 +1 @@ -6799428d97294a6d5d11733c7aa80d9ff20309bd +47d1cd5433975dde794ff8a0852351995e99652a diff --git a/test/data/manifest-checksums/centos_9-x86_64-edge_container-embed_containers_2 b/test/data/manifest-checksums/centos_9-x86_64-edge_container-embed_containers_2 index b123c89fc0..5ac842eb94 100644 --- a/test/data/manifest-checksums/centos_9-x86_64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/centos_9-x86_64-edge_container-embed_containers_2 @@ -1 +1 @@ -694dc514b2e7f20ce5a97fc465a56d6e0734b3b9 +172e8930beee77fb8a39b963678e94995d30fb65 diff --git a/test/data/manifest-checksums/rhel_9.0-aarch64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.0-aarch64-ami-all_customizations index 125dc752fe..2afd6bbe94 100644 --- a/test/data/manifest-checksums/rhel_9.0-aarch64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.0-aarch64-ami-all_customizations @@ -1 +1 @@ -db5e1157c38dc246a3f1e2bbc35bc82046a2543a +9122721d9632b56485ece097eaac4a4f1ec06f6a diff --git a/test/data/manifest-checksums/rhel_9.0-aarch64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.0-aarch64-edge_commit-embed_containers index fdecb256ad..ae6aef5fd6 100644 --- a/test/data/manifest-checksums/rhel_9.0-aarch64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.0-aarch64-edge_commit-embed_containers @@ -1 +1 @@ -d65d0732b406bc20fab0e27bccb8bcdff9bd9690 +5c80379c1ae04104005554c10183b0d2c839a7f7 diff --git a/test/data/manifest-checksums/rhel_9.0-aarch64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.0-aarch64-edge_container-embed_containers_2 index 5a8d6561d3..ea875acc3a 100644 --- a/test/data/manifest-checksums/rhel_9.0-aarch64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.0-aarch64-edge_container-embed_containers_2 @@ -1 +1 @@ -0817f55f1ade1befd18148b53e4b7b3b27844e6c +ccbb84dfe1d4355a55c8aab393c7337a823f1ddd diff --git a/test/data/manifest-checksums/rhel_9.0-x86_64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.0-x86_64-ami-all_customizations index 9ae20f0929..b3d28a41c3 100644 --- a/test/data/manifest-checksums/rhel_9.0-x86_64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.0-x86_64-ami-all_customizations @@ -1 +1 @@ -93623caff245fe598d7007d170510a52f529eda7 +905234df9dfcce2be393bedfee50918df44dc322 diff --git a/test/data/manifest-checksums/rhel_9.0-x86_64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.0-x86_64-edge_commit-embed_containers index 06d5ce5d18..fbfc46b465 100644 --- a/test/data/manifest-checksums/rhel_9.0-x86_64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.0-x86_64-edge_commit-embed_containers @@ -1 +1 @@ -eb61df0121a927bc399f1b8e0bca92494f8657dd +4d0a51b69154f8cf25374b7c195e6df594dad595 diff --git a/test/data/manifest-checksums/rhel_9.0-x86_64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.0-x86_64-edge_container-embed_containers_2 index 748be8a8f6..dc5aa80de4 100644 --- a/test/data/manifest-checksums/rhel_9.0-x86_64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.0-x86_64-edge_container-embed_containers_2 @@ -1 +1 @@ -a3c538ebfa9dd250ee78bf9c79e048235dfc11ee +d49e1a3629bcc4e6a41b605ea408514d12880cda diff --git a/test/data/manifest-checksums/rhel_9.2-aarch64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.2-aarch64-ami-all_customizations index 4296f733b3..fc35efaa56 100644 --- a/test/data/manifest-checksums/rhel_9.2-aarch64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.2-aarch64-ami-all_customizations @@ -1 +1 @@ -bf6de9c1e8e3cb293edf4fd2d63113b6f4f0fdff +3e33af3cee5fd2b93e5db665e0c64653cae55f8b