diff --git a/base_images/fedora_base-setup.sh b/base_images/fedora_base-setup.sh index a3900261..1e48c658 100644 --- a/base_images/fedora_base-setup.sh +++ b/base_images/fedora_base-setup.sh @@ -16,6 +16,19 @@ REPO_DIRPATH=$(realpath "$SCRIPT_DIRPATH/../") # shellcheck source=./lib.sh source "$REPO_DIRPATH/lib.sh" +# TODO: Workaround for broken/missing mirrors during beta +if ((OS_RELEASE_VER==35)); then + for filepath in /etc/yum.repos.d/fedora*.repo; do + echo "Warning: Patching $filepath for F35 beta" + sed -i -r \ + -e 's/^#(baseurl=.+)/\1/' \ + -e 's/^(metalink=.+)/#\1/' \ + -e 's/download.example/dl.fedoraproject.org/' \ + -e 's/linux\/releases/linux\/development/' \ + $filepath + done +fi + # When installing during a container-build, installing anything # selinux-related will seriously screw up the rest of your day # with rpm debugging. @@ -24,7 +37,9 @@ declare -a PKGS PKGS=(rng-tools git coreutils) XSELINUX= if ((CONTAINER)); then - XSELINUX="--exclude=selinux*" + if ((OS_RELEASE_VER<35)); then + XSELINUX="--exclude=selinux*" + fi else PKGS+=(google-compute-engine-tools google-compute-engine-oslogin) fi @@ -54,7 +69,7 @@ if ! ((CONTAINER)); then METADATA_SERVICE_CTX=unconfined_u:unconfined_r:unconfined_t:s0 METADATA_SERVICE_PATH=systemd/system/google-startup-scripts.service sed -r -e \ - "s/Type=oneshot/Type=oneshot\nSELinuxContext=$METADATA_SERVICE_CTX/" \ + "s/^Type=oneshot/Type=oneshot\nSELinuxContext=$METADATA_SERVICE_CTX/" \ /lib/$METADATA_SERVICE_PATH > /etc/$METADATA_SERVICE_PATH fi diff --git a/base_images/gce.yml b/base_images/gce.yml index 345dd1d8..10b1ac0b 100644 --- a/base_images/gce.yml +++ b/base_images/gce.yml @@ -21,18 +21,17 @@ variables: # Empty value means it must be passed in on command-line # to build from - just as the sources below are the base-images to # start from building VM images. - # Upstream source for Ubuntu image duplication (prevents expiration) - # Look these up in the console by searching images for - # "Created by: Canonical" - UBUNTU_BASE_IMAGE: 'ubuntu-2104-hirsute-v20210511a' + # Upstream source for Ubuntu image to duplicate (prevents expiration). + # Use the most recent image based on this family name. + UBUNTU_BASE_FAMILY: 'ubuntu-2104' - # Latest Fedora release download URL - FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-Base-34-1.2.x86_64.qcow2" - FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-34-1.2-x86_64-CHECKSUM" + # Latest Fedora release (qcow and CHECKSUM) download URLs + FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-20211001.n.0.x86_64.qcow2" + FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/35/Cloud/x86_64/images/Fedora-Cloud-35-x86_64-20211001.n.0-CHECKSUM" # Prior Fedora release - PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-Base-33-1.2.x86_64.qcow2" - PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-33-1.2-x86_64-CHECKSUM" + PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-Base-34-1.2.x86_64.qcow2" + PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-34-1.2-x86_64-CHECKSUM" # Don't leak sensitive values in error messages / output @@ -86,13 +85,12 @@ builders: iso_url: '{{user `PRIOR_FEDORA_IMAGE_URL`}}' iso_checksum: 'file:{{user `PRIOR_FEDORA_CSUM_URL`}}' - - &imgcopy - name: 'ubuntu' + - name: 'ubuntu' type: 'googlecompute' # Prefix IMG_SFX with "b" so this is never confused with a cache_image