From 51ee72c2b0f2652f44719ccd5991cdfa8fc51584 Mon Sep 17 00:00:00 2001 From: Prashanth Sundararaman Date: Wed, 9 Dec 2020 10:30:59 -0500 Subject: [PATCH 001/489] tests: Enable TPM test for all arches except s390x With TPM support landing in Fedora-33, enable TPM test for all arches except s390x. A TPM backend device is not available on s390x to suport TPM --- tests/kola/root-reprovision/luks/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/kola/root-reprovision/luks/test.sh b/tests/kola/root-reprovision/luks/test.sh index c27672deb4..ae357437bb 100755 --- a/tests/kola/root-reprovision/luks/test.sh +++ b/tests/kola/root-reprovision/luks/test.sh @@ -1,5 +1,5 @@ #!/bin/bash -# kola: {"platforms": "qemu", "minMemory": 4096, "architectures": "x86_64"} +# kola: {"platforms": "qemu", "minMemory": 4096, "architectures": "!s390x"} set -xeuo pipefail srcdev=$(findmnt -nvr / -o SOURCE) From 9aa049b4b21b93f828ddd5c255a5c7a5bf17a667 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 20 Dec 2020 04:14:48 +0000 Subject: [PATCH 002/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 44 +++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index b39dd19614..c6766bb1cd 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -31,7 +31,7 @@ "evra": "2.4.48-10.fc33.x86_64" }, "audit-libs": { - "evra": "3.0-0.21.20191104git1c2f876.fc33.x86_64" + "evra": "3.0-1.fc33.x86_64" }, "avahi-libs": { "evra": "0.8-7.fc33.x86_64" @@ -130,10 +130,10 @@ "evra": "1.4.3-1.fc33.x86_64" }, "containernetworking-plugins": { - "evra": "0.8.7-1.fc33.x86_64" + "evra": "0.9.0-1.fc33.x86_64" }, "containers-common": { - "evra": "1:1.2.0-10.fc33.x86_64" + "evra": "1:1.2.0-13.fc33.x86_64" }, "coreos-installer": { "evra": "0.7.2-1.fc33.x86_64" @@ -265,13 +265,13 @@ "evra": "33-1.noarch" }, "fedora-release-common": { - "evra": "33-2.noarch" + "evra": "33-3.noarch" }, "fedora-release-coreos": { - "evra": "33-2.noarch" + "evra": "33-3.noarch" }, "fedora-release-identity-coreos": { - "evra": "33-2.noarch" + "evra": "33-3.noarch" }, "fedora-repos": { "evra": "33-1.noarch" @@ -328,7 +328,7 @@ "evra": "3.9.4-1.fc33.x86_64" }, "fwupd": { - "evra": "1.5.3-1.fc33.x86_64" + "evra": "1.5.4-1.fc33.x86_64" }, "gawk": { "evra": "5.1.0-2.fc33.x86_64" @@ -646,7 +646,7 @@ "evra": "1.0.1-18.fc33.x86_64" }, "libnfsidmap": { - "evra": "1:2.5.2-1.rc1.fc33.x86_64" + "evra": "1:2.5.2-1.rc3.fc33.x86_64" }, "libnftnl": { "evra": "1.1.7-3.fc33.x86_64" @@ -712,7 +712,7 @@ "evra": "2.36-3.fc33.x86_64" }, "libsmbclient": { - "evra": "2:4.13.2-2.fc33.x86_64" + "evra": "2:4.13.3-0.fc33.x86_64" }, "libsmbios": { "evra": "2.4.2-10.fc33.x86_64" @@ -787,7 +787,7 @@ "evra": "0.3.0-10.fc33.x86_64" }, "libwbclient": { - "evra": "2:4.13.2-2.fc33.x86_64" + "evra": "2:4.13.3-0.fc33.x86_64" }, "libxcrypt": { "evra": "4.4.17-1.fc33.x86_64" @@ -853,7 +853,7 @@ "evra": "2:0.4.0-2.fc33.x86_64" }, "mozjs78": { - "evra": "78.5.0-1.fc33.x86_64" + "evra": "78.6.0-1.fc33.x86_64" }, "mpfr": { "evra": "4.1.0-2.fc33.x86_64" @@ -877,7 +877,7 @@ "evra": "0.52.21-8.fc33.x86_64" }, "nfs-utils-coreos": { - "evra": "1:2.5.2-1.rc1.fc33.x86_64" + "evra": "1:2.5.2-1.rc3.fc33.x86_64" }, "nftables": { "evra": "1:0.9.3-6.fc33.x86_64" @@ -949,10 +949,10 @@ "evra": "8.44-2.fc33.x86_64" }, "pcre2": { - "evra": "10.35-8.fc33.x86_64" + "evra": "10.36-1.fc33.x86_64" }, "pcre2-syntax": { - "evra": "10.35-8.fc33.noarch" + "evra": "10.36-1.fc33.noarch" }, "pigz": { "evra": "2.4-7.fc33.x86_64" @@ -1033,16 +1033,16 @@ "evra": "2:1.0.0-279.dev.gitdedadbf.fc33.x86_64" }, "samba-client-libs": { - "evra": "2:4.13.2-2.fc33.x86_64" + "evra": "2:4.13.3-0.fc33.x86_64" }, "samba-common": { - "evra": "2:4.13.2-2.fc33.noarch" + "evra": "2:4.13.3-0.fc33.noarch" }, "samba-common-libs": { - "evra": "2:4.13.2-2.fc33.x86_64" + "evra": "2:4.13.3-0.fc33.x86_64" }, "samba-libs": { - "evra": "2:4.13.2-2.fc33.x86_64" + "evra": "2:4.13.3-0.fc33.x86_64" }, "sed": { "evra": "4.8-5.fc33.x86_64" @@ -1072,7 +1072,7 @@ "evra": "15-8.x86_64" }, "skopeo": { - "evra": "1:1.2.0-10.fc33.x86_64" + "evra": "1:1.2.0-13.fc33.x86_64" }, "slang": { "evra": "2.3.2-8.fc33.x86_64" @@ -1202,16 +1202,16 @@ } }, "metadata": { - "generated": "2020-12-17T21:07:34Z", + "generated": "2020-12-20T03:43:12Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2020-12-16T21:54:56Z" + "generated": "2020-12-19T22:00:30Z" }, "fedora-updates": { - "generated": "2020-12-17T00:56:01Z" + "generated": "2020-12-20T00:52:56Z" } } } From 9347c404432e257aa0892ae929b0ea7bb5526eb0 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 20 Dec 2020 21:38:16 +0000 Subject: [PATCH 003/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index c6766bb1cd..72f6fbdf8d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1202,13 +1202,13 @@ } }, "metadata": { - "generated": "2020-12-20T03:43:12Z", + "generated": "2020-12-20T21:07:41Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2020-12-19T22:00:30Z" + "generated": "2020-12-20T04:23:56Z" }, "fedora-updates": { "generated": "2020-12-20T00:52:56Z" From 39ef5c496c47d61fe06cf4f33c933d6174735797 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 21 Dec 2020 21:53:28 +0000 Subject: [PATCH 004/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 72f6fbdf8d..fef289f222 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -808,10 +808,10 @@ "evra": "2.5.1-27.fc33.x86_64" }, "linux-firmware": { - "evra": "20201118-115.fc33.noarch" + "evra": "20201218-116.fc33.noarch" }, "linux-firmware-whence": { - "evra": "20201118-115.fc33.noarch" + "evra": "20201218-116.fc33.noarch" }, "lmdb-libs": { "evra": "0.9.27-1.fc33.x86_64" @@ -1202,7 +1202,7 @@ } }, "metadata": { - "generated": "2020-12-20T21:07:41Z", + "generated": "2020-12-21T21:08:17Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1211,7 +1211,7 @@ "generated": "2020-12-20T04:23:56Z" }, "fedora-updates": { - "generated": "2020-12-20T00:52:56Z" + "generated": "2020-12-21T01:20:13Z" } } } From 9f6896a8e0f5057c43f47d1ec697a1bf77492169 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sat, 19 Dec 2020 01:59:58 -0500 Subject: [PATCH 005/489] 40ignition-ostree: silence mkfs.xfs Avoid a bunch of incidental mkfs output in the journal for ignition-ostree-transposefs-detect.service. --- .../modules.d/40ignition-ostree/ignition-ostree-transposefs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh index 54ebcc134a..f74c1bd03d 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh @@ -102,7 +102,7 @@ case "${1:-}" in # boot breaks anyway, but we still want to leave room for everything # else so it hits ENOSPC and doesn't invoke the OOM killer echo $(( $(grep MemAvailable /proc/meminfo | awk '{print $2}') * 90 / 100 ))K > /sys/block/zram"${dev}"/mem_limit - mkfs.xfs /dev/zram"${dev}" + mkfs.xfs -q /dev/zram"${dev}" mkdir "${saved_data}" mount /dev/zram"${dev}" "${saved_data}" # save the zram device number created for when called to cleanup From 33a7393a515c6be8cc89aa1fa3e358033363faac Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sat, 19 Dec 2020 02:01:44 -0500 Subject: [PATCH 006/489] coreos-boot-mount-generator: stop mounting /boot/efi On RAID systems we're now going to have multiple ESPs, no one of which is the "canonical ESP", so there's nothing we can mount here. Drop the mount unit. Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/694 --- .../system-generators/coreos-boot-mount-generator | 14 -------------- tests/kola/misc-ro | 3 --- 2 files changed, 17 deletions(-) diff --git a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator index f790b74671..d20186de0d 100755 --- a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator +++ b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator @@ -72,18 +72,4 @@ EOF # the dependency on the underlying device unit. if [ ! -f /run/ostree-live ]; then mk_mount /boot boot - - # Only mount the EFI System Partition on machines where it exists, - # which are 1) machines actually booted through EFI, and 2) x86_64 - # when booted through BIOS. - if [ "$(uname -m)" = "x86_64" -o -d /sys/firmware/efi ]; then - mk_mount /boot/efi EFI-SYSTEM - # In the general case the ESP might have per-machine or private - # data on it. Let's not make it world readable on general - # principle. - # https://github.com/coreos/fedora-coreos-tracker/issues/640 - cat >>${UNIT_DIR}/boot-efi.mount << EOF -Options=umask=0077 -EOF - fi fi diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 7fcfab8a28..4f2dfdd7f0 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -93,9 +93,6 @@ ok LICENSE case "$(arch)" in x86_64|aarch64) - if runuser -u core -- ls /boot/efi &>/dev/null; then - fatal "Was able to access /boot/efi as non-root" - fi # This is just a basic sanity check; at some point we # will implement "project-owned tests run in the pipeline" # and be able to run the existing bootupd tests: From 2b371eb1cebfb802bdf36ef36ac891de3ef27e40 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sat, 19 Dec 2020 13:51:25 -0500 Subject: [PATCH 007/489] 40ignition-ostree: rename mount_and_restore_filesystem Make it clear that mount_and_restore_filesystem locates the filesystem by FS label. --- .../40ignition-ostree/ignition-ostree-transposefs.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh index f74c1bd03d..71e193678a 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh @@ -63,7 +63,7 @@ get_partition_offset() { cat "/sys${devpath}/start" } -mount_and_restore_filesystem() { +mount_and_restore_filesystem_by_label() { local label=$1; shift local mountpoint=$1; shift local saved_fs=$1; shift @@ -167,23 +167,23 @@ case "${1:-}" in # Mounts happen in a private mount namespace since we're not "offically" mounting if [ -d "${saved_root}" ]; then echo "Restoring rootfs from RAM..." - mount_and_restore_filesystem root /sysroot "${saved_root}" + mount_and_restore_filesystem_by_label root /sysroot "${saved_root}" chcon -v --reference "${saved_root}" /sysroot # the root of the fs itself chattr +i $(ls -d /sysroot/ostree/deploy/*/deploy/*/) fi if [ -d "${saved_boot}" ]; then echo "Restoring bootfs from RAM..." - mount_and_restore_filesystem boot /sysroot/boot "${saved_boot}" + mount_and_restore_filesystem_by_label boot /sysroot/boot "${saved_boot}" chcon -v --reference "${saved_boot}" /sysroot/boot # the root of the fs itself fi if [ -d "${saved_esp}" ]; then echo "Restoring EFI System Partition from RAM..." - mount_and_restore_filesystem EFI-SYSTEM /sysroot/boot/efi "${saved_esp}" + mount_and_restore_filesystem_by_label EFI-SYSTEM /sysroot/boot/efi "${saved_esp}" fi if [ -d "${saved_bios}" ]; then echo "Restoring BIOS Boot partition and boot sector from RAM..." expected_start=$(cat "${saved_bios}/start") - # iterate over each new BIOS Boot partition, by label + # iterate over each new BIOS Boot partition, by partlabel jq -r "$(query_parttype ${bios_typeguid}) | .[].label" "${ignition_cfg}" | while read label; do cur_part="/dev/disk/by-partlabel/${label}" # boot sector hardcodes the partition start; ensure it matches @@ -201,7 +201,7 @@ case "${1:-}" in fi if [ -d "${saved_prep}" ]; then echo "Restoring PReP partition from RAM..." - # iterate over each new PReP partition, by label + # iterate over each new PReP partition, by partlabel jq -r "$(query_parttype ${prep_typeguid}) | .[].label" "${ignition_cfg}" | while read label; do cat "${saved_prep}/partition" > "/dev/disk/by-partlabel/${label}" done From b7b7eefa8032148913e4b2c61aef9e9c59924cf0 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sat, 19 Dec 2020 14:06:05 -0500 Subject: [PATCH 008/489] 40ignition-ostree: create mountpoint in mount_verbose --- .../40ignition-ostree/ignition-ostree-transposefs.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh index 71e193678a..24d22a9931 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh @@ -39,6 +39,7 @@ mount_verbose() { local srcdev=$1; shift local destdir=$1; shift echo "Mounting ${srcdev} ($(realpath "$srcdev")) to $destdir" + mkdir -p "${destdir}" mount "${srcdev}" "${destdir}" } @@ -70,7 +71,6 @@ mount_and_restore_filesystem_by_label() { local new_dev new_dev=$(jq -r "$(query_fslabel "${label}") | .