* Thu Jun 09 2022 Marcus Schäfer - Bump version: 9.24.40 → 9.24.41 * Wed Jun 08 2022 Marcus Schäfer - Fix helper method to detect dracut outfile format The method _get_boot_image_output_file_format_from_dracut_code is used in kiwi to match parts of the dracut code for the used output file format. Beginning with dracut-056 the code part checked has changed syntactically such that the match did no longer work. This commit increases the scope of the match and replace pattern and Fixes #2149 * Wed Jun 08 2022 Marcus Schäfer - Fixed handling of signing_keys in cmdline options When passing signing_keys with the --add-repo|--set-repo commandline options the delimiter to separate the single key information is a colon(:). However, this is stupid when kiwi expects the signing key to be references as an URI format like file://... Therefore this patch changes the delimiter from colon(:) to semicolon(;) * Wed Jun 01 2022 Marcus Schäfer - Bump version: 9.24.39 → 9.24.40 * Wed Jun 01 2022 Carlos Bederián - Setup SELinux on every system prepare / build (#2148) Setup SELinux on every system prepare / build such that all image types benefit from it not only the disk (oem) type * Sun May 29 2022 Marcus Schäfer - Install all of QEMU to Ubuntu arm integration test * Sun May 29 2022 Marcus Schäfer - rename user to ubuntu for Ubuntu integration test * Sun May 29 2022 Marcus Schäfer - Bump version: 9.24.38 → 9.24.39 * Sun May 29 2022 Marcus Schäfer - Move to sphinx>=5.0.0 * Sun May 29 2022 Marcus Schäfer - Bump version: 9.24.37 → 9.24.38 * Sun May 29 2022 Marcus Schäfer - Fixed sphinx extlinks rendering In Sphinx v5 warning will be treated as errors. This results in the following warning to be an error: extlinks: Sphinx-6.0 will require a caption string to contain exactly one \'%s\' and all other \'%\' need to be escaped as \'%%\'. This commit applies the required quoting * Sun May 29 2022 Marcus Schäfer - Bump version: 9.24.36 → 9.24.37 * Sat May 28 2022 Marcus Schäfer - Added example aarch64 integration test for Ubuntu Created a RaspberryPI image description for Ubuntu(jammy) as integration test for building aarch64 images and added it to the integration test matrix * Mon May 23 2022 Marcus Schäfer - Added --target-arch for image info Allow cross arch dependency solving * Fri May 20 2022 Marcus Schäfer - update docs * Fri May 20 2022 Marcus Schäfer - Add support for group id in users setting Allow to specify the group id in the groups list a user should belong to. The group id can be placed as part of the group name separated by a colon like in the following example: Please note kiwi checks if the provided group already exists and only creates a group if it is not already present in the system. As default groups are usually provided by the OS itself including its preferred group id, you will intentionally not be able to overwrite group id for existing groups. This Fixes #2064 * Thu May 19 2022 Marcus Schäfer - Bump version: 9.24.35 → 9.24.36 * Tue May 17 2022 Robert Schweikert - Subformats should also not be compressed when encryption is enabled (#2138) Subformats should also not be compressed when encryption is enabled This is a follow on change to bdba953. When the filesystem is encrypted the resulting image should not be compressed. Also explain why we ignore the compression seeting in the user configuration for encrypted images. * Mon May 16 2022 Marcus Schäfer - Add support for prebuilt bootstrap package for apt When using the apt packagemanager kiwi required the use of debootstrap to create the initial rootfs. This works as long as there is always a main distribution repository available which follows the structure of the official debian mirrors. However if such a main distribution is not present or an alternative layout like e.g OBS repos is used, debootstrap will refuse to work. To allow for an alternative and without the dependency to debootstrap kiwi supports using a prebuilt bootstrap package providing the mini rootfs to serve as the bootstrap result. As all other package managers properly supports installation into an empty new root, this feature was only added when using the apt packagemanager * Sun May 08 2022 Marcus Schäfer - Bump version: 9.24.34 → 9.24.35 * Sat May 07 2022 Marcus Schäfer - Allow more repo params to be set on the cmdline The repository parameters for signing keys, the component list the main distribution name for debian repositories and also the repository_gpgcheck could not be set via the commandline options --add-repo and/or --set-repo. This commit adds support for them and also updates the manual page accordingly * Sat May 07 2022 Marcus Schäfer - Update ubuntu integration tests Build them against latest release (jammy). This Fixes #2128 * Sat May 07 2022 Marcus Schäfer - Bump version: 9.24.33 → 9.24.34 * Thu May 05 2022 Marcus Schäfer - Follow up fix for isolinux-config isolinux-config is called to update the search path inside of the isolinux binary. isolinux/syslinux is exclusive to the ix86 architecture and to BIOS firmware. Therefore the condition to actually call it should reflect this. * Thu May 05 2022 Marcus Schäfer - Bump version: 9.24.32 → 9.24.33 * Thu May 05 2022 Marcus Schäfer - Fixed runtime check Fixed check_dracut_module_for_disk_overlay_in_package_list. The check complains if the dracut-kiwi-overlay module is not installed but overlay support was requested. This is correct but should only be done if the selected initrd system is dracut. * Wed May 04 2022 ozboss <32305849+ozbossAATTusers.noreply.github.com>- Add option to set LUKS type to luks1 (#2126) Add option to set LUKS type to luks1 So far the LUKS type could be set to luks and luks2. However, what luks version the value \'luks\' evaluates to depends on how the distributor has packaged luks. Thus it\'s possible that \'luks\' is either luks1 or luks2. To also have the opportunity to explicitly specify luks1 this commit adds the opportunity in the schema. * Wed May 