name image_name: 'ubuntu-b{{user `IMG_SFX`}}' image_family: '{{build_name}}-base' - source_image: '{{user `UBUNTU_BASE_IMAGE`}}' + source_image_family: '{{user `UBUNTU_BASE_FAMILY`}}' source_image_project_id: 'ubuntu-os-cloud' project_id: '{{user `GCP_PROJECT_ID`}}' # Can't use env. var for this, googlecompute-import only supports filepath @@ -105,6 +103,8 @@ builders: src: '{{user `UBUNTU_BASE_IMAGE`}}' # Gotcha: https://www.packer.io/docs/builders/googlecompute#gotchas ssh_username: 'packer' + temporary_key_pair_type: ed25519 + ssh_clear_authorized_keys: true provisioners: # Ubuntu images come bundled with GCE integrations provisioned - type: 'shell' diff --git a/cache_images/cloud-init/fedora/cloud.cfg.d/50_custom_disk_setup.cfg b/cache_images/cloud-init/fedora/cloud.cfg.d/50_custom_disk_setup.cfg deleted file mode 100644 index c0fdf0e2..00000000 --- a/cache_images/cloud-init/fedora/cloud.cfg.d/50_custom_disk_setup.cfg +++ /dev/null @@ -1,4 +0,0 @@ -#cloud-config -growpart: - mode: false -resize_rootfs: false diff --git a/cache_images/fedora_packaging.sh b/cache_images/fedora_packaging.sh index 08b72a60..7a3fe8ee 100644 --- a/cache_images/fedora_packaging.sh +++ b/cache_images/fedora_packaging.sh @@ -153,7 +153,8 @@ INSTALL_PACKAGES=(\ case "$OS_RELEASE_VER" in 32) INSTALL_PACKAGES+=( python3-pytoml ) ;; 33) ;& - 34) INSTALL_PACKAGES+=( perl-FindBin python-toml ) ;; + 34) ;& + 35) INSTALL_PACKAGES+=( perl-FindBin python-toml ) ;; *) die "Unknown/Unsupported \$OS_REL_VER '$OS_REL_VER'" ;; esac @@ -167,20 +168,19 @@ if ! ((CONTAINER)); then policycoreutils ) else - EXARG="--exclude=selinux*" + if [[ "$OS_RELEASE_VER" -lt 35 ]]; then + EXARG="--exclude=selinux*" + fi fi # Download these package files, but don't install them; Any tests # wishing to, may install them using their native tools at runtime. DOWNLOAD_PACKAGES=(\ - "cri-o-$(get_kubernetes_version)*" - cri-tools - "kubernetes-$(get_kubernetes_version)*" oci-umount parallel podman-docker - python3-pytest4 + python3-pytest python3-virtualenv ) @@ -189,8 +189,6 @@ bigto $SUDO dnf install -y $EXARG "${INSTALL_PACKAGES[@]}" if [[ ${#DOWNLOAD_PACKAGES[@]} -gt 0 ]]; then echo "Downloading packages for optional installation at runtime, as needed." - # Required for cri-o - ooe.sh $SUDO dnf -y module enable cri-o:$(get_kubernetes_version) $SUDO mkdir -p "$PACKAGE_DOWNLOAD_DIR" cd "$PACKAGE_DOWNLOAD_DIR" lilto ooe.sh $SUDO dnf install -y 'dnf-command(download)' diff --git a/cache_images/fedora_setup.sh b/cache_images/fedora_setup.sh index 033a7113..4fa2bc1c 100644 --- a/cache_images/fedora_setup.sh +++ b/cache_images/fedora_setup.sh @@ -9,8 +9,10 @@ SCRIPT_FILEPATH=$(realpath "${BASH_SOURCE[0]}") SCRIPT_DIRPATH=$(dirname "$SCRIPT_FILEPATH") REPO_DIRPATH=$(realpath "$SCRIPT_DIRPATH/../") -# Run as quickly as possible after boot -/bin/bash $REPO_DIRPATH/systemd_banish.sh +if ! ((CONTAINER)); then + # Run as quickly as possible after boot + /bin/bash $REPO_DIRPATH/systemd_banish.sh +fi # shellcheck source=./lib.sh source "$REPO_DIRPATH/lib.sh" diff --git a/cache_images/gce.yml b/cache_images/gce.yml index abe201d8..d0e2891c 100644 --- a/cache_images/gce.yml +++ b/cache_images/gce.yml @@ -38,6 +38,7 @@ builders: ssh_username: packer # arbitrary, packer will create & setup w/ temp. keypair ssh_pty: 'true' temporary_key_pair_type: ed25519 + ssh_clear_authorized_keys: true # Permit