- Bump version: 9.25.11 → 9.25.12

- Fix double grub entries in hybrid ISO images
  As consequence of using the "source" grub command instead
  of the "configfile" command to load the grub config we now
  see double loading of the same file on ISO media. The reason
  here is that kiwi ISO media is always hybrid which means it
  embeds an MBR into the ISO for which the "source" command now
  can read the same file through two different device paths.
  This does not happen with the "configfile" grub command.
  Thus this patch uses "configfile" if we produce an ISO image
  and "source" for all other image types. The commit also fixes
  the custom grub template used for ISO images in a way that
  we only set the "serial" command if there is a serial
  configuration provided along with the image description.

- Update x86/tumbleweed/test-image-systemd-boot
  systemd package has been splitted and provides
  systemd-boot in an extra package now

- Limit scope of grub _fix method
  Only apply _fix_grub_to_support_dynamic_efi_and_bios_boot for
  the x86_64 or ix86 architectures. This Fixes #2343

- Bump version: 9.25.10 → 9.25.11

- remove trailing whitespace

- rpm spec: add missing requires of typing_extensions for python < 3.8

• Files Changed
• Browse Source

- Bump version: 9.24.60 → 9.24.61

- dracut: modules.d: 99kiwi-lib: add bash shebangs and dependency
  The scripts in the kiwi-lib module use bash-specific syntax like
  `function`, which causes the script to fail if another shell (like dash
  or busybox) is used to interpret the scripts. Specifically set the shebang
  to use bash as the shell interpreter and add bash as a dependency to the
  dracut module to fix this.
  This resolves the following errors which are printed at boot when
  busybox tries to interpret the scripts:
  /bin/dracut-pre-mount: 3: /lib/kiwi-filesystem-lib.sh: function: not found
  /bin/dracut-pre-mount: 15: /lib/kiwi-filesystem-lib.sh: Syntax error: "}" unexpected
  Signed-off-by: Isaac True <isaac.true@canonical.com>

- Do not depend on dnf for SUSE ALP

- Added appx-util as WSL requires for Fedora/RHEL
  Make sure the kiwi-systemdeps-containers-wsl meta package
  pulls in the required tools for Fedora/RHEL when building
  WSL containers. This is a followup to #2286

- Add cpio to core systemdeps requires list

- Bump version: 9.24.59 → 9.24.60

- Allow to create plain cpio archives
  Allow to create plain cpio archives to serve the idea
  of the mkosi initrd concept

- Fix restoration of grub2-install (bsc#1210948)

• Files Changed
• Browse Source

- Bump version: 9.24.58 → 9.24.59

- Adding a comment to explain the s390 specific path
  Signed-off-by: David Cassany <dcassany@suse.com>

- Use parted only in s390 arch
  This commit ensures parted is only called in dracut-kiwi-lib for s390
  arch. It also fixes the spec to only require parted for
  s390 builds.
  In addition parted requirement has been removed from dracut-kiwi-live
  package since parted is not used in any other dracut module beyond
  kiwi-lib.
  Signed-off-by: David Cassany <dcassany@suse.com>

- Expand DASD partition table with parted
  Signed-off-by: David Cassany <dcassany@suse.com>

- Fixed evaluation of custom start sector
  In case an alternative partition table start sector is
  configured, the check to effectively apply it should be
  based on the partition table type not on the firmware
  name

- Add parted dependency for s390
  Signed-off-by: David Cassany <dcassany@suse.com>

- Bump version: 9.24.57 → 9.24.58

- Build leap btrfs test without root as snapshot
  So far no btrfs integration test without root as snapshot existed

• Files Changed
• Browse Source

- Bump version: 9.24.56 → 9.24.57

- Allow squashfscompression for plain squashfs
  The schematron rule to limit the squashfscompression attribute
  to certain image types did not allow it for a plain squashfs
  filesystem build. This commit fixes that limitation.
  This Fixes #2241