04 2022 Marcus Schäfer - Update devel packages helper Added trang as needed when working on the schema * Fri Apr 29 2022 Marcus Schäfer - Add support for dm integrity with secret key Allow to protect the opening of the integrity data map and journal through a keyfile. For setting the key file two new optional type attributes were added: * integrity_keyfile * integrity_metadata_key_description The key file format must be correct according to the selected integrity algorithm. As of now the kiwi default hmac-sha256 algorithm is used with the selected keyfile The optional integrity_metadata_key_description attribute allows to specify a custom description of an integrity key as it is expected to be present in the kernel keyring. The information is placed in the integrity metadata block. If not specified kiwi creates a key argument string instead which is based on the given integrity_keyfile filename. The format of this key argument is: :BASENAME_OF_integrity_keyfile_WITHOUT_FILE_EXTENSION * Thu Apr 28 2022 Marcus Schäfer - Update get_disksize_mbytes to support clones When using partition clones the pre-calculation of the disk size needs to take this into account. * Wed Apr 27 2022 Marcus Schäfer - Fixed UUID setup for XFS Make sure the log got replayed prior generating a new UUID * Tue Apr 26 2022 Marcus Schäfer - Fixed scope of setup_isolinux_boot_path There is a method called setup_isolinux_boot_path which is encoded in the Iso class. The method allows to change the boot path in the isolinux binary and makes sense when the bootloader is selected to be isolinux. However, the method was called in the scope of the FileSystemIsoFs class which responsibility is to create an ISO filesystem. The creation of an ISO filesystem has no direct connection to a bootloader. Thus calling this method in the scope of the FileSystemIsoFs implementation is wrong and can lead to unexpected side effects. This commit moves the call of the method to the places where isolinux as a bootloader can still be used. This Fixes #2117 * Tue Apr 26 2022 Dan Čermák - Correct the URL to the dracut home page This fixes https://github.com/OSInside/kiwi/issues/2097 * Tue Apr 26 2022 Dan Čermák - Change the custom vagrant config file to 00-vagrant.conf If it is called 99-vagrant.conf, then anything \"before\" that, like 50-redhat.conf takes precedence and overrides our custom settings. * Tue Apr 26 2022 Dan Čermák - Add Leap 15.4, SLE 15 SP4 & CentOS Stream 9 to the scripts tests * Mon Apr 25 2022 Marcus Schäfer - Bump version: 9.24.31 → 9.24.32 * Mon Apr 11 2022 Marcus Schäfer - Add support for standalone dm integrity There is support in kiwi to use dm_integrity in combination with the LUKS header and dm_crypt. However there is also the use case to setup dm_integrity in standalone mode. This commit allows to create the dm_integrity layer outside of LUKS using /etc/integritytab to activate the map through a systemd generator if systemd is used. Regarding systemd it\'s required to use a version of system which provides: system-generators/systemd-integritysetup-generator. If this generator does not exist in the distribution it will also be missing in the dracut generated initrd and the boot will not be able to succeed. It\'s mentioned here because even newer distributions might be missing the generator Along with the implementation there are two new optional attributes in the section: standalone_integrity=\"true|false\" embed_integrity_metadata=\"true|false\" standalone_integrity activates/deactivates the dm_integrity map on top of the root filesystem. Similar to the veritysetup support there is the opportunity to create an embedded magic metadata block at the end of the device containing the root filesystem via embed_integrity_metadata * Sun Apr 10 2022 Marcus Schäfer - Update per codacy smell * Sun Apr 10 2022 Marcus Schäfer - Add support for part clones to the Disk interface The Disk class provides methods to create partition(s) and map names according to its scope and independent of the actual partition tools. For example: create_root_partition(). This commit adds an additional optional clone parameter to all methods for which we want to allow partition clones * Sun Apr 10 2022 Marcus Schäfer - Be less strict in boot link to itself As part of the grub setup a link named \'boot\' inside of /boot is created pointing to itself \'boot -> .\'. The reason is to allow the bootloader config to find its files referenced as /boot/something independently if /boot is placed into an extra partition. However if an extra boot partition is used and a filesystem which does not support symlinks, e.g fat, that symlink creation should not lead to an error in the image build process as it is considered an optional safe link and not a mandatory pre-requisite * Thu Apr 07 2022 Marcus Schäfer - Fixed TW arm rpi integration test Explicitly add ruby to the package list * Wed Apr 06 2022 Marcus Schäfer - Bump version: 9.24.30 → 9.24.31 * Wed Apr 06 2022 Robert Schweikert - Fix LABEL detection (#2112) When only \"root=\" is specified on the kernel command line the match is located in the first group. Loop through the groups upon mtach to find what we are looking for. * Tue Apr 05 2022 Robert Schweikert - Preserve LABEL setting (#2108) Preserve the LABEL= setting when the grub config file is re-generated. the GRUB_ENABLE_LINUX_LABEL setting does not exists upstream and not in any SUSE distribution. Set the grub setting such that LABEL is preserved on SUSE distros. (bsc#1197616) * Tue Apr 05 2022 Marcus Schäfer - Fix test_setup_default_grub_empty_kernelcmdline The unit test exists to check that GRUB_CMDLINE_LINUX_DEFAULT is not set depending on the provided cmdline. The test exists for reasons explained in Issue #1650 * Fri Apr 01 2022 Fabian Vogt - Don\'t compress .appx containers (#2106) The container is actually inside and already compressed. * Fri Apr 01 2022 Marcus Schäfer - Added new CloneDevice class Added