Revisions of python-kiwi
- Bump version: 9.24.36 → 9.24.37 - Added example aarch64 integration test for Ubuntu Created a RaspberryPI image description for Ubuntu(jammy) as integration test for building aarch64 images and added it to the integration test matrix - Added --target-arch for image info Allow cross arch dependency solving - update docs - Add support for group id in users setting Allow to specify the group id in the groups list a user should belong to. The group id can be placed as part of the group name separated by a colon like in the following example: <users> <user groups="kiwi,admin:42,users" password="..." name="kiwi"/> </users> Please note kiwi checks if the provided group already exists and only creates a group if it is not already present in the system. As default groups are usually provided by the OS itself including its preferred group id, you will intentionally not be able to overwrite group id for existing groups. This Fixes #2064
- Subformats should also not be compressed when encryption is enabled (#2138) Subformats should also not be compressed when encryption is enabled This is a follow on change to bdba953. When the filesystem is encrypted the resulting image should not be compressed. Also explain why we ignore the compression seeting in the user configuration for encrypted images. - Add support for prebuilt bootstrap package for apt When using the apt packagemanager kiwi required the use of debootstrap to create the initial rootfs. This works as long as there is always a main distribution repository available which follows the structure of the official debian mirrors. However if such a main distribution is not present or an alternative layout like e.g OBS repos is used, debootstrap will refuse to work. To allow for an alternative and without the dependency to debootstrap kiwi supports using a prebuilt bootstrap package providing the mini rootfs to serve as the bootstrap result. As all other package managers properly supports installation into an empty new root, this feature was only added when using the apt packagemanager
- Bump version: 9.24.34 → 9.24.35 - Allow more repo params to be set on the cmdline The repository parameters for signing keys, the component list the main distribution name for debian repositories and also the repository_gpgcheck could not be set via the commandline options --add-repo and/or --set-repo. This commit adds support for them and also updates the manual page accordingly - Update ubuntu integration tests Build them against latest release (jammy). This Fixes #2128 - Add support for partition cloning Support creating block level clones of certain partitions used in the image. Clones can be created from the root, boot and any partition listed in the <partitions> element.
- Bump version: 9.24.33 → 9.24.34 - Follow up fix for isolinux-config isolinux-config is called to update the search path inside of the isolinux binary. isolinux/syslinux is exclusive to the ix86 architecture and to BIOS firmware. Therefore the condition to actually call it should reflect this. - Fixed runtime check Fixed check_dracut_module_for_disk_overlay_in_package_list. The check complains if the dracut-kiwi-overlay module is not installed but overlay support was requested. This is correct but should only be done if the selected initrd system is dracut.
- Bump version: 9.24.32 → 9.24.33 - Add option to set LUKS type to luks1 (#2126) Add option to set LUKS type to luks1 So far the LUKS type could be set to luks and luks2. However, what luks version the value 'luks' evaluates to depends on how the distributor has packaged luks. Thus it's possible that 'luks' is either luks1 or luks2. To also have the opportunity to explicitly specify luks1 this commit adds the opportunity in the schema. - Update devel packages helper Added trang as needed when working on the schema - Add support for dm integrity with secret key Allow to protect the opening of the integrity data map and journal through a keyfile. For setting the key file two new optional type attributes were added: * integrity_keyfile * integrity_metadata_key_description The key file format must be correct according to the selected integrity algorithm. As of now the kiwi default hmac-sha256 algorithm is used with the selected keyfile The optional integrity_metadata_key_description attribute allows to specify a custom description of an integrity key as it is expected to be present in the kernel keyring. The information is placed in the integrity metadata block. If not specified kiwi creates a key argument string instead which is based on the given integrity_keyfile filename. The format of this key argument is: :BASENAME_OF_integrity_keyfile_WITHOUT_FILE_EXTENSION
- Bump version: 9.24.31 → 9.24.32 - Add support for standalone dm integrity There is support in kiwi to use dm_integrity in combination with the LUKS header and dm_crypt. However there is also the use case to setup dm_integrity in standalone mode. This commit allows to create the dm_integrity layer outside of LUKS using /etc/integritytab to activate the map through a systemd generator if systemd is used. Regarding systemd it's required to use a version of system which provides: system-generators/systemd-integritysetup-generator. If this generator does not exist in the distribution it will also be missing in the dracut generated initrd and the boot will not be able to succeed. It's mentioned here because even newer distributions might be missing the generator Along with the implementation there are two new optional attributes in the <type> section: standalone_integrity="true|false" embed_integrity_metadata="true|false" standalone_integrity activates/deactivates the dm_integrity map on top of the root filesystem. Similar to the veritysetup support there is the opportunity to create an embedded magic metadata block at the end of the device containing the root filesystem via embed_integrity_metadata - Be less strict in boot link to itself As part of the grub setup a link named 'boot' inside of /boot is created pointing to itself 'boot -> .'. The reason is to allow the bootloader config to find its files referenced as /boot/something independently if /boot is placed into an extra