running nested VM's to support specialized testing image_licenses: ["projects/vm-options/global/licenses/enable-vmx"] diff --git a/get_ci_vm/bad_repo_test/hack/get_ci_vm.sh b/get_ci_vm/bad_repo_test/hack/get_ci_vm.sh index 1247e882..22dbf0bc 100755 --- a/get_ci_vm/bad_repo_test/hack/get_ci_vm.sh +++ b/get_ci_vm/bad_repo_test/hack/get_ci_vm.sh @@ -52,9 +52,6 @@ cleanup() { set +e wait - # set GCLOUD_DEBUG to leave tmpdir behind for postmortem - test -z "$GCLOUD_DEBUG" && rm -rf $TMPDIR - # Not always called from an exit handler, but should always exit when called exit $RET } @@ -116,7 +113,6 @@ parse_args(){ show_usage "No image-name specified." fi - ENVS="$ENVS SPECIALMODE=\"$SPECIALMODE\"" SETUP_CMD="env $ENVS $GOSRC/contrib/cirrus/setup.sh" VMNAME="${VMNAME:-${USER}-${IMAGE_NAME}}" CREATE_CMD="$PGCLOUD compute instances create --zone=$ZONE --image-project=libpod-218412 --image=${IMAGE_NAME} --custom-cpu=$CPUS --custom-memory=$MEMORY --boot-disk-size=$DISK --labels=in-use-by=$USER $VMNAME" diff --git a/lib.sh b/lib.sh index 8cb9327f..95c9089d 100644 --- a/lib.sh +++ b/lib.sh @@ -95,20 +95,6 @@ set_gac_filepath(){ unset GAC_JSON; } -get_kubernetes_version() { - local KUBERNETES_VERSION - case "$OS_REL_VER" in - fedora-32) - KUBERNETES_VERSION="1.15" ;; - fedora-33) - KUBERNETES_VERSION="1.18" ;; - fedora-34) - KUBERNETES_VERSION="1.20" ;; - *) die "Unknown/Unsupported \$OS_REL_VER '$OS_REL_VER'" - esac - echo "$KUBERNETES_VERSION" -} - # Warning: DO NOT USE the following functions willy-nilly! # They are only intended to be called by other setup scripts, as the very # last step during the build process. They're purpose is to "reset" the @@ -166,6 +152,10 @@ common_finalize() { echo -n "" | $SUDO tee /etc/machine-id $SUDO sync if ! ((CONTAINER)); then + # Be sure we got everything - dep. resolving may have pulled in more + /bin/bash $(dirname ${BASH_SOURCE[0]})/systemd_banish.sh + + # This helps when google goes to compress the image $SUDO fstrim -av fi } diff --git a/podman/fedora_release b/podman/fedora_release index a7873645..8f92bfdd 100644 --- a/podman/fedora_release +++ b/podman/fedora_release @@ -1 +1 @@ -34 +35 diff --git a/podman/prior-fedora_release b/podman/prior-fedora_release index bb95160c..a7873645 100644 --- a/podman/prior-fedora_release +++ b/podman/prior-fedora_release @@ -1 +1 @@ -33 +34 diff --git a/skopeo_cidev/setup.sh b/skopeo_cidev/setup.sh index 8a64b99b..df8f4c37 100644 --- a/skopeo_cidev/setup.sh +++ b/skopeo_cidev/setup.sh @@ -61,7 +61,7 @@ cd "$REG_GOSRC" git clone --depth 1 -b "$OSO_TAG" "$OSO_REPO" "$OSO_GOSRC" cd "$OSO_GOSRC" -# Edit out a "go < 1.5" check which works incorrectly with go ≥ 1.10. +# Edit out a "go < 1.5" check which works incorrectly with go >= 1.10. sed -i -e 's/\[\[ "\${go_version\[2]}" < "go1.5" ]]/false/' ./hack/common.sh # Fix a bug in 'options' line processing of resolv.conf when an option is diff --git a/systemd_banish.sh b/systemd_banish.sh index 26b51bb5..14678844 100644 --- a/systemd_banish.sh +++ b/systemd_banish.sh @@ -11,7 +11,7 @@ SUDO="" [[ "$UID" -eq 0 ]] || \ SUDO="sudo" -EVIL_UNITS="cron crond atd apt-daily-upgrade apt-daily fstrim motd-news systemd-tmpfiles-clean update-notifier-download" +EVIL_UNITS="cron crond atd apt-daily-upgrade apt-daily fstrim motd-news systemd-tmpfiles-clean update-notifier-download mlocate-updatedb" if [[ "$1" == "--list" ]] then