CloneDevice class to the storage interface. The class allows to create clone(s) from a given source block device into a list of target block devices. The target block devices are clones of the source but prevents device naming conflicts for unique identifiers like the UUID. This is requires to still allow to boot from images containing device clones and needs to be handled by tools that might work on top of the cloned devices. * Thu Mar 31 2022 Marcus Schäfer - Improve readability of shell commands The way the lsblk pipeline is constructed is improved to become easier to read by this commit * Thu Mar 31 2022 Marcus Schäfer - Added set_uuid() method to FileSystem API Allow to set a custom UUID not only at creation time of a filesystem but also at a later point in time in an already existing filesystem * Tue Mar 29 2022 David Cassany - Ensure BootloaderConfig resources are cleaned first This commit wraps the manual BootloaderConfig instance cleanup in disk builder into a try/finally scope. This way if KIWI is aborted or fails within this scope the BootloaderConfig is cleaned up first. Signed-off-by: David Cassany * Tue Mar 29 2022 Marcus Schäfer - Fixed overlay root dracut module make sure there is always only one selection for the readonly root partition * Tue Mar 29 2022 Marcus Schäfer - Update LUKS integration test for TW Use cipher options to make cryptomount work again * Tue Mar 29 2022 Marcus Schäfer - Set LUKS(v1) for TW encryption integration test In Tumbleweed LUKS2 became the default but the grub cryptomount tool is not able to work with the v2 LUKS header. Thus the test explicitly builds against the former luks version for now * Tue Mar 29 2022 Marcus Schäfer - Set LUKS2 for TW luks encryption integration test In Tumbleweed LUKS2 became the default also for grub and cryptomount, which requires to create a LUKS2 header in the dm_crypt layer * Tue Mar 29 2022 Marcus Schäfer - Bump version: 9.24.29 → 9.24.30 * Mon Mar 28 2022 Tim Serong - Add ensure_empty_tmpdirs option for OCI containers (bsc#1197783) Since #1759 was merged, the contents of /run/ and /tmp/ are excluded from built images. This causes problems for some containers, notably Ceph when deployed in a Rook/k8s environment, which needs to have certain directories present inside /run/. This commit adds the ability to return to the previous behaviour and *not * empty those temporary directories, if you specify . Fixes: https://github.com/OSInside/kiwi/issues/2093 Signed-off-by: Tim Serong * Fri Mar 25 2022 Marcus Schäfer - Fixed parsing of veritysetup output veritysetup uses tabs to align values. The way kiwi parsed the values did not strip out the tabs and later on keeps them in the verification metadata block. The unit test did not catch this because the mock output used for veritysetup did not contain tabs. This commit fixes the test to catch this condition and also fixes the code to handle all space characters (tabs, space, newlines) in a safe way * Thu Mar 24 2022 Marcus Schäfer - Update contents of store_credentials result file The method added information about the PARTUUID as useful information. However, PARTUUID\'s are not supported by all partition tables. The Linux generated artificial values from the disk identifier are not wanted in this scope. As the information is not mandatory it\'s better to not provide it at all and avoid confusion to users. * Thu Mar 24 2022 Marcus Schäfer - Make blkid call more robust Do not raise of blkid is not able to read the requested ID. It is expected that the methods of the BlockID class either returns a value or none but do not raise and cause the complete process to terminate * Thu Mar 24 2022 Marcus Schäfer - Added embed_verity_metadata attribute Specifies to write a binary block at the end of the partition serving the root filesystem, containing information for dm_verity verification and to construct the device map * Thu Mar 24 2022 Marcus Schäfer - Added create_verification_metadata method Along with creating a filesystem including device mapper features like dm_verity (see verity_blocks) or dm_crypt/dm_integrity (see luks) there is always the question where to store the metadata information required to setup the device map. This can include information about blocksizes, offset addresses and more. The create_verification_metadata() method allows to write a signed custom data block of a documented format at the end of the given block special which stores this type of information such that tools at boot time gets the opportunity to read this information. In this commit only information connected to the dm_verity feature activated via the verity_blocks attribute will be part of the verification block. With future changes other data might be added * Wed Mar 23 2022 Marcus Schäfer - Added runtime check for by-partuuid use Added check_partuuid_persistency_type_used_with_mbr(). Not every partition table type supports UUIDs. We don\'t want to make use of the artifical values created by Linux if the partition table doesn\'t support it natively * Wed Mar 23 2022 Marcus Schäfer - Support partuuid and label mounts in dracut module The 90kiwi-overlay dracut module was not able to parse the device link if done with PARTUUID or LABEL * Wed Mar 23 2022 Marcus Schäfer - Added integration test for by-partuuid The test hooks into the existing test-image-embedded integration test for leap. As I plan to extend the tests specific to features actually only useful for special embedded images, I thought this would be the right place to start * Mon Mar 21 2022 Marcus Schäfer - validate luksformat options validate options against the cryptsetup help info in a runtime check * Mon Mar 21 2022 Marcus Schäfer - Handle LUKS type in its own attribute * Sun Mar 20 2022 Marcus Schäfer - Fixed attribute description The overlayroot_verity_blocks attribute description contained outdated information * Sat Mar 19 2022 Marcus Schäfer - Add support for verity setup on standard rootfs