- Use rsync defaults to sync the initrd root-tree
  This commits makes use of rsync default options to sync
  the root-tree of the boot image for custom initrds.
  Fixes bsc#1207128 where it was noted hardlinks
  were not preserved inside the initrd.
  Signed-off-by: David Cassany <dcassany@suse.com>

- Fixed wrong test assertions
  Former versions of pytest did ignore invalid assertions.
  Now they are reported as an error and show the mistakes
  of the past

- Added 90-brd.conf for test-image-disk-ramdisk
  By default the brd ramdisk module is no longer added to the
  initrd. For ramdisk deployments this is required though.
  This Fixes #2230

- Delete CentOS v7 build tests
  CentOS v7 is EOL for kiwi image build tests

- Allow to specify fixed size for the root partition
  So far the last partition (typically root) in the partition table

• Files Changed
• Browse Source

- Bump version: 9.24.54 → 9.24.55

- Allow to pass credentials as file reference

- Fixed handling of container archive compression
  In kiwi we support handling of the container archive compression
  via a runtime configuration setting of the following form, eg
  in /etc/kiwi.yml
  ```yaml
  container:
  # Specify compression for container images
  # Possible values are true, false, xz or none.
  - compress: true
  ```
  However, this setting was only taken into account in the kiwi
  bundler. Meaning if the user calls 'kiwi result bundle ...'
  after the container image has been created the result bundler
  will take the compression setting into account. From my perspective
  this behavior is misleading and also prevents users from
  creating compressed container archives without a subsequent
  result bundler call. Therefore this commit moves the place to
  handle the compression setting into the container classes.
  The bundler code for containers will no longer operate on it
  and just takes what it gets, which can be either compressed
  or not. The default setting was "No compression" and this
  was not changed. This Fixes #2217

- Add type hints for OCI and APPX classes

- Bump version: 9.24.53 → 9.24.54

• Files Changed
• Browse Source

- Bump version: 9.24.48 → 9.24.49

- Fixed test-image-vagrant
  virtualbox-guest-tools obsoletes virtualbox-guest-x11

- ignore the type check on the Result class
  With an update of mypy the bound TypeVar is no longer allowed.
  In newer versions of python we could use the "Self" type or
  import annotations from the future module. Unfortunately in
  older python versions which we still support (3.6) there is
  no non intrusive change which allows us to handle that type
  annotation. Thus this commit ignores the return type spec
  for Result.load() for the moment.

- Stop copying /dev files statically into the OCI container
  In containers (nspawn) where part of the /dev filesystem is bind-mounted
  from outside system, kiwi fails to do the rsync (in creation of the
  nodes).
  There is no reason to actually copy whole tree inside so let's just
  not do it (as it does not seem to be needed at all).

- List riscv64 as a valid architecture in the schemas
  This is needed so that architecture filters on riscv64 specifics can
  be defined.

- Support DM integrity legacy options
  Add a new attribute integrity_legacy_hmac="true|false" which
  allows to use old flawed HMAC calculation (does not protect superblock).
  Add a new attribute integrity_legacy_padding="true|false" which
  allows to use inefficient legacy padding. Do not use these attributes

• Files Changed
• Browse Source

- Bump version: 9.24.47 → 9.24.48

- Fixed kexec options setup in kiwi-dump-reboot
  The dracut module 99kiwi-dump-reboot creates an options
  list for kexec. Under certain conditions the options
  list can contain multiple spaces which leads to an error
  when calling kexec. This commit makes sure to trim
  white spaces. This Fixes #2178

• Files Changed
• Browse Source

- Bump version: 9.24.46 → 9.24.47

- Revert "EFI Filesystem must be Fat32 formatted"
  Using fat32 causes failed boots on e.g AWS EC2 arm.
  This must be solved differently with an attribute
  to configure it.
  This reverts commit b8641bdc6825423f8c65b55c8d0870b38874a566.

