containers · cevich · Nov 19, 2021 · Nov 9, 2021 · Nov 17, 2021 · Nov 17, 2021
diff --git a/base_images/cloud-init/fedora/cloud.cfg.d/50_custom_disk_setup.cfg b/base_images/cloud-init/fedora/cloud.cfg.d/50_custom_disk_setup.cfg
diff --git a/base_images/fedora_base-setup.sh b/base_images/fedora_base-setup.sh
@@ -24,9 +24,16 @@ declare -a PKGS
 PKGS=(rng-tools git coreutils)
 XSELINUX=
 if ((CONTAINER)); then
-    XSELINUX="--exclude=selinux*"
+    if ((OS_RELEASE_VER<35)); then
+        XSELINUX="--exclude=selinux*"
+    fi
 else
-    PKGS+=(google-compute-engine-tools google-compute-engine-oslogin)
+    PKGS+=(google-compute-engine-oslogin)
+    if ((OS_RELEASE_VER<35)); then
+        PKGS+=(google-compute-engine-tools)
+    else
+        PKGS+=(google-compute-engine-guest-configs)
+    fi
 fi
 
 dnf -y update $XSELINUX
@@ -41,6 +48,20 @@ install_automation_tooling
 if ! ((CONTAINER)); then
     custom_cloud_init
 
+    # Be kind to humans, indicate where generated files came from
+    sourcemsg="### File generated during VM Image build by $(basename $SCRIPT_FILEPATH)"
+
+    if ((OS_RELEASE_VER<35)); then
+        echo "Overriding cloud-init service file"
+        # The packaged cloud-init.service unit has a dependency loop
+        # vs google-network-daemon.service.  Fix this with a custom
+        # cloud-init service file.
+        CLOUD_SERVICE_PATH="systemd/system/cloud-init.service"
+        echo "$sourcemsg" > /etc/$CLOUD_SERVICE_PATH
+        cat $SCRIPT_DIRPATH/fedora-cloud-init.service >> /etc/$CLOUD_SERVICE_PATH
+    fi
+
+    echo "Setting GCP startup service (for Cirrus-CI agent) SELinux unconfined"
     # ref: https://cloud.google.com/compute/docs/startupscript
     # The mechanism used by Cirrus-CI to execute tasks on the system is through an
     # "agent" process launched as a GCP startup-script (from the metadata service).
@@ -50,9 +71,10 @@ if ! ((CONTAINER)); then
     # run with the proper contexts.
     METADATA_SERVICE_CTX=unconfined_u:unconfined_r:unconfined_t:s0
     METADATA_SERVICE_PATH=systemd/system/google-startup-scripts.service
+    echo "$sourcemsg" > /etc/$METADATA_SERVICE_PATH
     sed -r -e \
         "s/^Type=oneshot/Type=oneshot\nSELinuxContext=$METADATA_SERVICE_CTX/" \
-        /lib/$METADATA_SERVICE_PATH > /etc/$METADATA_SERVICE_PATH
+        /lib/$METADATA_SERVICE_PATH >> /etc/$METADATA_SERVICE_PATH
 fi
 
 if [[ "$OS_RELEASE_ID" == "fedora" ]] && ((OS_RELEASE_VER>=33)); then

diff --git a/base_images/gce.yml b/base_images/gce.yml
@@ -25,13 +25,16 @@ variables:  # Empty value means it must be passed in on command-line
     # Use the most recent image based on this family name.
     UBUNTU_BASE_FAMILY: 'ubuntu-2110'
 
-    # Latest Fedora release download URL
-    FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-Base-34-1.2.x86_64.qcow2"
-    FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-34-1.2-x86_64-CHECKSUM"
+    # Latest Fedora release (qcow and CHECKSUM) download URLs
+    # N/B: There are Fedora-Cloud...GCP.tar.gz images available, however
+    #      as of this comment, they lack the cloud-init package which is
+    #      required by GCP for startup resizing of the rootfs.
+    FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-35-1.2-x86_64-CHECKSUM"
+    FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2"
 