So far the verity support was only available with the overlayroot layout and the read-only squashfs root. This commit adds a new attribute: verity_blocks=\"number|all\" which allows to create the verity setup also on the standard root partition In addition to the change it was needed to extend the Filesystem API with an additional optional paramter to allow setup of the filesystem UUID. Having the opportunity to set the UUID at filesystem creation is generally useful and with regards to this particular change it became also required * Fri Mar 18 2022 Neal Gompa - Allow Btrfs and XFS as options for the boot partition filesystem We already do this implicitly when we do not define this attribute and request a boot partition, so let us explicitly offer these as options too. * Fri Mar 18 2022 Marcus Schäfer - Fix grub defaults for PARTUUID use Make sure to set GRUB_DISABLE_LINUX_PARTUUID to false when using by-partuuid * Thu Mar 17 2022 Marcus Schäfer - Allow luks format options Added new luksformat element which allows to pass along options to the luksFormat call. This allows users to switch between LUKS and LUKS2 via e.g It also allows to pass along a set of options only available to LUKS2, e.g In addition to the new attribute the existing luks attribute can also be specified to read credentials from a keyfile by using the file:// source locator, e.g This Fixes #1898 * Sat Mar 12 2022 Marcus Schäfer - Fixed funny build_status.sh bug If the name of the repository starts with an \'F\' like in Fedora, the \'F\' is turned into a red escape sequence because it is assumed to be a failed status indicator :) The path here is probably also dumb as it just assumes there is a space after the status indicator. Well the complete script is not really a good one, but still helpful * Sat Mar 12 2022 Marcus Schäfer - Update Fedora arm integration test Move test to Fedora 34 * Sat Mar 12 2022 Marcus Schäfer - Added container build test for Fedora Fedora systems uses buildah to create containers. There is no integration test for kiwi which tests building containers with buildah. This commit adds a build test to cover this path. Related to Issue #2020 * Fri Mar 11 2022 Marcus Schäfer - Fixed test-image-docker-derived for leap The test still used the additionaltags attribute with the latest schema (v7.5) which fails to validate because the attribute was moved to additionalnames * Fri Mar 11 2022 Marcus Schäfer - Bump version: 9.24.28 → 9.24.29 * Thu Mar 10 2022 Marcus Schäfer - Don\'t bind mount /run during build time In commit #9512318 a new bind mount of /run into the root tree during build time was introduced. The bind mount was done because in my tests running podman from config.sh it did not work without /run bind mounted. However, it turned out that I was wrong because along with the provided methods to prepare cgroups and a custom runtime configuration method; setupContainerRuntime() it is not needed to have /run bind mounted. Thus this commit deletes the bind mount of /run and therefore Fixes #2067 * Thu Mar 10 2022 Marcus Schäfer - Fix github action running obs service refresh The curl command to send the POST request for running the obs remote service uses the --fail-with-body option. Unfortunately the ubuntu-latest container used to run the action comes with a curl version that does not support the option. Thus this commit removes the use of the option * Wed Mar 09 2022 Marcus Schäfer - Move scope of veritysetup veritysetup was called as part of the disk builder. However, the veritysetup should be a responsibility of the classes which implements the sync_data method. This allows to use the creation of a verity hash format right after sync as a feature to these classes and in a broader scope. In addition to that change the VeritySetup::format method now returns the metadata from the format call and stores it as debug information to the log file. A concept to persistently store the verification metadata as part of the partition(s) will be a next step. * Wed Mar 09 2022 Dan Čermák <45594031+dcermakAATTusers.noreply.github.com>- Style changes in container docs Reformulate the container building guide a bit * Wed Mar 09 2022 Marcus Schäfer - Add support for custom size in filesystem classes Allow to create filesystems with an optional size parameter. If no size is provided the filesystem gets as big as the device which is the default and unchanged behavior. In addition a size counting from the beginning (>0) as well as a size counting from the end (<=0) can be provided. * Wed Mar 09 2022 David Cassany - Update schema docs Signed-off-by: David Cassany * Tue Mar 08 2022 Marcus Schäfer - Provide schema version v7.5 in spec * Tue Mar 08 2022 Marcus Schäfer - Update descriptions to schema v7.5 * Sun Mar 06 2022 Marcus Schäfer - Support mount by PARTUUID In addition to by-label and by-uuid also support mounting by PARTUUID. Please note kiwi also makes sure that the grub generated config file uses the root=PARTUUID= notation and it\'s not clear if grub-mkconfig will persist making use of it. Nevertheless there are also systems which uses different methods to boot and it makes sense to support partuuid mappings as well * Sun Mar 06 2022 Marcus Schäfer - Add support for partition cloning Support creating block level clones of certain partitions used in the image. Clones can be created from the root, boot and any partition listed in the element. * Sun Mar 06 2022 Marcus Schäfer - Update cron for security scorecard Run weekly on Saturdays * Fri Mar 04 2022 Marcus Schäfer - Add support for extended layout to msdos table This commit adds the following new type attribute If set it specifies to make use of logical partitions inside of an extended one. Effective only on type configurations which uses the msdos table type, it will cause the fourth partition to be an extended partition and all following partitions will be placed as logical partitions inside of that extended