[0].device" "${ignition_cfg}") udev_trigger_on_label_mismatch "${label}" "${new_dev}" - mkdir -p "${mountpoint}" mount_verbose "/dev/disk/by-label/${label}" "${mountpoint}" find "${saved_fs}" -mindepth 1 -maxdepth 1 -exec mv -t "${mountpoint}" {} \; } @@ -135,13 +135,11 @@ case "${1:-}" in fi if [ -d "${saved_boot}" ]; then echo "Moving bootfs to RAM..." - mkdir -p /sysroot/boot mount_verbose "${boot_part}" /sysroot/boot cp -aT /sysroot/boot "${saved_boot}" fi if [ -d "${saved_esp}" ]; then echo "Moving EFI System Partition to RAM..." - mkdir -p /sysroot/boot/efi mount_verbose "${esp_part}" /sysroot/boot/efi cp -aT /sysroot/boot/efi "${saved_esp}" fi From dd848b89434458499433902f9efe0a0910fa27cb Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 22 Dec 2020 15:45:22 -0500 Subject: [PATCH 009/489] 40ignition-ostree: add get_partlabels_for_parttype helper --- .../40ignition-ostree/ignition-ostree-transposefs.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh index 24d22a9931..659d18ceca 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh @@ -33,6 +33,10 @@ query_parttype() { echo ".storage?.disks? // [] | map(.partitions?) | flatten | map(select(try .typeGuid catch \"\" | ascii_downcase == \"$1\"))" } +# Print partition labels for partitions with type GUID $1 +get_partlabels_for_parttype() { + jq -r "$(query_parttype $1) | .[].label" "${ignition_cfg}" +} # Mounts device to directory, with extra logging of the src device mount_verbose() { @@ -181,8 +185,7 @@ case "${1:-}" in if [ -d "${saved_bios}" ]; then echo "Restoring BIOS Boot partition and boot sector from RAM..." expected_start=$(cat "${saved_bios}/start") - # iterate over each new BIOS Boot partition, by partlabel - jq -r "$(query_parttype ${bios_typeguid}) | .[].label" "${ignition_cfg}" | while read label; do + get_partlabels_for_parttype "${bios_typeguid}" | while read label; do cur_part="/dev/disk/by-partlabel/${label}" # boot sector hardcodes the partition start; ensure it matches cur_start=$(get_partition_offset "${cur_part}") @@ -199,8 +202,7 @@ case "${1:-}" in fi if [ -d "${saved_prep}" ]; then echo "Restoring PReP partition from RAM..." - # iterate over each new PReP partition, by partlabel - jq -r "$(query_parttype ${prep_typeguid}) | .[].label" "${ignition_cfg}" | while read label; do + get_partlabels_for_parttype "${prep_typeguid}" | while read label; do cat "${saved_prep}/partition" > "/dev/disk/by-partlabel/${label}" done fi From 16591e9fb71adcefdde87fb3d80bbf2fb698f626 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sat, 19 Dec 2020 22:36:58 -0500 Subject: [PATCH 010/489] 40ignition-ostree: copy ESP contents as independent filesystems If the firmware writes to an individual replica, the RAID will desynchronize. Linux md will return reads from either replica, and then any dependent writes could corrupt the filesystem. To prevent this, fcct will no longer put the ESP on a RAID; instead we create multiple independent filesystems and copy the contents to each. This is okay because bootupd and fwupd should be the only things that care about the contents of the ESP. Don't worry too much about backward compatibility because we're making this change soon after the functionality landed, and before it was documented. For the record, old configs will fail on new systems (because the partitions will be RAID members) but new configs will skip copying /boot on old systems (because there's no filesystem labeled "EFI-SYSTEM"). --- .../ignition-ostree-transposefs.sh | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh index 659d18ceca..fcfddfceda 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh @@ -2,6 +2,7 @@ set -euo pipefail boot_sector_size=440 +esp_typeguid=c12a7328-f81f-11d2-ba4b-00a0c93ec93b bios_typeguid=21686148-6449-6e6f-744e-656564454649 prep_typeguid=9e1a2d38-c612-4316-aa26-8b49521e5a8b @@ -84,18 +85,19 @@ case "${1:-}" in # Mounts are not in a private namespace so we can mount ${saved_data} wipes_root=$(jq "$(query_fslabel root) | length" "${ignition_cfg}") wipes_boot=$(jq "$(query_fslabel boot) | length" "${ignition_cfg}") - wipes_esp=$(jq "$(query_fslabel EFI-SYSTEM) | length" "${ignition_cfg}") + creates_esp=$(jq "$(query_parttype ${esp_typeguid}) | length" "${ignition_cfg}") creates_bios=$(jq "$(query_parttype ${bios_typeguid}) | length" "${ignition_cfg}") creates_prep=$(jq "$(query_parttype ${prep_typeguid}) | length" "${ignition_cfg}") - if [ "${wipes_root}${wipes_boot}${wipes_esp}${creates_bios}${creates_prep}" = "00000" ]; then + if [ "${wipes_root}${wipes_boot}${creates_esp}${creates_bios}${creates_prep}" = "00000" ]; then exit 0 fi echo "Detected partition replacement in fetched Ignition config: /run/ignition.json" - # verify all BIOS and PReP partitions have non-null unique labels + # verify all ESP, BIOS, and PReP partitions have non-null unique labels + unique_esp=$(jq -r "$(query_parttype ${esp_typeguid}) | [.[].label | values] | unique | length" "${ignition_cfg}") unique_bios=$(jq -r "$(query_parttype ${bios_typeguid}) | [.[].label | values] | unique | length" "${ignition_cfg}") unique_prep=$(jq -r "$(query_parttype ${prep_typeguid}) | [.[].label | values] | unique | length" "${ignition_cfg}") - if [ "${creates_bios}" != "${unique_bios}" -o "${creates_prep}" != "${unique_prep}" ]; then - echo "Found duplicate or missing BIOS-BOOT or PReP labels in config" >&2 + if [ "${creates_esp}" != "${unique_esp}" -o "${creates_bios}" != "${unique_bios}" -o "${creates_prep}" != "${unique_prep}" ]; then + echo "Found duplicate or missing ESP, BIOS-BOOT, or PReP labels in config" >&2 exit 1 fi modprobe zram num_devices=0 @@ -118,7 +120,7 @@ case "${1:-}" in if [ "${wipes_boot}" != "0" ]; then mkdir "${saved_boot}" fi - if [ "${wipes_esp}" != "0" ]; then + if [ "${creates_esp}" != "0" ]; then mkdir "${saved_esp}" fi if [ "${creates_bios}" != "0" ]; then @@ -180,7 +182,17 @@ case "${1:-}" in fi if [ -d "${saved_esp}" ]; then echo "Restoring EFI System Partition from RAM..." - mount_and_restore_filesystem_by_label EFI-SYSTEM /sysroot/boot/efi "${saved_esp}" + get_partlabels_for_parttype "${esp_typeguid}" | while read label; do + # Don't use mount_and_restore_filesystem_by_label because: + # 1. We're mounting by partlabel, not FS label + # 2. We need to copy the contents to each partition, not move + # them once + # 3. We don't need the by-label symlink to be correct and + # nothing later in boot will be mounting the filesystem + mountpoint="/mnt/esp-${label}" + mount_verbose "/dev/disk/by-partlabel/${label}" "${mountpoint}" + find "${saved_esp}" -mindepth 1 -maxdepth 1 -exec cp -a {} "${mountpoint}" \; + done fi if [ -d "${saved_bios}" ]; then echo "Restoring BIOS Boot partition and boot sector from RAM..." From 7b769f24924ad6945acf38a81736a2138d375756 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 24 Dec 2020 21:37:52 +0000 Subject: [PATCH 011/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index fef289f222..e70ef357a5 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -58,7 +58,7 @@ "evra": "32:9.11.25-2.fc33.x86_64" }, "bootupd": { - "evra": "0.2.3-2.fc33.x86_64" + "evra": "0.2.4-2.fc33.x86_64" }, "bsdtar": { "evra": "3.5.0-1.fc33.x86_64" @@ -253,7 +253,7 @@ "evra": "0.182-1.fc33.x86_64" }, "ethtool": { - "evra": "2:5.9-1.fc33.x86_64" + "evra": "2:5.10-1.fc33.x86_64" }, "expat": { "evra": "2.2.8-3.fc33.x86_64" @@ -346,7 +346,7 @@ "evra": "2.29.2-3.fc33.x86_64" }, "glib2": { - "evra": "2.66.3-1.fc33.x86_64" + "evra": "2.66.4-1.fc33.x86_64" }, "glibc": { "evra": "2.32-2.fc33.x86_64" @@ -460,13 +460,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.9.14-200.fc33.x86_64" + "evra": "5.9.15-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.9.14-200.fc33.x86_64" + "evra": "5.9.15-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.9.14-200.fc33.x86_64" + "evra": "5.9.15-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.20-17.fc33.x86_64" @@ -1168,7 +1168,7 @@ "evra": "2.36-3.