• Files Changed
• Browse Source

- Bump version: 9.24.45 → 9.24.46

- Support URIs with credentials in solver plugin
  check if the URI string contains credentials and
  extract/trim them from the uri object. The urlparse
  class does not recognize this information as a valid
  URI and throws an exception

- Fixed test-image-disk-legacy
  Increase size of embedded EFI fat image needed for EFI
  bootable install ISO. Due to the increased size of the
  custom kiwi initrd the default size for the FAT image
  is too small

- Support custom size for embedded EFI FAT image
  For ISO images (live and install) the EFI boot requires an embedded
  FAT image. As of now a fixed size of 20M was used which leads to a
  problem if the EFI image or the initrd or the kernel is bigger than
  20M. With the new attribute:
  efifatimagesize="nonNegativeInteger"
  we can now set a different value for the FAT image. Please note the
  value must be aligned to the also customizable efipartsize value
  which allows to configure the size of the EFI partition

- Fixed linter complaints after flake update
  flake now complains about E275 missing whitespace
  after keyword for the way 'del' is used. This commit
  fixes it

- Added a NOTE: section to explain the finer points of adding tools to a

• Files Changed
• Browse Source

- Bump version: 9.24.44 → 9.24.45

- Umount device before cloning
  In case a clone should be created from a partition we need
  to make sure to umount the device after sync and prior cloning.
  Otherwise the clone operation is not safe because the rsynced
  data might still be in memory and not synced out to the block
  device.

- Fixed custom disk start sector setup
  The attribute disk_start_sector allows to specify a custom
  start sector for the first partition of the disk. On GPT
  tables everything works nicely, on DOS tables the used tools
  fdisk/sfdisk are not able to manage the start/end values of
  subsequent partitions if the first partition doesn't start
  with the tooling default. This patch allows to set the
  start sector after the partition table has been created

- Fixed CentOS-8 repo setup

- Bump version: 9.24.43 → 9.24.44

- Make sure to rebuild rpm database
  For rpm based distributions make sure to call
  rpm --rebuilddb unconditionally prior using rpm
  with the chroot. This Fixes #2165

- github: Refresh issue template to cover more operating scenarios
  KIWI is often used for cross-distribution image builds, so we
  should ask for that information when appropriate.

• Files Changed
• Browse Source

- Bump version: 9.24.40 → 9.24.41

- Fix helper method to detect dracut outfile format
  The method _get_boot_image_output_file_format_from_dracut_code
  is used in kiwi to match parts of the dracut code for the used
  output file format. Beginning with dracut-056 the code part
  checked has changed syntactically such that the match did
  no longer work. This commit increases the scope of the match
  and replace pattern and Fixes #2149

- Fixed handling of signing_keys in cmdline options
  When passing signing_keys with the --add-repo|--set-repo
  commandline options the delimiter to separate the single
  key information is a colon(:). However, this is stupid when
  kiwi expects the signing key to be references as an URI
  format like file://... Therefore this patch changes the
  delimiter from colon(:) to semicolon(;)

- Bump version: 9.24.39 → 9.24.40

- Setup SELinux on every system prepare / build (#2148)
  Setup SELinux on every system prepare / build such that all image types benefit from it not only the disk (oem) type

- Install all of QEMU to Ubuntu arm integration test

- rename user to ubuntu for Ubuntu integration test

- Bump version: 9.24.38 → 9.24.39

- Move to sphinx>=5.0.0

• Files Changed
• Browse Source

- Bump version: 9.24.35 → 9.24.36

- Subformats should also not be compressed when encryption is enabled (#2138)
  Subformats should also not be compressed when encryption is enabled
  This is a follow on change to bdba953. When the filesystem is encrypted the
  resulting image should not be compressed. Also explain why we ignore the
  compression seeting in the user configuration for encrypted images.