- Bump version: 9.24.30 → 9.24.31 - Fix LABEL detection (#2112) When only "root=" is specified on the kernel command line the match is located in the first group. Loop through the groups upon mtach to find what we are looking for. - Preserve LABEL setting (#2108) Preserve the LABEL= setting when the grub config file is re-generated. the GRUB_ENABLE_LINUX_LABEL setting does not exists upstream and not in any SUSE distribution. Set the grub setting such that LABEL is preserved on SUSE distros. (bsc#1197616) - Fix test_setup_default_grub_empty_kernelcmdline The unit test exists to check that GRUB_CMDLINE_LINUX_DEFAULT is not set depending on the provided cmdline. The test exists for reasons explained in Issue #1650 - Don't compress .appx containers (#2106) The container is actually inside and already compressed. - Added new CloneDevice class Added CloneDevice class to the storage interface. The class allows to create clone(s) from a given source block device into a list of target block devices. The target block devices are clones of the source but prevents device naming conflicts for unique identifiers like the UUID. This is requires to still allow to boot from images containing device clones and needs to be handled by tools that might work on top of the cloned
- Bump version: 9.24.29 → 9.24.30 - Update contents of store_credentials result file The method added information about the PARTUUID as useful information. However, PARTUUID's are not supported by all partition tables. The Linux generated artificial values from the disk identifier are not wanted in this scope. As the information is not mandatory it's better to not provide it at all and avoid confusion to users. - Make blkid call more robust Do not raise of blkid is not able to read the requested ID. It is expected that the methods of the BlockID class either returns a value or none but do not raise and cause the complete process to terminate - Added embed_verity_metadata attribute Specifies to write a binary block at the end of the partition serving the root filesystem, containing information for dm_verity verification and to construct the device map
- Fixed parsing of veritysetup output veritysetup uses tabs to align values. The way kiwi parsed the values did not strip out the tabs and later on keeps them in the verification metadata block. The unit test did not catch this because the mock output used for veritysetup did not contain tabs. This commit fixes the test to catch this condition and also fixes the code to handle all space characters (tabs, space, newlines) in a safe way - Added create_verification_metadata method Along with creating a filesystem including device mapper features like dm_verity (see verity_blocks) or dm_crypt/dm_integrity (see luks) there is always the question where to store the metadata information required to setup the device map. This can include information about blocksizes, offset addresses and more. The create_verification_metadata() method allows to write a signed custom data block of a documented format at the end of the given block special which stores this type of information such that tools at boot time gets the opportunity to read this information. In this commit only information connected to the dm_verity feature activated via the verity_blocks attribute will be part of the verification block. With future changes other data might be added - Added runtime check for by-partuuid use Added check_partuuid_persistency_type_used_with_mbr(). Not every partition table type supports UUIDs. We don't want to make use of the artifical values created by Linux if the partition table doesn't support it natively
- Support partuuid and label mounts in dracut module The 90kiwi-overlay dracut module was not able to parse the device link if done with PARTUUID or LABEL
- Added integration test for by-partuuid The test hooks into the existing test-image-embedded integration test for leap. As I plan to extend the tests specific to features actually only useful for special embedded images, I thought this would be the right place to start - validate luksformat options validate options against the cryptsetup help info in a runtime check - Handle LUKS type in its own attribute - Fixed attribute description The overlayroot_verity_blocks attribute description contained outdated information - Add support for verity setup on standard rootfs So far the verity support was only available with the overlayroot layout and the read-only squashfs root. This commit adds a new attribute: verity_blocks="number|all" which allows to create the verity setup also on the standard root partition In addition to the change it was needed to extend the Filesystem API with an additional optional paramter to allow setup of the filesystem UUID. Having the opportunity to set the UUID at filesystem creation is generally useful and with regards to this particular change it became also required - Allow Btrfs and XFS as options for the boot partition filesystem
- Bump version: 9.24.28 → 9.24.29 - Don't bind mount /run during build time In commit #9512318 a new bind mount of /run into the root tree during build time was introduced. The bind mount was done because in my tests running podman from config.sh it did not work without /run bind mounted. However, it turned out that I was wrong because along with the provided methods to prepare cgroups and a custom runtime configuration method; setupContainerRuntime() it is not needed to have /run bind mounted. Thus this commit deletes the bind mount of /run and therefore Fixes #2067 - Fix github action running obs service refresh The curl command to send the POST request for running the obs remote service uses the --fail-with-body option. Unfortunately the ubuntu-latest container used to run the action comes with a curl version that does not support the option. Thus this commit removes the use of the option - Style changes in container docs Reformulate the container building guide a bit - Update schema docs Signed-off-by: David Cassany <dcassany@suse.com> - Provide schema version v7.5 in spec - Update descriptions to schema v7.5 - Update cron for security scorecard
- Fixed unconditional grub2 package requirement The grub2 package does not exist on all distributions as a name provider independent of the architecture. On for example Debian and Ubuntu the packages are handled differently and grub2 is only provided on supported architectures. Thus the spec file should set the grub2 requirement only if the distribution provides it in any case - Added overlayroot_verity_blocks attribute Setting this attribute to a number or 'all' in an overlayroot configuration will create a dm verity hash from the number of given blocks (or all) placed at the end of the squashfs compressed read-only root filesystem. For later verification of the device, and without further image description settings, the credentials information produced by veritysetup from the cryptsetup tools, is created as a file in /boot/overlayroot.verity and is stored as such into the image by default.