partition. This setting is useful if more than 4 partitions needs to be created in an msdos table. In addition to the support for extended/logical partitions the the attributes \'mountpoint\' and \'filesystem\' in the section becomes optional. This also allows to place partitions as placeholders not mounted into the system * Fri Mar 04 2022 Marcus Schäfer - Added type hints for partitioner interface * Fri Mar 04 2022 Marcus Schäfer - Bump version: 9.24.27 → 9.24.28 * Thu Mar 03 2022 Marcus Schäfer - Fixed unconditional grub2 package requirement The grub2 package does not exist on all distributions as a name provider independent of the architecture. On for example Debian and Ubuntu the packages are handled differently and grub2 is only provided on supported architectures. Thus the spec file should set the grub2 requirement only if the distribution provides it in any case * Wed Mar 02 2022 Marcus Schäfer - Bump version: 9.24.26 → 9.24.27 * Tue Mar 01 2022 Marcus Schäfer - Added overlayroot_verity_blocks attribute Setting this attribute to a number or \'all\' in an overlayroot configuration will create a dm verity hash from the number of given blocks (or all) placed at the end of the squashfs compressed read-only root filesystem. For later verification of the device, and without further image description settings, the credentials information produced by veritysetup from the cryptsetup tools, is created as a file in /boot/overlayroot.verity and is stored as such into the image by default. * Tue Mar 01 2022 Marcus Schäfer - Fixed disk.sh caller environment The documentation explains the disk.sh script to be called from inside of the image root as it exists on the block layer. The disk.sh script is therefore also called after the sync of the unpacked image root tree to the block layer. The implementation however, was only partially calling disk.sh from such an environment. In fact the environment was only the mountpoint of the root partition but this is not the complete system regarding layouts that uses extra partitions and/or volumes. This commit introduces the use of the new class ImageSystem and calls disk.sh in the way it was designed and documented. * Tue Mar 01 2022 Marcus Schäfer - Added ImageSystem class The class responsibility is to provide access to the image root system from the block layer of the image scope * Tue Mar 01 2022 Marcus Schäfer - Prevent superfluous filesystem creation In case of an overlayroot setup and the request for no extra write partition, it is not needed to create a filesystem for the write space which never gets synced to the image * Sat Feb 26 2022 Marcus Schäfer - Bump version: 9.24.25 → 9.24.26 * Sat Feb 26 2022 Marcus Schäfer - Fixed destructor test on oci_tools/buildah_test.py Calling del() from teardown breaks when the method is called through teardown_method * Sat Feb 26 2022 Marcus Schäfer - Bump version: 9.24.24 → 9.24.25 * Sat Feb 26 2022 Marcus Schäfer - Support nose and xunit style tests The modifications in this commit allows the unit tests to run on both, pytest 6.x (nose test layout) and the new pytest 7.x (xunit test layout). This Fixes #2072 in a much nicer way. Thanks much to AATTsmarlowucf * Fri Feb 25 2022 Marcus Schäfer - Update unit test to work in obs Some unit tests fails if they run in an obs environment. This is because the implementation checks the runtime envoironment and behaves differently if the system is an obs worker. The unit tests has to explicitly set this condition right for the test * Fri Feb 25 2022 Marcus Schäfer - Revert \"Unit test adaptions to pytest v7\" This reverts commit 0dc2e803e0e8059c54a0ea23960245286675c86c. The pytest interface from version v6 to v7 has received changes which requires the tests to be adapted to work for either the old or the new interface. As there are still many distributions which uses v6 as the standard we decided to revert back the adaptions done to support v7 and create a version requirement to v6 in .virtualenv.dev-requirements.txt This Fixes #2072 * Wed Feb 23 2022 Marcus Schäfer - Added overlayroot_readonly_partsize attribute Specifies the size in MB of the partition which stores the squashfs compressed read-only root filesystem in an overlayroot setup. This Fixes #2068 * Wed Feb 23 2022 Marcus Schäfer - Update to scorecard CI 1.0.4 * Tue Feb 22 2022 Marcus Schäfer - Added debootstrap log info to exception message In case debootstrap fails there is more detailed information in a logfile written by debootstrap itself. This commit changes the exception information to contain this log information if present. Related to Issue #1800 * Sun Feb 20 2022 Marcus Schäfer - Bump version: 9.24.23 → 9.24.24 * Sun Feb 20 2022 Marcus Schäfer - Added overlayroot_write_partition attribute For the oem type only, allows to specify if the extra read-write partition in an overlayroot setup should be created or not. By default the partition is created and the kiwi-overlay dracut module also expect it to be present. However, the overlayroot feature can also be used without an initrd and under certain circumstances it is handy to configure if the partition table should contain the read-write partition or not. * Sat Feb 19 2022 Matt Coleman - Use DEB822-formatted .sources files instead .list files for APT * Tue Feb 15 2022 David Cassany - Support additional names for docker containers Docker containers used to support the attribute `additionaltags` which was used to provide multiple tags for the same image. Since only tags were supported this commit renames the attribute to `additionalnames` and now supports tags and names witht he following syntax: * \':\' -> adds a full docker image reference including name and tag * \':\' -> adds an additional tag while reusing the former name * \'\' -> adds an additional name while reusing the former tag Fixes #2045 Signed-off-by: David Cassany * Mon Feb 14 2022 Marcus Schäfer - Follow up fix on force deleting debs Also remove eventual post