- Add support for prebuilt bootstrap package for apt
  When using the apt packagemanager kiwi required the use of
  debootstrap to create the initial rootfs. This works as long
  as there is always a main distribution repository available
  which follows the structure of the official debian mirrors.
  However if such a main distribution is not present or an
  alternative layout like e.g OBS repos is used, debootstrap
  will refuse to work. To allow for an alternative and without
  the dependency to debootstrap kiwi supports using a prebuilt
  bootstrap package providing the mini rootfs to serve as
  the bootstrap result. As all other package managers properly
  supports installation into an empty new root, this feature
  was only added when using the apt packagemanager

• Files Changed
• Browse Source

- Bump version: 9.24.34 → 9.24.35

- Allow more repo params to be set on the cmdline
  The repository parameters for signing keys, the component
  list the main distribution name for debian repositories and
  also the repository_gpgcheck could not be set via the
  commandline options --add-repo and/or --set-repo. This
  commit adds support for them and also updates the manual
  page accordingly

- Update ubuntu integration tests
  Build them against latest release (jammy).
  This Fixes #2128

- Add support for partition cloning
  Support creating block level clones of certain partitions
  used in the image. Clones can be created from the root, boot
  and any partition listed in the <partitions> element.

• Files Changed
• Browse Source

- Bump version: 9.24.33 → 9.24.34

- Follow up fix for isolinux-config
  isolinux-config is called to update the search path inside
  of the isolinux binary. isolinux/syslinux is exclusive to
  the ix86 architecture and to BIOS firmware. Therefore the
  condition to actually call it should reflect this.

- Bump version: 9.24.32 → 9.24.33

- Fixed runtime check
  Fixed check_dracut_module_for_disk_overlay_in_package_list. The
  check complains if the dracut-kiwi-overlay module is not installed
  but overlay support was requested. This is correct but should only
  be done if the selected initrd system is dracut.

- Add option to set LUKS type to luks1 (#2126)
  Add option to set LUKS type to luks1
  So far the LUKS type could be set to luks and luks2. However, what luks
  version the value 'luks' evaluates to depends on how the distributor has
  packaged luks. Thus it's possible that 'luks' is either luks1 or luks2. To
  also have the opportunity to explicitly specify luks1 this commit adds
  the opportunity in the schema.

- Update devel packages helper
  Added trang as needed when working on the schema

- Add support for dm integrity with secret key
  Allow to protect the opening of the integrity data map and
  journal through a keyfile. For setting the key file two new

• Files Changed
• Browse Source

- Bump version: 9.24.30 → 9.24.31

- Fix LABEL detection (#2112)
  When only "root=" is specified on the kernel command line the match is
  located in the first group. Loop through the groups upon mtach to find
  what we are looking for.

- Preserve LABEL setting (#2108)
  Preserve the LABEL= setting when the grub config file is re-generated.
  the GRUB_ENABLE_LINUX_LABEL setting does not exists upstream and
  not in any SUSE distribution. Set the grub setting such that LABEL
  is preserved on SUSE distros. (bsc#1197616)

- Fix test_setup_default_grub_empty_kernelcmdline
  The unit test exists to check that GRUB_CMDLINE_LINUX_DEFAULT
  is not set depending on the provided cmdline. The test exists
  for reasons explained in Issue #1650

- Don't compress .appx containers (#2106)
  The container is actually inside and already compressed.

- Added new CloneDevice class
  Added CloneDevice class to the storage interface.
  The class allows to create clone(s) from a given source
  block device into a list of target block devices.
  The target block devices are clones of the source but
  prevents device naming conflicts for unique identifiers
  like the UUID. This is requires to still allow to boot
  from images containing device clones and needs to be
  handled by tools that might work on top of the cloned

• Files Changed
• Browse Source

- Bump version: 9.24.28 → 9.24.29

- Don't bind mount /run during build time
  In commit #9512318 a new bind mount of /run into the root tree
  during build time was introduced. The bind mount was done because
  in my tests running podman from config.sh it did not work without
  /run bind mounted. However, it turned out that I was wrong because
  along with the provided methods to prepare cgroups and a custom
  runtime configuration method; setupContainerRuntime() it is not
  needed to have /run bind mounted. Thus this commit deletes the
  bind mount of /run and therefore Fixes #2067