- Bump version: 9.24.26 → 9.24.27 - Fixed disk.sh caller environment The documentation explains the disk.sh script to be called from inside of the image root as it exists on the block layer. The disk.sh script is therefore also called after the sync of the unpacked image root tree to the block layer. The implementation however, was only partially calling disk.sh from such an environment. In fact the environment was only the mountpoint of the root partition but this is not the complete system regarding layouts that uses extra partitions and/or volumes. This commit introduces the use of the new class ImageSystem and calls disk.sh in the way it was designed and documented. - Added ImageSystem class The class responsibility is to provide access to the image root system from the block layer of the image scope - Prevent superfluous filesystem creation In case of an overlayroot setup and the request for no extra write partition, it is not needed to create a filesystem for the write space which never gets synced to the image - Added overlayroot_readonly_partsize attribute Specifies the size in MB of the partition which stores the squashfs compressed read-only root filesystem in an overlayroot setup. This Fixes #2068
- Bump version: 9.24.25 → 9.24.26 - Fixed destructor test on oci_tools/buildah_test.py Calling del() from teardown breaks when the method is called through teardown_method
- Bump version: 9.24.24 → 9.24.25 - Support nose and xunit style tests The modifications in this commit allows the unit tests to run on both, pytest 6.x (nose test layout) and the new pytest 7.x (xunit test layout). This Fixes #2072 in a much nicer way. Thanks much to @smarlowucf - Update unit test to work in obs Some unit tests fails if they run in an obs environment. This is because the implementation checks the runtime envoironment and behaves differently if the system is an obs worker. The unit tests has to explicitly set this condition right for the test - Revert "Unit test adaptions to pytest v7" This reverts commit 0dc2e803e0e8059c54a0ea23960245286675c86c. The pytest interface from version v6 to v7 has received changes which requires the tests to be adapted to work for either the old or the new interface. As there are still many distributions which uses v6 as the standard we decided to revert back the adaptions done to support v7 and create a version requirement to v6 in .virtualenv.dev-requirements.txt This Fixes #2072 - Update to scorecard CI 1.0.4 - Added debootstrap log info to exception message In case debootstrap fails there is more detailed information in a logfile written by debootstrap itself. This commit changes
- Bump version: 9.24.23 → 9.24.24 - Added overlayroot_write_partition attribute For the oem type only, allows to specify if the extra read-write partition in an overlayroot setup should be created or not. By default the partition is created and the kiwi-overlay dracut module also expect it to be present. However, the overlayroot feature can also be used without an initrd and under certain circumstances it is handy to configure if the partition table should contain the read-write partition or not. - Use DEB822-formatted .sources files instead .list files for APT - Follow up fix on force deleting debs Also remove eventual post scripting prior force removal of deb packages. Similar inconsistencies as with the pre scripts can occur on force removal. We want the operation to be successful in force mode even if that means to leave a dirty state. - Add support for pre_disk_sync.sh script The optional pre_disk_sync.sh script is executed for the disk image type oem only and runs right before the synchronisation of the root tree into the disk image loop file. The script hook can be used to change content of the root tree as a last action before the sync to the disk image is performed. This is useful for example to delete components from the system which were needed before or cannot be modified afterwards when syncing into a read-only filesystem.
Displaying revisions 161 - 180 of 601