scripting prior force removal of deb packages. Similar inconsistencies as with the pre scripts can occur on force removal. We want the operation to be successful in force mode even if that means to leave a dirty state. * Sat Feb 12 2022 Marcus Schäfer - Add support for pre_disk_sync.sh script The optional pre_disk_sync.sh script is executed for the disk image type oem only and runs right before the synchronisation of the root tree into the disk image loop file. The script hook can be used to change content of the root tree as a last action before the sync to the disk image is performed. This is useful for example to delete components from the system which were needed before or cannot be modified afterwards when syncing into a read-only filesystem. * Thu Feb 10 2022 Marcus Schäfer - Create ci-scorecards-analysis.yml Create security health metrics score card * Tue Feb 08 2022 Marcus Schäfer - Fixup inplace podman storage and container conf Newer versions of podman requires runroot and graphroot to be explicitly set in storage.conf. Newer versions of podman no longer reads the engine.cgroups setting on containers.conf and prints a \'Failed to decode the keys [\\\"engine.cgroups\\\"]\' warning message This commit fixes storage.conf and containers.conf written by kiwi if the setupContainerRuntime method is used in scripts. * Tue Feb 08 2022 David Cassany - Make use of container name in OCI images Fixes #2050 Signed-off-by: David Cassany * Mon Feb 07 2022 Marcus Schäfer - Bump version: 9.24.22 → 9.24.23 * Mon Feb 07 2022 Marcus Schäfer - Fixed name of secret variable The ci-update-build-tests action used a wrong variable name which does not exist in the github secrets. This commit fixes it and uses the correct variable name * Mon Feb 07 2022 Marcus Schäfer - Bump version: 9.24.21 → 9.24.22 * Mon Feb 07 2022 Marcus Schäfer - Revert \"Revert \"Fixed MicroOS build test\"\" This reverts commit 8c4464b8ff2af2642439ce92e1e2be497f2b0f4d. snapper default config has moved from /etc to /usr/share now hopefully for the last time * Mon Feb 07 2022 Marcus Schäfer - Fixed unit tests The pytest interface setup() method call has changed in a way that an additional parameter is passed to the method which leads to a python error at invocation time if the setup method does not define it. * Mon Feb 07 2022 Neal Gompa - build-tests: Update CentOS 8 test appliance to CentOS Stream 8 CentOS Linux 8 is now EOL, so switch over to CentOS Stream 8. * Fri Feb 04 2022 Marcus Schäfer - Fixed handling of oem reboot settings There are oem settings called oem-reboot, oem-reboot-interactive as well as oem-shutdown and oem-shutdown-interactive. When used the information is passed along to the profile but not evaluated by any initrd code. I don\'t know where on the way we lost the code that actually works with these settings but this commit makes them effective. This Fixes #2056 * Thu Feb 03 2022 Dirk Müller - treat armv8l as armv7hl openSUSE switched from armv7hl buildworkers to aarch64 in 32bit mode which identifies itself as \"armv8l\" in uname -m. * Tue Feb 01 2022 Marcus Schäfer - Bump version: 9.24.20 → 9.24.21 * Mon Jan 31 2022 Marcus Schäfer - Fixed UUID used in grub early boot script In case the system is luks encrypted the UUID of the root partition was used in the grub early boot script. However, this condition is only correct if in addition to the luks encryption the boot area is on crypto too. If boot is not on crypto the UUID must be the boot partition and not root. Only if root AND boot is on crypto the kiwi created early boot script includes the grub cryptomount calls. * Sat Jan 29 2022 Marcus Schäfer - Bump version: 9.24.19 → 9.24.20 * Sat Jan 29 2022 Marcus Schäfer - Followup fix for force deleting debian packages The force uninstall deletes pre scripts prior removal because if they fail the package will not be removed. For a force uninstall we consider this ok. However, the deletion of the scripts did not happen in the image root. This patch fixes it * Wed Jan 26 2022 Marcus Schäfer - Followup fix for force deleting debian packages Pass --force-depends to allow uninstall even if the dependency checker complains * Tue Jan 25 2022 Marcus Schäfer - Fix use of xattrs for container sync when syncing data for containers only a subset of xattr attributes can be applied. This Fixes #2009 * Tue Jan 25 2022 Marcus Schäfer - Bump version: 9.24.18 → 9.24.19 * Tue Jan 25 2022 Neal Gompa - Ensure SELinux labels are set based on the policy When running kiwi from a filesystem tree that has custom labels applied (such as when using kiwi from within a container on an SELinux-enabled host), the filesystem labeling doesn\'t correctly apply on some files and folders with a warning about the location being customized by the administrator. This causes all kinds of strange results with the built images and makes them unbootable. To resolve this, tell setfiles to forcibly set files and folders with the default context from the installed policy. * Tue Jan 25 2022 Fabian Vogt - Extend and update documentation about /etc/machine-id setup * Tue Jan 25 2022 Fabian Vogt - Fix ordered list in shell_scripts.rst Ordered lists must be indented by three spaces, otherwise the numbering breaks. * Mon Jan 24 2022 Marcus Schäfer - Bump version: 9.24.17 → 9.24.18 * Mon Jan 24 2022 David Cassany - Fix ramdisk deployments from PXE This commit fixes PXE deployments on ramdisk. In such cases the former fix from df4e62a4 is not sufficient as there is no `root=` parameter within the kernel cmd line and hence this logic is never executed. Signed-off-by: David Cassany * Fri Jan 21 2022 David Cassany - Update outdated PKGBUILD for Arch Linux Signed-off-by: David Cassany * Fri Jan 21 2022 Marcus Schäfer - Fixed unit test race condition * Fri Jan 21 2022 Marcus Schäfer - Fixed grub loader/entries setup If called in non standard environments like an OBS worker the grub tooling does not work correctly and produces invalid