diff --git a/test/data/manifest-checksums/rhel_9.2-aarch64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.2-aarch64-edge_commit-embed_containers index 4fb163ee11..cf3255566b 100644 --- a/test/data/manifest-checksums/rhel_9.2-aarch64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.2-aarch64-edge_commit-embed_containers @@ -1 +1 @@ -21a74f95859d48e69eb1eb0c80afe43049b7de21 +2ea7d9f120c93939f42b22dd90ad28abfdaa4ecb diff --git a/test/data/manifest-checksums/rhel_9.2-aarch64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.2-aarch64-edge_container-embed_containers_2 index 335ce0f1e5..7b92c5faf7 100644 --- a/test/data/manifest-checksums/rhel_9.2-aarch64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.2-aarch64-edge_container-embed_containers_2 @@ -1 +1 @@ -7aef2ecbf96e4374252782757278cb8fe7a68ea3 +5dcd95ede4ac702cd1e4a884db15f9c9506d00de diff --git a/test/data/manifest-checksums/rhel_9.2-x86_64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.2-x86_64-ami-all_customizations index e26694bc21..1f4bb59d83 100644 --- a/test/data/manifest-checksums/rhel_9.2-x86_64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.2-x86_64-ami-all_customizations @@ -1 +1 @@ -1c261688afece66776de57381ba1b0fd48a9b25a +9391d06228ca73a2c0c5ee266b42e0d2c21e392b diff --git a/test/data/manifest-checksums/rhel_9.2-x86_64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.2-x86_64-edge_commit-embed_containers index 0267074d30..253d6a0ef3 100644 --- a/test/data/manifest-checksums/rhel_9.2-x86_64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.2-x86_64-edge_commit-embed_containers @@ -1 +1 @@ -dec5479acaa4409d6ebd367c7023048993879412 +2efaeb78a1596c00f65e8e1dbf4aed0774efb68d diff --git a/test/data/manifest-checksums/rhel_9.2-x86_64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.2-x86_64-edge_container-embed_containers_2 index 196ffb4748..2c253ac543 100644 --- a/test/data/manifest-checksums/rhel_9.2-x86_64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.2-x86_64-edge_container-embed_containers_2 @@ -1 +1 @@ -cdc6715862bc8a54611724579c0dc5b467fba7b3 +da33df3435aacd745595d0ca86577d918d89d14e diff --git a/test/data/manifest-checksums/rhel_9.4-aarch64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.4-aarch64-ami-all_customizations index b330f85a93..c22f9ab5c7 100644 --- a/test/data/manifest-checksums/rhel_9.4-aarch64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.4-aarch64-ami-all_customizations @@ -1 +1 @@ -24a2310e929dcbac6380997e190e644410557912 +e7376495b07455c9ec39cfcd645cb868639cad73 diff --git a/test/data/manifest-checksums/rhel_9.4-aarch64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.4-aarch64-edge_commit-embed_containers index 09d16a5d2c..a4932f11f4 100644 --- a/test/data/manifest-checksums/rhel_9.4-aarch64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.4-aarch64-edge_commit-embed_containers @@ -1 +1 @@ -94eb0a36b2d572b763a271c15d2de450acefc3b2 +a2e6fda91d84088a8b00d63fabcd4a755f657136 diff --git a/test/data/manifest-checksums/rhel_9.4-aarch64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.4-aarch64-edge_container-embed_containers_2 index fe9a9041b9..e8478cf771 100644 --- a/test/data/manifest-checksums/rhel_9.4-aarch64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.4-aarch64-edge_container-embed_containers_2 @@ -1 +1 @@ -760e63c5242b3f06e06f3851a9f78b3e2280f2da +025292b5978522da7e079930e8b1b4bd3fd82f61 diff --git a/test/data/manifest-checksums/rhel_9.4-x86_64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.4-x86_64-ami-all_customizations