- Fix github action running obs service refresh
  The curl command to send the POST request for running the
  obs remote service uses the --fail-with-body option.
  Unfortunately the ubuntu-latest container used to run the
  action comes with a curl version that does not support the
  option. Thus this commit removes the use of the option

- Style changes in container docs
  Reformulate the container building guide a bit

- Update schema docs
  Signed-off-by: David Cassany <dcassany@suse.com>

- Provide schema version v7.5 in spec

- Update descriptions to schema v7.5

- Update cron for security scorecard

• Files Changed
• Browse Source

- Bump version: 9.24.22 → 9.24.23

- Fixed name of secret variable
  The ci-update-build-tests action used a wrong variable
  name which does not exist in the github secrets. This
  commit fixes it and uses the correct variable name

- Bump version: 9.24.21 → 9.24.22

- Revert "Revert "Fixed MicroOS build test""
  This reverts commit 8c4464b8ff2af2642439ce92e1e2be497f2b0f4d.
  snapper default config has moved from /etc to /usr/share
  now hopefully for the last time

- Fixed unit tests
  The pytest interface setup() method call has changed
  in a way that an additional parameter is passed to
  the method which leads to a python error at invocation
  time if the setup method does not define it.

- build-tests: Update CentOS 8 test appliance to CentOS Stream 8
  CentOS Linux 8 is now EOL, so switch over to CentOS Stream 8.

- Fixed handling of oem reboot settings
  There are oem settings called oem-reboot, oem-reboot-interactive
  as well as oem-shutdown and oem-shutdown-interactive. When used
  the information is passed along to the profile but not evaluated
  by any initrd code. I don't know where on the way we lost the
  code that actually works with these settings but this commit
  makes them effective. This Fixes #2056

• Files Changed
• Browse Source

- Bump version: 9.24.20 → 9.24.21

- Fixed UUID used in grub early boot script
  In case the system is luks encrypted the UUID of the root
  partition was used in the grub early boot script. However,
  this condition is only correct if in addition to the luks
  encryption the boot area is on crypto too. If boot is not
  on crypto the UUID must be the boot partition and not root.
  Only if root AND boot is on crypto the kiwi created early
  boot script includes the grub cryptomount calls.

- Bump version: 9.24.19 → 9.24.20

- Followup fix for force deleting debian packages
  The force uninstall deletes pre scripts prior removal
  because if they fail the package will not be removed.
  For a force uninstall we consider this ok. However,
  the deletion of the scripts did not happen in the
  image root. This patch fixes it

- Followup fix for force deleting debian packages
  Pass --force-depends to allow uninstall even if the
  dependency checker complains

- Fix use of xattrs for container sync
  when syncing data for containers only a subset of xattr
  attributes can be applied. This Fixes #2009

- Bump version: 9.24.18 → 9.24.19

• Files Changed
• Browse Source

osc copypac from project:Virtualization:Appliances:Staging package:python-kiwi revision:404

• Files Changed
• Browse Source

- Bump version: 9.24.13 → 9.24.14

- Disable intersphinx
  intersphinx is a doc extension which links to the documentation of
  objects in other projects whenever Sphinx encounters a cross-reference
  that has no matching target in the current documentation set, it
  looks for targets in the documentation sets configured in the
  intersphinx_mapping. However, the kiwi docs do not use this feature
  thus it can be disabled.

- Compress container images in builder class
  This commit changes the stage at which container images are compressed
  to match the criteria applied to other image types. Instead of
  compressing the image in OCI devoted classes now it is happening
  in builder class by setting Result instance properties.
  Fixes #1996
  Signed-off-by: David Cassany <dcassany@suse.com>

- Revert "Fixed MicroOS build test"
  This reverts commit 52c38f9ec22aef484efaf0a570dc78eea529deec.
  The TW people moved to an older version of libsnapper, no
  idea what these guys are doing

- kiwi-repart: Fix spelling error in source code comment

- Fix multiple minor spelling errors in documentation

- Added support for setting up release version
  Currently the release version is not set or set to '0'
  for package managers which requires a value to operate.

• Files Changed
• Browse Source