results. For these cases kiwi provides a collection of fix_ methods to change the produced results. This commit covers the invalid path in loader/entries/ *.conf files pointing to the kernel and the initrd as they exist in the image-root directory. This results for example in settings like: linux /usr/src/packages/KIWI-oem/build/image-root/boot/vmlinuz-5.14.0-43.el9.x86_64 when it should be: linux /boot/vmlinuz-5.14.0-43.el9.x86_64 This Fixes #2038 * Fri Jan 21 2022 Fabian Vogt - Set /.snapshots subvolume to mode 0700 (bsc#1194992) Avoid that users other than root can enter or even change the content. This is what snapper does as well. * Fri Jan 21 2022 Marcus Schäfer - Fixed build_status helper output issue Starting with CentOS stream 9 integration tests a new layer in the project that builds it was added. This changed the osc results output and messed up the build_status helper output a bit. This commit fixes it * Thu Jan 20 2022 Marcus Schäfer - Fix the uninstall(force) on Debian based dists Packages marked for uninstall via failed to become removed for several reasons. The way this was done in kiwi did not work because dpkg needs to be called differently and with some nasty pre-processing in order to allow for force deletion. In force mode we also allow to remove packages marked as essential. In gracefull uninstall mode this commit makes sure the environment is prepared and does not fail for false-positive reasons. * Wed Jan 19 2022 Marcus Schäfer - Added mail map Added information about my private e-mail being the successor for the work done when I was an employee of SUSE * Tue Jan 18 2022 Marcus Schäfer - Allow calling podman within chroot Added helper functions and env preparation code to allow calling podman from within a chroot. This allows to run podman from e.g config.sh and also inside of OBS workers * Tue Jan 18 2022 Marcus Schäfer - Fix requirements for kiwi-systemdeps-filesystems Extend btrfs condition applying for EL8 to apply for EL9 too * Fri Jan 14 2022 Marcus Schäfer - Bump version: 9.24.16 → 9.24.17 * Fri Jan 14 2022 Marcus Schäfer - Fixed image builds without kernel If an image is build without a kernel kiwi fails due to some code paths expecting the presence of kernel modules and or kernel binaries. This commit fixes this and allows creating an image without installing a kernel. * Fri Jan 14 2022 Marcus Schäfer - Added CentOS Stream 9 integration tests * Thu Jan 13 2022 Fabian Vogt - Allow \"uninitialized\" as content of /etc/machine-id According to machine-id(5), an empty file does not signal that this is the first boot of the system. Instead, the file needs to be missing or contain the string \"uninitialized\". A missing file does not work if the filesystem is initially mounted read-only, so allow \"uninitialized\" as well, instead of truncating it. Improve the documentation of the method, e.g. dracut is not involved. * Thu Jan 13 2022 Fabian Vogt - Fix booting GRUB submenu entries with hybrid images (linux/linuxefi) Variables assigned with \"set\" are not visible in submenus for some reason. Export $linux and $initrd, so that they also work in submenu entries. Fixes bsc#1192523 * Thu Jan 13 2022 Fabian Vogt - Don\'t copy GRUB modules for EFI with secure boot enabled When booting grub.efi with secure boot enabled, modules can\'t be loaded and thus the grub.efi image needs to be complete. Save some space in live images by not copying them into the ISO filesystem. Fixes part of #1750 * Thu Jan 13 2022 Fabian Vogt - Don\'t include the ESP in the ISO9660 partition as well (#1750) Previously the image for the ESP was created inside the source directory for the ISO9660 filesystem, so it ended up there as well as a separate partition. Fix that by creating it as a temporary file instead. * Thu Jan 13 2022 Marcus Schäfer - Automate build-tests OBS service refresh This commit provides a new github action which sends API requests to the OBS api to refresh the source services for the integration tests on the OBS server side. This Fixes #1980 * Wed Jan 12 2022 Marcus Schäfer - Added docker integration test for Ubuntu * Wed Jan 12 2022 Marcus Schäfer - Update ubuntu integration test to Hirsute(21.04) * Tue Jan 11 2022 Marcus Schäfer - Bump version: 9.24.15 → 9.24.16 * Sun Jan 09 2022 Marcus Schäfer - Fixed regression in compression detection The change from 282529de8f612dee32d54ee868c2365dcd829220 Introduced a bad regression. The assumption was made that the xz tool could be used to detect if a file is compressed or not. However, this requires the file to be locally present. In the scope of the method call is_compressed() and within a remote deployment e.g PXE this is not the case. Therefore the former way to \"detect\" the compression according to the .xz postfix of the source filename was restored. In addition the function name was changed to is_xz_compressed() because that\'s what the method can do and not more. This Fixes #2015 * Fri Jan 07 2022 Marcus Schäfer - Added debug option --debug-run-scripts-in-screen Instead of running scripts in screen if the --debug switch is set, we allow to explicitly switch on this behavior via a new option. This Fixes #2010 * Fri Jan 07 2022 Marcus Schäfer - Change packages target for bootincludes Packages marked with bootinclude=\"true\" will be added to the referenced kiwi boot image description if the initrd_system is set to \"kiwi\" instead of \"dracut\". The package marked was primarily added to the type=\"image\" section and got only added to the type=\"bootstrap\" section if no image type section existed. However, it has turned out that this approach has the disadvantage that packages which must be installed as part of the bootstraping (e.g certificates) cannot be handled. This commit changes the behavior of the bootinclude to include the package always to the type=\"bootstrap\" section. * Fri Jan 07 2022 Marcus Schäfer - Add GitHub workflow badges * Fri Jan 07 2022 Marcus Schäfer - Fixed Codacy