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2143-1.fc33.x86_64" + "evra": "2:8.2.2146-2.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1202,16 +1202,16 @@ } }, "metadata": { - "generated": "2020-12-21T21:08:17Z", + "generated": "2020-12-24T21:07:31Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2020-12-20T04:23:56Z" + "generated": "2020-12-21T22:02:11Z" }, "fedora-updates": { - "generated": "2020-12-21T01:20:13Z" + "generated": "2020-12-24T01:04:03Z" } } } From 62bb3b5dd6d5cce6935403db09f19a48deb275b6 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 25 Dec 2020 21:35:39 +0000 Subject: [PATCH 012/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index e70ef357a5..89d09e2734 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -88,7 +88,7 @@ "evra": "4.0-1.fc33.x86_64" }, "cifs-utils": { - "evra": "6.9-4.fc33.x86_64" + "evra": "6.11-2.fc33.x86_64" }, "clevis": { "evra": "15-2.fc33.x86_64" @@ -301,7 +301,7 @@ "evra": "0.8.4-1.fc33.noarch" }, "flatpak-session-helper": { - "evra": "1.8.3-1.fc33.x86_64" + "evra": "1.8.4-1.fc33.x86_64" }, "fstrm": { "evra": "0.6.0-1.fc33.x86_64" @@ -403,10 +403,10 @@ "evra": "2.8.1-1.gitc733d23.fc33.x86_64" }, "iproute": { - "evra": "5.8.0-1.fc33.x86_64" + "evra": "5.9.0-1.fc33.x86_64" }, "iproute-tc": { - "evra": "5.8.0-1.fc33.x86_64" + "evra": "5.9.0-1.fc33.x86_64" }, "iptables": { "evra": "1.8.5-4.fc33.x86_64" @@ -802,7 +802,7 @@ "evra": "0.2.5-3.fc33.x86_64" }, "libzstd": { - "evra": "1.4.5-5.fc33.x86_64" + "evra": "1.4.7-1.fc33.x86_64" }, "linux-atm-libs": { "evra": "2.5.1-27.fc33.x86_64" @@ -1202,16 +1202,16 @@ } }, "metadata": { - "generated": "2020-12-24T21:07:31Z", + "generated": "2020-12-25T21:07:08Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2020-12-21T22:02:11Z" + "generated": "2020-12-24T21:42:30Z" }, "fedora-updates": { - "generated": "2020-12-24T01:04:03Z" + "generated": "2020-12-25T01:13:04Z" } } } From 36806050b9e871ba4c4be554909f5dc0fbb274a8 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 26 Dec 2020 21:38:25 +0000 Subject: [PATCH 013/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 89d09e2734..3642fd0f42 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -153,8 +153,14 @@ "cracklib": { "evra": "2.9.6-24.fc33.x86_64" }, + "criu": { + "evra": "3.15-1.fc33.x86_64" + }, + "criu-libs": { + "evra": "3.15-1.fc33.x86_64" + }, "crun": { - "evra": "0.16-1.fc33.x86_64" + "evra": "0.16-3.fc33.x86_64" }, "crypto-policies": { "evra": "20200918-1.git85dccc5.fc33.noarch" @@ -469,7 +475,7 @@ "evra": "5.9.15-200.fc33.x86_64" }, "kexec-tools": { - "evra": "2.0.20-17.fc33.x86_64" + "evra": "2.0.20-21.fc33.x86_64" }, "keyutils": { "evra": "1.6-5.fc33.x86_64" @@ -519,6 +525,9 @@ "libbrotli": { "evra": "1.0.9-3.fc33.x86_64" }, + "libbsd": { + "evra": "0.10.0-4.fc33.x86_64" + }, "libcap": { "evra": "2.26-8.fc33.x86_64" }, @@ -622,7 +631,7 @@ "evra": "9-8.fc33.x86_64" }, "libmaxminddb": { - "evra": "1.4.2-3.fc33.x86_64" + "evra": "1.4.3-1.fc33.x86_64" }, "libmetalink": { "evra": "0.1.3-13.fc33.x86_64" @@ -639,6 +648,9 @@ "libndp": { "evra": "1.7-6.fc33.x86_64" }, + "libnet": { + "evra": "1.1.6-20.fc33.x86_64" + }, "libnetfilter_conntrack": { "evra": "1.0.7-5.fc33.x86_64" }, @@ -988,7 +1000,7 @@ "evra": "1.18-2.fc33.x86_64" }, "procps-ng": { - "evra": "3.3.16-1.fc33.x86_64" + "evra": "3.3.16-2.fc33.x86_64" }, "protobuf-c": { "evra": "1.3.3-3.fc33.x86_64" @@ -1202,16 +1214,16 @@ } }, "metadata": { - "generated": "2020-12-25T21:07:08Z", + "generated": "2020-12-26T21:07:04Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2020-12-24T21:42:30Z" + "generated": "2020-12-25T21:43:18Z" }, "fedora-updates": { - "generated": "2020-12-25T01:13:04Z" + "generated": "2020-12-26T00:57:48Z" } } } From 4b010e4fc00bf6c766e3092169cdf7fe24af2838 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 27 Dec 2020 21:35:41 +0000 Subject: [PATCH 014/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 