Inherit from fedora-bootc's tier-x on Fedora 42+ #3177
Conversation
There is a new tier-x in the fedora-bootc project whose goal is to provide a common base that all variants (including tier-1) can share. Move FCOS over to use this new tier, but only starting from Fedora 42. This is a profound change and the start of an exciting new future! This formalizes our relationship to other image-mode variants, encouraging us to innovate and solve problems together in a more direct way. Put more practically, e.g. bug fixes, new features, or temporary workarounds that concern all/most tier-x derivatives should probably be carried out at the tier-x level rather than the CoreOS level. Eventually, this inheritance will be made even more explicit by having FCOS be built `FROM` the tier-x image. For now, we share at the manifest level, which is a stepping stone towards that goal. Patches to actually dedupe our manifests with tier-x will follow. Though note there is no change in the resulting package set here.
All these manifests are already part of tier-x, so conditionalize them on <f42.
Split all the things redundant with tier-x into a separate manifest that only gets inherited on <f42.
Split all the things redundant with tier-x into a separate manifest that only gets inherited on <f42.
Split all the things redundant with tier-x into a separate manifest that only gets inherited on <f42.
No functional change. Prep for future patch.
No functional change. Prep for future patch.
All the requests in this manifest are part of tier-x, so conditionalize on <f42.
In the spirit of abusing `remove-from-packages` less and being more closely aligned with tier-x, stop literally nuking the systemd-firstboot binary and systemd unit. Instead, just disable the systemd unit. Note it's also disabled in the presets (in `40-coreos-systemd.preset`) and as mentioned in the comment, via a runtime dropin. So that's triple disablement already.
Split all the things redundant with tier-x into a separate manifest that only gets inherited on <f42.
No functional change. This just makes it easier to share the list of dupes with RHCOS downstream.
This workflow bumps the fedora-bootc submodule. It's better than just using Dependabot because it only checks for changes in tier-0 and tier-x. AFAICT, there isn't a way to tell Dependabot to do this.
|
Targeting rawhide for now to exercise it in CI. Will retarget testing-devel once this is ready to go. |
|
Some diff stats: testing-devel
rawhide
|
|
Huh, looks like the submodule isn't getting initialized in CI. Investigating. |
| # Firewall manipulation | ||
| - iptables nftables | ||
| - nftables |
There was a problem hiding this comment.
I'm surprised iptables is included in bootc tier-x, but nftables isn't.
| # This manifest can go away in Fedora 42. It duplicates tier-x. | ||
|
|
||
| # Default to `bash` in our container, the same as other containers we ship. | ||
| # Note this changes to /sbin/init in f42 as inherited by tier-x. |
There was a problem hiding this comment.
does this make the generated container not podman run able without specifying more on the command line?
| @@ -5,9 +5,6 @@ | |||
| # One good model is to add fedora-coreos-config as a git submodule. See: | |||
| # https://github.com/coreos/coreos-assembler/pull/639 | |||
|
|
|||
| # Include rpm-ostree + kernel + bootloader | |||
| include: bootable-rpm-ostree.yaml | |||
|
|
|||
There was a problem hiding this comment.
notable that fedora-coreos-base.yaml isn't included in RHCOS, but ignition-and-ostree.yaml is. So there will be some fixups to that repo needed when we bump the f-c-c git submodule there.
manifests/ignition-and-ostree.yaml
Outdated
| - [systemd, /usr/bin/systemd-firstboot, | ||
| /usr/lib/systemd/system/systemd-firstboot.service, | ||
| /usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service] | ||
| - [systemd, /usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service] |
There was a problem hiding this comment.
maybe we should also add a test to verify it doesn't somehow come back from the dead and get started?
| tmp-is-dir: true | ||
|
|
||
| # Required by Ignition, and makes the system not compatible with Anaconda | ||
| machineid-compat: false |
There was a problem hiding this comment.
This is also in manifests/tier-x.yaml
There was a problem hiding this comment.
I'm not the biggest fan of a submodule here but I guess that's really the only way to share at this stage. I really don't know of anything better, but a lot of questions to come to mind.
- since we sync around things in this repo using
configbot, how are updates to the submodule going to work? - we sometimes have our "streams" on different versions of Fedora. Right now
stabletestingandtesting-develare on F40,nextandnext-develare on F41, andrawhideF42. How do we account for this with a submodule. https://gitlab.com/fedora/bootc/base-images.git isn't a linear definition, it has branches like the rest of Fedora.
There was a problem hiding this comment.
Filed https://gitlab.com/fedora/bootc/tracker/-/issues/39 related to this.
There is a new tier-x in the fedora-bootc project whose goal is to
provide a common base that all variants (including tier-1) can share.
Move FCOS over to use this new tier, but only starting from Fedora 42.
This is a profound change and the start of an exciting new future! This
formalizes our relationship to other image-mode variants, encouraging us
to innovate and solve problems together in a more direct way.
Put more practically, e.g. bug fixes, new features, or temporary
workarounds that concern all/most tier-x derivatives should probably be
carried out at the tier-x level rather than the CoreOS level.
Eventually, this inheritance will be made even more explicit by having
FCOS be built
FROMthe tier-x image. For now, we share at the manifestlevel, which is a stepping stone towards that goal.
Patches to actually dedupe our manifests with tier-x will follow. Though
note there is no change in the resulting package set here.