index 677eedde7b..5c3e4397f5 100644 --- a/test/data/manifest-checksums/rhel_9.4-x86_64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.4-x86_64-ami-all_customizations @@ -1 +1 @@ -e4b70cc3f3c8f5ce63c741fd9af859b69822c2e3 +fa4adb4f0ab887e83e10291b9d551b6029a5a290 diff --git a/test/data/manifest-checksums/rhel_9.4-x86_64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.4-x86_64-edge_commit-embed_containers index 2ea70ac08b..505791e2e6 100644 --- a/test/data/manifest-checksums/rhel_9.4-x86_64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.4-x86_64-edge_commit-embed_containers @@ -1 +1 @@ -99bcd2cb2050d072f408b90c92972c11b79b2693 +0bd847488b4d58288339a4ef5373f74554df6952 diff --git a/test/data/manifest-checksums/rhel_9.4-x86_64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.4-x86_64-edge_container-embed_containers_2 index 39a25b4c33..4f2838632b 100644 --- a/test/data/manifest-checksums/rhel_9.4-x86_64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.4-x86_64-edge_container-embed_containers_2 @@ -1 +1 @@ -775004ad99709c2644fb3ea8ce6a35604bac906a +731e2b5ecbf4412fda7dc7b5d95627c795d05822 diff --git a/test/data/manifest-checksums/rhel_9.6-aarch64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.6-aarch64-ami-all_customizations index 92297258d9..4d2dd4f8d5 100644 --- a/test/data/manifest-checksums/rhel_9.6-aarch64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.6-aarch64-ami-all_customizations @@ -1 +1 @@ -27a7027e9b21793c685b609608cd17c272d409c9 +819d4603fa5191e79ed501b163fef679e746cc5f diff --git a/test/data/manifest-checksums/rhel_9.6-aarch64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.6-aarch64-edge_commit-embed_containers index 8946e2d295..5a40db5745 100644 --- a/test/data/manifest-checksums/rhel_9.6-aarch64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.6-aarch64-edge_commit-embed_containers @@ -1 +1 @@ -064999353642ac414049ecada75a84d5570c75ca +753063fed65e80b0e1d681b35c1167a42c72fe82 diff --git a/test/data/manifest-checksums/rhel_9.6-aarch64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.6-aarch64-edge_container-embed_containers_2 index 3a3f4dcccc..2ee800c3d3 100644 --- a/test/data/manifest-checksums/rhel_9.6-aarch64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.6-aarch64-edge_container-embed_containers_2 @@ -1 +1 @@ -0b779f0a0d75b550cd49be50cf99975361287597 +10aaebb34cafd6cd338de0c895174628e841767b diff --git a/test/data/manifest-checksums/rhel_9.6-x86_64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.6-x86_64-ami-all_customizations index 3b004725cc..da1a9f46dd 100644 --- a/test/data/manifest-checksums/rhel_9.6-x86_64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.6-x86_64-ami-all_customizations @@ -1 +1 @@ -65e166f46aefd3b28d46792b97f2cecdefb6dfbb +0d50530661812e2664206e47390b4a45cbcecb6d diff --git a/test/data/manifest-checksums/rhel_9.6-x86_64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.6-x86_64-edge_commit-embed_containers index bea1892125..3164331c71 100644 --- a/test/data/manifest-checksums/rhel_9.6-x86_64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.6-x86_64-edge_commit-embed_containers @@ -1 +1 @@ -1d5b7d2f57792be9ebebba6aed09099852176937 +b394dd86ffe5eb0f79dce629e02b77eb30b668d2 diff --git a/test/data/manifest-checksums/rhel_9.6-x86_64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.6-x86_64-edge_container-embed_containers_2 index dce3d8d9bf..d323638981 100644 --- a/test/data/manifest-checksums/rhel_9.6-x86_64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.6-x86_64-edge_container-embed_containers_2 @@ -1 +1 @@ -06a15301284d0fa040cccb986aef0d8ef100c575 +481898c8f269845fc69dca251a780a015609476f diff --git a/test/data/manifest-checksums/rhel_9.7-aarch64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.7-aarch64-ami-all_customizations index 6f4f61879f..4516cdcce1 100644 --- a/test/data/manifest-checksums/rhel_9.7-aarch64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.7-aarch64-ami-all_customizations @@ -1 +1 @@ -d58a3618c6938f0dae590965f3681c351d7b4512 +1ac210ee2566b5eff11c795c2e08bf2507dfa251 diff --git a/test/data/manifest-checksums/rhel_9.7-aarch64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.7-aarch64-edge_commit-embed_containers index 22ce207ef3..f6affd609e 100644 --- a/test/data/manifest-checksums/rhel_9.7-aarch64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.7-aarch64-edge_commit-embed_containers @@ -1 +1 @@ -8381fe251db1735296a26c923e8bde28a46ab9b9 +6a58ae24efa4e492d6ef5c71da3a0b296b5b8ae5 diff --git a/test/data/manifest-checksums/rhel_9.7-aarch64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.7-aarch64-edge_container-embed_containers_2 index 8a28c80e53..e18e1aa0b4 100644 --- a/test/data/manifest-checksums/rhel_9.7-aarch64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.7-aarch64-edge_container-embed_containers_2 @@ -1 +1 @@ -b3f9376185583b50871e18c4af029b0e058b21d2 +745a81e81c406f3589a3b60073d1c488acd3bc33 diff --git a/test/data/manifest-checksums/rhel_9.7-x86_64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.7-x86_64-ami-all_customizations index dd9740a504..8b5f213aab 100644 --- a/test/data/manifest-checksums/rhel_9.7-x86_64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.7-x86_64-ami-all_customizations @@ -1 +1 @@ -a8e09a5a4697f885f82ed5872fe7a76a9272bd77 +50ecaafde3e729d58cd70f0fcbf8a40062008bb8 diff --git a/test/data/manifest-checksums/rhel_9.7-x86_64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.7-x86_64-edge_commit-embed_containers index a5f4ef02f5..adfdac5976 100644 --- a/test/data/manifest-checksums/rhel_9.7-x86_64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.7-x86_64-edge_commit-embed_containers @@ -1 +1 @@ -737f45a7c8bf391132b47b00c400346e9a6c33b3 +d781d8e6c484cfe8227f672f761dd0d055496035 diff --git a/test/data/manifest-checksums/rhel_9.7-x86_64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.7-x86_64-edge_container-embed_containers_2 index 5ada2c1fce..760639cd21 100644 --- a/test/data/manifest-checksums/rhel_9.7-x86_64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.7-x86_64-edge_container-embed_containers_2 @@ -1 +1 @@ -8d6ea06ffb757c4d1ec01642b348475039b14fca +04bbdc5868f86d2cebf966bc9c128c2299d134b1 diff --git a/test/data/manifest-checksums/rhel_9.8-aarch64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.8-aarch64-ami-all_customizations index bd0a45108a..2b37bf90bd 100644 --- a/test/data/manifest-checksums/rhel_9.8-aarch64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.8-aarch64-ami-all_customizations @@ -1 +1 @@ -52dc90a4349bab8695b42a87ce4dfb7b1b73f75f +ecb21cccbc80b52c66ba459158cb61ba395802e8 diff --git a/test/data/manifest-checksums/rhel_9.8-aarch64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.8-aarch64-edge_commit-embed_containers index cc02c8c3ed..cc265206a9 100644 --- a/test/data/manifest-checksums/rhel_9.8-aarch64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.8-aarch64-edge_commit-embed_containers @@ -1 +1 @@ -4f608affaef2871bdcd179f0d53c55fe12dbfd81 +cc35dd00f007ce8383578ed95c83c01ca503d8b3 diff --git a/test/data/manifest-checksums/rhel_9.8-aarch64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.8-aarch64-edge_container-embed_containers_2 index 0abd30c775..a4e9cc6891 100644 --- a/test/data/manifest-checksums/rhel_9.8-aarch64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.8-aarch64-edge_container-embed_containers_2 @@ -1 +1 @@ -9baa6c0a117bb88b8fbf753fb6c021d5fb0d06e4 +fe88f663b65447182522e86e2052bf021520b561 diff --git a/test/data/manifest-checksums/rhel_9.8-x86_64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.8-x86_64-ami-all_customizations index 2781646c8b..47eb6086a6 100644 --- a/test/data/manifest-checksums/rhel_9.8-x86_64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.8-x86_64-ami-all_customizations @@ -1 +1 @@ -0002704351beb872cc52cc3b10fbee17e4439700 +dfc592eba311dbab3b57f11c935828b8bdb90b65 diff --git a/test/data/manifest-checksums/rhel_9.8-x86_64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.8-x86_64-edge_commit-embed_containers index d21002e2cd..13321d5634 100644 --- a/test/data/manifest-checksums/rhel_9.8-x86_64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.8-x86_64-edge_commit-embed_containers @@ -1 +1 @@ -2835e1fef5c4c2811c9b8752773ec1dbe2cb3ee4 +1170612003aa285a99225a1805cdd53af75bb5bb diff --git a/test/data/manifest-checksums/rhel_9.8-x86_64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.8-x86_64-edge_container-embed_containers_2 index 945acec365..82f5ed158e 100644 --- a/test/data/manifest-checksums/rhel_9.8-x86_64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.8-x86_64-edge_container-embed_containers_2 @@ -1 +1 @@ -9d21f1e57ef60dbb79b3502473901379cd040f59 +fd0631cecf15650422656786668eb7dffa6e3cf8 diff --git a/test/data/manifest-checksums/rhel_9.9-aarch64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.9-aarch64-ami-all_customizations index dd7e436d8c..728317e4f6 100644 --- a/test/data/manifest-checksums/rhel_9.9-aarch64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.9-aarch64-ami-all_customizations @@ -1 +1 @@ -6ef21989af6154260dc1db3eda4da61e66dfc1e2 +f96f9c79bb40b7cafc74a4ddb99319a0702b31d7 diff --git a/test/data/manifest-checksums/rhel_9.9-aarch64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.9-aarch64-edge_commit-embed_containers index 2893a19616..3321c4120a 100644 --- a/test/data/manifest-checksums/rhel_9.9-aarch64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.9-aarch64-edge_commit-embed_containers @@ -1 +1 @@ -06226ed316ffd6c7b37fd578ac1283abf7c4f889 +efa0ad955f4a069b388000c9d7f6bbc31c6e9ffe diff --git a/test/data/manifest-checksums/rhel_9.9-aarch64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.9-aarch64-edge_container-embed_containers_2 index fbc68dab9b..4c459ca7da 100644 --- a/test/data/manifest-checksums/rhel_9.9-aarch64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.9-aarch64-edge_container-embed_containers_2 @@ -1 +1 @@ -21af58b614ea1712f8b222873346e45ffcd710b7 +0c7ba865c71648a935b8eddf5c45086607b75718 diff --git a/test/data/manifest-checksums/rhel_9.9-x86_64-ami-all_customizations b/test/data/manifest-checksums/rhel_9.9-x86_64-ami-all_customizations index 1946529a8e..286cc82780 100644 --- a/test/data/manifest-checksums/rhel_9.9-x86_64-ami-all_customizations +++ b/test/data/manifest-checksums/rhel_9.9-x86_64-ami-all_customizations @@ -1 +1 @@ -780635f35b9359c53611edff4e81f6d38436d232 +f6616766716476eea3c955c5b762313efd4b6430 diff --git a/test/data/manifest-checksums/rhel_9.9-x86_64-edge_commit-embed_containers b/test/data/manifest-checksums/rhel_9.9-x86_64-edge_commit-embed_containers index 2702f143dd..56605f8142 100644 --- a/test/data/manifest-checksums/rhel_9.9-x86_64-edge_commit-embed_containers +++ b/test/data/manifest-checksums/rhel_9.9-x86_64-edge_commit-embed_containers @@ -1 +1 @@ -93e9bf80e6bc1c1866ba862221475c207dd2cf57 +766ba46e89ce4b61c04d92e73b05021a4047be7f diff --git a/test/data/manifest-checksums/rhel_9.9-x86_64-edge_container-embed_containers_2 b/test/data/manifest-checksums/rhel_9.9-x86_64-edge_container-embed_containers_2 index 86986058bd..e96a176399 100644 --- a/test/data/manifest-checksums/rhel_9.9-x86_64-edge_container-embed_containers_2 +++ b/test/data/manifest-checksums/rhel_9.9-x86_64-edge_container-embed_containers_2 @@ -1 +1 @@ -ac61819ff7a88d17083305a9584862022d3a6108 +4a5161db027c67cb77fc534b269bbbf4871950c3 From 016b53cc373c27a6e4b463123c823edc3706d663 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Tue, 10 Mar 2026 12:11:55 +0100 Subject: [PATCH 6/7] distro: add tests for PodmanDefaultNetBackend MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Verify the podman default network backend behavior at multiple levels: - YAML loading: fake distro YAML with podman_default_net_backend loads correctly into ImageConfig - osCustomizations: the backend file is generated only when both containers are present and the option is set - Real distro cross-check: RHEL 9 has it set to netavark, while Fedora and RHEL 10 leave it unset Signed-off-by: Tomáš Hozza --- pkg/distro/defs/loader_test.go | 71 ++++++++++++++++++ pkg/distro/generic/fedora_test.go | 15 ++++ pkg/distro/generic/images_test.go | 117 ++++++++++++++++++++++++++++++ pkg/distro/generic/rhel10_test.go | 15 ++++ pkg/distro/generic/rhel9_test.go | 16 ++++ 5 files changed, 234 insertions(+) diff --git a/pkg/distro/defs/loader_test.go b/pkg/distro/defs/loader_test.go index 103118f454..ead2750ede 100644 --- a/pkg/distro/defs/loader_test.go +++ b/pkg/distro/defs/loader_test.go @@ -14,6 +14,7 @@ import ( "github.com/osbuild/images/internal/common" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/customizations/oscap" "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/datasizes" @@ -702,6 +703,76 @@ image_types: }) } +func TestDefsDistroImageConfigPodmanDefaultNetBackend(t *testing.T) { + netavark := container.NetworkBackendNetavark + + fakeImageTypeYaml := ` +image_types: + test_type: + filename: foo +` + tests := []struct { + name string + distroYaml string + expected *container.NetworkBackend + nilImgCfg bool + }{ + { + name: "podman_default_net_backend is loaded", + distroYaml: ` +distros: + - name: test-distro-1 + vendor: test-vendor + defs_path: test-distro-1/ + image_config: + default: + podman_default_net_backend: "netavark" +`, + expected: &netavark, + }, + { + name: "podman_default_net_backend absent is nil", + distroYaml: ` +distros: + - name: test-distro-1 + vendor: test-vendor + defs_path: test-distro-1/ + image_config: + default: + locale: "C.UTF-8" +`, + expected: nil, + }, + { + name: "no image_config at all", + distroYaml: ` +distros: + - name: test-distro-1 + vendor: test-vendor + defs_path: test-distro-1/ +`, + nilImgCfg: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + baseDir := makeFakeDistrosYAML(t, tt.distroYaml, fakeImageTypeYaml) + restore := defs.MockDataFS(baseDir) + t.Cleanup(restore) + + dist, err := defs.NewDistroYAML("test-distro-1") + require.NoError(t, err) + if tt.nilImgCfg { + assert.Nil(t, dist.ImageConfig()) + } else { + require.NotNil(t, dist.ImageConfig()) + assert.Equal(t, tt.expected, dist.ImageConfig().PodmanDefaultNetBackend) + } + }) + } +} + func TestDefsPartitionTableErrorsNotForImageType(t *testing.T) { badDistroYamlMissingPartitionTable := ` image_types: diff --git a/pkg/distro/generic/fedora_test.go b/pkg/distro/generic/fedora_test.go index 005e8def1a..e8470f968b 100644 --- a/pkg/distro/generic/fedora_test.go +++ b/pkg/distro/generic/fedora_test.go @@ -775,3 +775,18 @@ func TestFedoraDistroBootstrapRef(t *testing.T) { } } } + +func TestFedora_PodmanDefaultNetBackendIsNil(t *testing.T) { + for _, d := range fedoraFamilyDistros { + t.Run(d.Name(), func(t *testing.T) { + a, err := d.GetArch("x86_64") + require.NoError(t, err) + + it, err := a.GetImageType("qcow2") + require.NoError(t, err) + + cfg := it.(*generic.ImageType).GetDefaultImageConfig() + assert.Nil(t, cfg.PodmanDefaultNetBackend, "Fedora should not set PodmanDefaultNetBackend") + }) + } +} diff --git a/pkg/distro/generic/images_test.go b/pkg/distro/generic/images_test.go index 58cebf229e..bb773824ff 100644 --- a/pkg/distro/generic/images_test.go +++ b/pkg/distro/generic/images_test.go @@ -10,8 +10,10 @@ import ( "github.com/osbuild/blueprint/pkg/blueprint" "github.com/osbuild/images/internal/common" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/distro/defs" + "github.com/osbuild/images/pkg/rpmmd" ) func isoTestImageType() *imageType { @@ -134,3 +136,118 @@ func TestReplaceBasictemplate(t *testing.T) { assert.Equal(t, replaceBasicTemplate(tc.input, tc.arch), tc.expected) } } + +func diskTestImageType() *imageType { + return &imageType{ + arch: &architecture{ + distro: &distribution{}, + }, + ImageTypeYAML: defs.ImageTypeYAML{}, + } +} + +func ostreeTestImageType() *imageType { + it := diskTestImageType() + it.ImageTypeYAML.OSTree.Ref = "rhel/9/x86_64/edge" + return it +} + +func TestOSCustomizationsPodmanDefaultNetBackend(t *testing.T) { + netavark := container.NetworkBackendNetavark + + tests := []struct { + name string + imageType func() *imageType + backend *container.NetworkBackend + containers []container.SourceSpec + expectFile bool + expectedPath string + expectedVal string + }{ + { + name: "disk: backend set with containers creates file", + imageType: diskTestImageType, + backend: &netavark, + containers: []container.SourceSpec{ + {Source: "registry.example.com/test:latest"}, + }, + expectFile: true, + expectedPath: "/var/lib/containers/storage/defaultNetworkBackend", + expectedVal: "netavark", + }, + { + name: "disk: nil backend with containers does not create file", + imageType: diskTestImageType, + backend: nil, + containers: []container.SourceSpec{ + {Source: "registry.example.com/test:latest"}, + }, + expectFile: false, + }, + { + name: "disk: backend set without containers does not create file", + imageType: diskTestImageType, + backend: &netavark, + containers: nil, + expectFile: false, + }, + { + name: "disk: nil backend without containers does not create file", + imageType: diskTestImageType, + backend: nil, + containers: nil, + expectFile: false, + }, + { + name: "ostree: backend set with containers creates file in relocated path", + imageType: ostreeTestImageType, + backend: &netavark, + containers: []container.SourceSpec{ + {Source: "registry.example.com/test:latest"}, + }, + expectFile: true, + expectedPath: "/usr/share/containers/storage/defaultNetworkBackend", + expectedVal: "netavark", + }, + { + name: "ostree: nil backend with containers does not create file", + imageType: ostreeTestImageType, + backend: nil, + containers: []container.SourceSpec{ + {Source: "registry.example.com/test:latest"}, + }, + expectFile: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + it := tt.imageType() + it.ImageConfigYAML.ImageConfig = &distro.ImageConfig{ + PodmanDefaultNetBackend: tt.backend, + } + + bp := &blueprint.Blueprint{} + osc, err := osCustomizations(it, rpmmd.PackageSet{}, distro.ImageOptions{}, tt.containers, bp) + require.NoError(t, err) + + if !tt.expectFile { + for _, f := range osc.Files { + assert.NotContains(t, f.Path(), "defaultNetworkBackend", + "unexpected defaultNetworkBackend file found at %s", f.Path()) + } + return + } + + var found bool + for _, f := range osc.Files { + if f.Path() == tt.expectedPath { + found = true + assert.Equal(t, []byte(tt.expectedVal), f.Data()) + break + } + } + assert.True(t, found, "expected file at %s", tt.expectedPath) + }) + } +} diff --git a/pkg/distro/generic/rhel10_test.go b/pkg/distro/generic/rhel10_test.go index caedc86899..508ca68a0e 100644 --- a/pkg/distro/generic/rhel10_test.go +++ b/pkg/distro/generic/rhel10_test.go @@ -401,3 +401,18 @@ func TestRH10Rhel10_KernelOption_NoIfnames(t *testing.T) { } } } + +func TestRhel10_PodmanDefaultNetBackendIsNil(t *testing.T) { + for _, fd := range rhel10FamilyDistros { + t.Run(fd.name, func(t *testing.T) { + a, err := fd.distro.GetArch("x86_64") + require.NoError(t, err) + + it, err := a.GetImageType("qcow2") + require.NoError(t, err) + + cfg := it.(*generic.ImageType).GetDefaultImageConfig() + assert.Nil(t, cfg.PodmanDefaultNetBackend, "RHEL 10 should not set PodmanDefaultNetBackend") + }) + } +} diff --git a/pkg/distro/generic/rhel9_test.go b/pkg/distro/generic/rhel9_test.go index 8ca32ce2c6..7e68b2afe1 100644 --- a/pkg/distro/generic/rhel9_test.go +++ b/pkg/distro/generic/rhel9_test.go @@ -9,6 +9,7 @@ import ( "github.com/osbuild/blueprint/pkg/blueprint" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/container" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/distro/distro_test_common" "github.com/osbuild/images/pkg/distro/generic" @@ -667,3 +668,18 @@ func TestRhel9_DistroFactory(t *testing.T) { }) } } + +func TestRhel9_PodmanDefaultNetBackendIsSet(t *testing.T) { + d := generic.DistroFactory("rhel-94") + require.NotNil(t, d) + + a, err := d.GetArch("x86_64") + require.NoError(t, err) + + it, err := a.GetImageType("qcow2") + require.NoError(t, err) + + cfg := it.(*generic.ImageType).GetDefaultImageConfig() + require.NotNil(t, cfg.PodmanDefaultNetBackend, "RHEL 9 should set PodmanDefaultNetBackend to work around the cni fallback") + assert.Equal(t, container.NetworkBackendNetavark, *cfg.PodmanDefaultNetBackend) +} From 723cbd6165165862449de8d7ae1aebe9d970ba83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Thu, 28 May 2026 21:41:19 +0200 Subject: [PATCH 7/7] Schutzfile: bump rngseed to force full rebuild MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make sure that the newly added checks are run on all images. Signed-off-by: Tomáš Hozza --- Schutzfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Schutzfile b/Schutzfile index 77d39362d1..2b6595ed3f 100644 --- a/Schutzfile +++ b/Schutzfile @@ -1,6 +1,6 @@ { "common": { - "rngseed": 2026051900, + "rngseed": 2026052802, "dependencies": { "bootc-image-builder": { "ref": "quay.io/centos-bootc/bootc-image-builder@sha256:9893e7209e5f449b86ababfd2ee02a58cca2e5990f77b06c3539227531fc8120"