Badge * Sun Jan 02 2022 Marcus Schäfer - Allow firmware=\"custom\" setting The firmware attribute in kiwi is used to indicate for which boot firmware the image should be build. Specifying the target firmware is helpful to create for example the correct disk layout. If no firmware is specified KIWI decides for a default according to the image architecture. This selection is not 100% accurate and as we don\'t know the later target system. Especially for embedded devices the correct disk layout and other settings can be board specific and KIWI\'s default settings regarding the firmware could be invalid. For compatibility reasons we cannot switch off the default selection case and therefore a new attribute value \"custom\" is introduced with this commit. If set KIWI does not select any firmware and consequently all settings caused by a firmware setup will be skipped. On the other hand this means all needed settings for the target to boot and not done by KIWI needs to be specified explicitly and as needed. * Sun Jan 02 2022 Neal Gompa - Add util-linux dep for -systemdeps-disk-images subpackage Without this dependency, kiwi fails to work properly in minimal image build environments, like in a mock chroot where util-linux is not installed. * Fri Dec 17 2021 Tanja Roth - index.rst: fix headline * third try: apply diff by schaefi * Fri Dec 17 2021 Tanja Roth - index.rst: fix headline * removed lonely bracket * added more lines to fix syntax * Thu Dec 16 2021 Tanja Roth - index.rst: Change title (bsc#1189294#c2) * \'KIWI NG 9: KIWI NG Documentation\' -> \'Building Linux System Appliances with KIWI Next Generation (KIWI NG ) * suggested in bsc#1189294#c2 for more clarity * change has been discussed with and approved by main author (Marcus S.) * Thu Dec 16 2021 Rüdiger Oertel - support compressed modules in other formats when cleaning up the firmware directory for unused files * Thu Dec 16 2021 Marcus Schäfer - Bump version: 9.24.14 → 9.24.15 * Wed Dec 15 2021 Marcus Schäfer - Update documentation Rework troubleshooting chapter and add an article about app security subsystems like selinux and their potential influence on building images. Also update the quickstart with a reference to the troublshooting chapter. This Fixes #1891 * Wed Dec 08 2021 Marcus Schäfer - Added support for collection modules In CentOS Stream 8 and Red Hat Enterprise Linux 8, there are Application Streams that are offered in the form of modules (using Fedora Modularity technology). To build images that use this content KIWI needs to support to enable/disable various modules. This commit allows to configure collection modules in a new element as shown below This Fixes Issue #1999 * Mon Dec 06 2021 Marcus Schäfer - Bump version: 9.24.13 → 9.24.14 * Sun Dec 05 2021 Marcus Schäfer - Disable intersphinx intersphinx is a doc extension which links to the documentation of objects in other projects whenever Sphinx encounters a cross-reference that has no matching target in the current documentation set, it looks for targets in the documentation sets configured in the intersphinx_mapping. However, the kiwi docs do not use this feature thus it can be disabled. * Tue Nov 30 2021 David Cassany - Compress container images in builder class This commit changes the stage at which container images are compressed to match the criteria applied to other image types. Instead of compressing the image in OCI devoted classes now it is happening in builder class by setting Result instance properties. Fixes #1996 Signed-off-by: David Cassany * Mon Nov 29 2021 Marcus Schäfer - Revert \"Fixed MicroOS build test\" This reverts commit 52c38f9ec22aef484efaf0a570dc78eea529deec. The TW people moved to an older version of libsnapper, no idea what these guys are doing * Mon Nov 29 2021 John Paul Adrian Glaubitz - kiwi-repart: Fix spelling error in source code comment * Mon Nov 29 2021 John Paul Adrian Glaubitz - Fix multiple minor spelling errors in documentation * Mon Nov 29 2021 Marcus Schäfer - Added support for setting up release version Currently the release version is not set or set to \'0\' for package managers which requires a value to operate. However, in order to support leveraging the same description across different releases it is important to have the opportunity to specify a setting for the release version. This commit adds a new optional attribute to the preferences section which allows to specify a custom value which serves as the release version: TEXT If not specified the default setting as before applies. Please note the release version information is currently used in dnf and microdnf package managers only. It might happen that it gets applied to the other package manager backends as well. This will happen on demand though. Related to Issue #1918. This Fixes #1927 * Mon Nov 29 2021 Marcus Schäfer - Bump version: 9.24.12 → 9.24.13 * Mon Nov 29 2021 Marcus Schäfer - Add global --kiwi-file option When building with kiwi a search on the kiwi main config file is made inside of the given --description directory. The search looks up for the file config.xml or *.kiwi. So far there was no opportunity to specify another name. This commit adds an option in the global area named: - -kiwi-file name which will make kiwi to lookup this file inside of the given --description directory and fail if it does not exist. This Fixes #1973 * Mon Nov 29 2021 Marcus Schäfer - Added type hints for CliTask class * Fri Nov 26 2021 Marcus Schäfer - Bump version: 9.24.11 → 9.24.12 * Thu Nov 25 2021 Marcus Schäfer - Use realpath to resolve this:// location * Thu Nov 25 2021 Marcus Schäfer - Support this:// resource locator for includes Allow include references like the following example: * Thu Nov 25 2021 Marcus Schäfer - Allow repo path relative to the image description This commit adds a new URI type called this://... The this:// part will be resolved into the absolute path to the image description. A source path like the following: