osbuild · achilleas-k · Aug 21, 2023 · Aug 16, 2023 · Aug 16, 2023 · Aug 16, 2023
diff --git a/Schutzfile b/Schutzfile
diff --git a/pkg/distro/rhel9/edge.go b/pkg/distro/rhel9/edge.go
@@ -7,6 +7,7 @@ import (
 	"github.com/osbuild/images/internal/environment"
 	"github.com/osbuild/images/pkg/disk"
 	"github.com/osbuild/images/pkg/distro"
+	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/platform"
 	"github.com/osbuild/images/pkg/rpmmd"
 )
@@ -23,6 +24,7 @@ var (
 		},
 		defaultImageConfig: &distro.ImageConfig{
 			EnabledServices: edgeServices,
+			SystemdUnit:     systemdUnits,
 		},
 		rpmOstree:        true,
 		image:            edgeCommitImage,
@@ -46,6 +48,7 @@ var (
 		},
 		defaultImageConfig: &distro.ImageConfig{
 			EnabledServices: edgeServices,
+			SystemdUnit:     systemdUnits,
 		},
 		rpmOstree:        true,
 		bootISO:          false,
@@ -196,7 +199,19 @@ var (
 		// TODO(runcom): move fdo-client-linuxapp.service to presets?
 		"NetworkManager.service", "firewalld.service", "sshd.service", "fdo-client-linuxapp.service",
 	}
-
+	//dropin to disable grub-boot-success.timer if greenboot present
+	systemdUnits = []*osbuild.SystemdUnitStageOptions{
+		{
+			Unit:     "grub-boot-success.timer",
+			Dropin:   "10-disable-if-greenboot.conf",
+			UnitType: osbuild.Global,
+			Config: osbuild.SystemdServiceUnitDropin{
+				Unit: &osbuild.SystemdUnitSection{
+					FileExists: "!/usr/libexec/greenboot/greenboot",
+				},
+			},
+		},
+	}
 	// Partition tables
 	edgeBasePartitionTables = distro.BasePartitionTableMap{
 		platform.ARCH_X86_64.String(): disk.PartitionTable{

diff --git a/pkg/osbuild/systemd_unit_stage.go b/pkg/osbuild/systemd_unit_stage.go
@@ -1,9 +1,17 @@
 package osbuild
 
+type unitType string
+
+const (
+	System unitType = "system"
+	Global unitType = "global"
+)
+
 type SystemdUnitStageOptions struct {
-	Unit   string                   `json:"unit"`
-	Dropin string                   `json:"dropin"`
-	Config SystemdServiceUnitDropin `json:"config"`
+	Unit     string                   `json:"unit"`
+	Dropin   string                   `json:"dropin"`
+	Config   SystemdServiceUnitDropin `json:"config"`
+	UnitType unitType                 `json:"unit-type,omitempty"`
 }
 
 func (SystemdUnitStageOptions) isStageOptions() {}
@@ -18,10 +26,17 @@ func NewSystemdUnitStage(options *SystemdUnitStageOptions) *Stage {
 // Drop-in configuration for a '.service' unit
 type SystemdServiceUnitDropin struct {
 	Service *SystemdUnitServiceSection `json:"Service,omitempty"`
+	Unit    *SystemdUnitSection        `json:"Unit,omitempty"`
 }
 
 // 'Service' configuration section of a unit file
 type SystemdUnitServiceSection struct {
 	// Sets environment variables for executed process
 	Environment string `json:"Environment,omitempty"`
 }
+
+// 'Unit' configuration section of a unit file
+type SystemdUnitSection struct {
+	// Sets condition to to check if file exits
+	FileExists string `json:"ConditionPathExists,omitempty"`
+}
diff --git a/pkg/osbuild/systemd_unit_stage_test.go b/pkg/osbuild/systemd_unit_stage_test.go
@@ -14,3 +14,23 @@ func TestNewSystemdUnitStage(t *testing.T) {
 	actualStage := NewSystemdUnitStage(&SystemdUnitStageOptions{})
 	assert.Equal(t, expectedStage, actualStage)
 }
+
+func TestNewSystemdGlobalUnitStage(t *testing.T) {
+	var options = SystemdUnitStageOptions{
+		Unit:   "test.timer",
+		Dropin: "10-greenboot.conf",
+		Config: SystemdServiceUnitDropin{
+			Unit: &SystemdUnitSection{
+				FileExists: "/usr/lib/test",
+			},
+		},
+		UnitType: Global,
+	}
+
+	expectedStage := &Stage{
+		Type:    "org.osbuild.systemd.unit",
+		Options: &options,
+	}
+	actualStage := NewSystemdUnitStage(&options)
+	assert.Equal(t, expectedStage, actualStage)
+}
diff --git a/schutzbot/setup-osbuild-repo b/schutzbot/setup-osbuild-repo
@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+#
+# Add a repository configuration to install the osbuild rpm at a specific
+# commit if specified.
+import json
+import os
+
+SCHUTZFILE = "Schutzfile"
+OS_RELEASE_FILE = "/etc/os-release"
+REPO_FILE = "/etc/yum.repos.d/osbuild.repo"
+
+REPO_TEMPLATE = """
+[osbuild]
+name=osbuild {commit}
+baseurl=http://osbuild-composer-repos.s3-website.us-east-2.amazonaws.com/{repo_path}
+enabled=1
+gpgcheck=0
+priority=10
+"""
+
+
+def read_osrelease(path):
+    """Read Operating System Information from `os-release`
+
+    This creates a dictionary with information describing the running operating system. It reads the information from
+    the path array provided as `paths`.  The first available file takes precedence. It must be formatted according to
+    the rules in `os-release(5)`.
+    """
+    osrelease = {}
+
+    with open(path, encoding="utf8") as f:
+        for line in f:
+            line = line.strip()
+            if not line:
+                continue
+            if line[0] == "#":
+                continue
+            key, value = line.split("=", 1)
+            osrelease[key] = value.strip('"')
+
+    return osrelease
+
+
+def get_osbuild_commit(distro_version):
+    with open(SCHUTZFILE) as schutzfile:
+        data = json.load(schutzfile)
+
+    return data.get(distro_version, {}).get("dependencies", {}).get("osbuild", {}).get("commit", None)
+
+
+def write_repo(commit, distro_version):
+    arch = os.uname().machine
+    repo_path = f"osbuild/{distro_version}/{arch}/{commit}"
+    print(f"Setting up dnf repository for {commit} ({repo_path})")
+    with open("/etc/yum.repos.d/osbuild.repo", "w") as repofile:
+        repofile.write(REPO_TEMPLATE.format(commit=commit, repo_path=repo_path))
+
+
+def main():
+    osrelease = read_osrelease(OS_RELEASE_FILE)
+
+    distro_version = osrelease["ID"] + "-" + osrelease["VERSION_ID"]
+    commit_id = get_osbuild_commit(distro_version)
+    if not commit_id:
+        print("No commit ID defined for osbuild")
+        return
+
+    write_repo(commit_id, distro_version)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/test/generators/configure-generators b/test/generators/configure-generators
@@ -31,6 +31,7 @@ generate-build-config-{distro}-{arch}:
     INTERNAL_NETWORK: "true"
     PYTHONUNBUFFERED: 1
   script:
+    - sudo ./schutzbot/setup-osbuild-repo
     - sudo dnf -y install go python3 gpgme-devel s3cmd
       osbuild osbuild-luks2 osbuild-lvm2 osbuild-ostree osbuild-selinux
     - ./test/generators/generate-build-config --distro {distro} --arch {arch} build-config.yml
@@ -60,6 +61,7 @@ generate-ostree-build-config-{distro}-{arch}:
     INTERNAL_NETWORK: "true"
     PYTHONUNBUFFERED: 1
   script:
+    - sudo ./schutzbot/setup-osbuild-repo
     - sudo dnf -y install go python3 gpgme-devel s3cmd
       osbuild osbuild-luks2 osbuild-lvm2 osbuild-ostree osbuild-selinux podman
     - ./test/generators/generate-ostree-build-config --distro {distro} --arch {arch} build-config.yml build-configs

diff --git a/test/generators/generate-build-config b/test/generators/generate-build-config
@@ -14,6 +14,7 @@ JOB_TEMPLATE = """
 build/{distro}/{arch}/{image_type}/{config_name}:
   stage: test
   script:
+    - sudo ./schutzbot/setup-osbuild-repo
     - sudo dnf install -y go gpgme-devel gcc
       osbuild osbuild-luks2 osbuild-lvm2 osbuild-ostree osbuild-selinux
       s3cmd

diff --git a/test/generators/generate-ostree-build-config b/test/generators/generate-ostree-build-config
@@ -10,6 +10,7 @@ JOB_TEMPLATE = """
 build/{distro}/{arch}/{image_type}/{config_name}:
   stage: test
   script:
+    - sudo ./schutzbot/setup-osbuild-repo
     - sudo dnf install -y go gpgme-devel gcc
       osbuild osbuild-luks2 osbuild-lvm2 osbuild-ostree osbuild-selinux
       s3cmd podman