     # Prior Fedora release
-    PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-Base-33-1.2.x86_64.qcow2"
-    PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-33-1.2-x86_64-CHECKSUM"
+    PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-34-1.2-x86_64-CHECKSUM"
+    PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-Base-34-1.2.x86_64.qcow2"
 
 
 # Don't leak sensitive values in error messages / output
@@ -143,13 +146,16 @@ post-processors:
         bucket: '{{user `XFERBUCKET`}}'
         gcs_object_name: '{{build_name}}-{{user `IMG_SFX`}}.tar.gz'
         image_name: "fedora-b{{user `IMG_SFX`}}"
-        image_description: 'Based on {{user `FEDORA_IMAGE_URL`}}'
         image_family: '{{build_name}}-base'
+        # Can't save the url in an image_label
+        image_description: '{{user `FEDORA_IMAGE_URL`}}'
+        image_labels:
+          sfx: '{{user `IMG_SFX`}}'
       - <<: *gcp_import
         only: ['prior-fedora']
         image_name: "prior-fedora-b{{user `IMG_SFX`}}"
-        image_description: 'Based on {{user `PRIOR_FEDORA_IMAGE_URL`}}'
         image_family: '{{build_name}}-base'
+        image_description: '{{user `PRIOR_FEDORA_IMAGE_URL`}}'
       - type: 'manifest'
         output: 'base_images/manifest.json'  # Collected by Cirrus-CI
         strip_path: true

diff --git a/cache_images/fedora_packaging.sh b/cache_images/fedora_packaging.sh
@@ -45,6 +45,7 @@ INSTALL_PACKAGES=(\
     btrfs-progs-devel
     buildah
     bzip2
+    catatonit
     conmon
     containernetworking-plugins
     containers-common
@@ -153,7 +154,8 @@ INSTALL_PACKAGES=(\
 case "$OS_RELEASE_VER" in
     32) INSTALL_PACKAGES+=( python3-pytoml ) ;;
     33) ;&
-    34) INSTALL_PACKAGES+=( perl-FindBin python-toml ) ;;
+    34) ;&
+    35) INSTALL_PACKAGES+=( perl-FindBin python-toml ) ;;
     *) die "Unknown/Unsupported \$OS_REL_VER '$OS_REL_VER'" ;;
 esac
 
@@ -167,7 +169,9 @@ if ! ((CONTAINER)); then
         policycoreutils
     )
 else
-    EXARG="--exclude=selinux*"
+    if [[ "$OS_RELEASE_VER" -lt 35 ]]; then
+        EXARG="--exclude=selinux*"
+    fi
 fi
 
 
@@ -177,7 +181,7 @@ DOWNLOAD_PACKAGES=(\
     oci-umount
     parallel
     podman-docker
-    python3-pytest4
+    python3-pytest
     python3-virtualenv
 )
 

diff --git a/cache_images/ubuntu_packaging.sh b/cache_images/ubuntu_packaging.sh
@@ -61,6 +61,7 @@ INSTALL_PACKAGES=(\
     buildah
     bzip2
     ca-certificates
+    catatonit
     conmon
     containernetworking-plugins
     containers-common

diff --git a/ci/make_container_images.sh b/ci/make_container_images.sh
@@ -53,7 +53,7 @@ set +x  # protect username/password values
 # These both come in from Cirrus-CI
 # shellcheck disable=SC2154
 echo "$REG_PASSWORD" | \
-    podman login --password-stdin --username "$REG_USERNAME" "$DEST_FQIN"
+    podman login --password-stdin --username "$REG_USERNAME" "${DEST_FQIN%%:*}"
 
 set -x  # Easier than echo'ing out status for everything
 # DEST_FQIN comes in from Cirrus-CI

diff --git a/podman/fedora_release b/podman/fedora_release
@@ -1 +1 @@
-34
+35
diff --git a/podman/prior-fedora_release b/podman/prior-fedora_release
@@ -1 +1 @@
-33
+34