3642fd0f42..1deecdb2a0 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -466,13 +466,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.9.15-200.fc33.x86_64" + "evra": "5.9.16-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.9.15-200.fc33.x86_64" + "evra": "5.9.16-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.9.15-200.fc33.x86_64" + "evra": "5.9.16-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.20-21.fc33.x86_64" @@ -1214,16 +1214,16 @@ } }, "metadata": { - "generated": "2020-12-26T21:07:04Z", + "generated": "2020-12-27T21:07:01Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2020-12-25T21:43:18Z" + "generated": "2020-12-26T21:49:47Z" }, "fedora-updates": { - "generated": "2020-12-26T00:57:48Z" + "generated": "2020-12-27T00:55:57Z" } } } From 3f518b7ee2db124a87545d791dcf95a2e4669bf5 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 28 Dec 2020 21:36:56 +0000 Subject: [PATCH 015/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 1deecdb2a0..7e53c99005 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1214,16 +1214,16 @@ } }, "metadata": { - "generated": "2020-12-27T21:07:01Z", + "generated": "2020-12-28T21:07:13Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2020-12-26T21:49:47Z" + "generated": "2020-12-27T21:43:07Z" }, "fedora-updates": { - "generated": "2020-12-27T00:55:57Z" + "generated": "2020-12-28T00:56:52Z" } } } From a3abe135dd1774323ab05a3b977ac373bb7c7d27 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 29 Dec 2020 21:38:31 +0000 Subject: [PATCH 016/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 7e53c99005..1e4df3da08 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1214,7 +1214,7 @@ } }, "metadata": { - "generated": "2020-12-28T21:07:13Z", + "generated": "2020-12-29T21:07:11Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1223,7 +1223,7 @@ "generated": "2020-12-27T21:43:07Z" }, "fedora-updates": { - "generated": "2020-12-28T00:56:52Z" + "generated": "2020-12-29T00:54:57Z" } } } From 4bf0103990f3bcbde23fbb6ba12c67f572ca0754 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 30 Dec 2020 21:36:06 +0000 Subject: [PATCH 017/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 1e4df3da08..6183723ff3 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1214,7 +1214,7 @@ } }, "metadata": { - "generated": "2020-12-29T21:07:11Z", + "generated": "2020-12-30T21:07:01Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1223,7 +1223,7 @@ "generated": "2020-12-27T21:43:07Z" }, "fedora-updates": { - "generated": "2020-12-29T00:54:57Z" + "generated": "2020-12-30T01:28:11Z" } } } From 6fbdc22e636b953d30252cd686a7e90f65ecb3e8 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 31 Dec 2020 21:39:57 +0000 Subject: [PATCH 018/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 6183723ff3..cb205b2149 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1214,7 +1214,7 @@ } }, "metadata": { - "generated": "2020-12-30T21:07:01Z", + "generated": "2020-12-31T21:07:09Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1223,7 +1223,7 @@ "generated": "2020-12-27T21:43:07Z" }, "fedora-updates": { - "generated": "2020-12-30T01:28:11Z" + "generated": "2020-12-31T01:47:19Z" } } } From de5688dbe76b706f009f6a27734c7be4fae5ee2b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 1 Jan 2021 21:39:03 +0000 Subject: [PATCH 019/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index cb205b2149..f7286c06c6 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1214,7 +1214,7 @@ } }, "metadata": { - "generated": "2020-12-31T21:07:09Z", + "generated": "2021-01-01T21:07:11Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1223,7 +1223,7 @@ "generated": "2020-12-27T21:43:07Z" }, "fedora-updates": { - "generated": "2020-12-31T01:47:19Z" + "generated": "2021-01-01T02:01:30Z" } } } From ace4634a05feb23d093b7a967573ea21479fd047 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 2 Jan 2021 21:38:20 +0000 Subject: [PATCH 020/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index f7286c06c6..85c20a48a5 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1214,7 +1214,7 @@ } }, "metadata": { - "generated": "2021-01-01T21:07:11Z", + "generated": "2021-01-02T21:07:09Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1223,7 +1223,7 @@ "generated": "2020-12-27T21:43:07Z" }, "fedora-updates": { - "generated": "2021-01-01T02:01:30Z" + "generated": "2021-01-02T00:56:56Z" } } } From 085e57099ef251357388beab6452981b8ece2389 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 3 Jan 2021 21:39:45 +0000 Subject: [PATCH 021/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 85c20a48a5..4d1c59b8bf 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1171,7 +1171,7 @@ "evra": "3.0.3-1.fc33.x86_64" }, "tzdata": { - "evra": "2020d-1.fc33.noarch" + "evra": "2020f-1.fc33.noarch" }, "userspace-rcu": { "evra": "0.12.1-2.fc33.x86_64" @@ -1201,7 +1201,7 @@ "evra": "2.1.0-15.fc33.x86_64" }, "zchunk-libs": { - "evra": "1.1.5-3.fc33.x86_64" + "evra": "1.1.9-1.fc33.x86_64" }, "zincati": { "evra": "0.0.14-1.fc33.x86_64" @@ -1214,7 +1214,7 @@ } }, "metadata": { - "generated": "2021-01-02T21:07:09Z", + "generated": "2021-01-03T21:07:10Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1223,7 +1223,7 @@ "generated": "2020-12-27T21:43:07Z" }, "fedora-updates": { - "generated": "2021-01-02T00:56:56Z" + "generated": "2021-01-03T00:59:38Z" } } } From 16cc4f067a877dc946db257d612af8ef0483644c Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 4 Jan 2021 21:42:37 +0000 Subject: [PATCH 022/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 4d1c59b8bf..062812ec15 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1214,16 +1214,16 @@ } }, "metadata": { - "generated": "2021-01-03T21:07:10Z", + "generated": "2021-01-04T21:07:07Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2020-12-27T21:43:07Z" + "generated": "2021-01-03T21:44:56Z" }, "fedora-updates": { - "generated": "2021-01-03T00:59:38Z" + "generated": "2021-01-04T00:44:12Z" } } } From 94c435f03ea6f6a39ab46a3528f9029d051ebfdc Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 4 Jan 2021 15:56:48 -0500 Subject: [PATCH 023/489] 05core: re-order and rename some dracut modules Unlike `ln -sf`, `systemctl add-{requires,wants}` wants to verify that the target and member units all exist. Because we had some dracut modules which ran earlier than the `30ignition` module, we would lose the service enablements which hook into e.g. `ignition-complete.target` and related units. Let's simply rename our modules so that they're ordered after `30ignition`. While we're here, let's consistently prefix them by `coreos-`. So overall, the changes are: - `30ignition-coreos` -> `35coreos-ignition` - `20live` -> `35coreos-live` - `15coreos-network` -> `35coreos-network` I've verified that there are now no "Failed to add dependency on unit" error messages at build-time. (The next patch enforces this more strictly.) Fixes: #778 Closes: #799 --- manifests/fedora-coreos-base.yaml | 2 +- .../coreos-boot-edit.service | 0 .../coreos-boot-edit.sh | 0 .../coreos-diskful-generator | 0 .../coreos-gpt-setup.service | 0 .../coreos-gpt-setup.sh | 0 .../coreos-teardown-initramfs.service | 0 .../coreos-teardown-initramfs.sh | 0 .../{30ignition-coreos => 35coreos-ignition}/module-setup.sh | 0 .../coreos-live-clear-sssd-cache.service | 0 .../coreos-live-unmount-tmpfs-var.service | 0 .../{20live => 35coreos-live}/coreos-live-unmount-tmpfs-var.sh | 0 .../coreos-liveiso-persist-osmet.service | 0 .../coreos-liveiso-reconfigure-nm-wait-online.service | 0 .../coreos-livepxe-persist-osmet.service | 0 .../{20live => 35coreos-live}/coreos-livepxe-rootfs.service | 0 .../{20live => 35coreos-live}/coreos-livepxe-rootfs.sh | 0 .../dracut/modules.d/{20live => 35coreos-live}/is-live-image.sh | 0 .../dracut/modules.d/{20live => 35coreos-live}/live-generator | 0 .../dracut/modules.d/{20live => 35coreos-live}/module-setup.sh | 0 .../modules.d/{20live => 35coreos-live}/ostree-cmdline.sh | 0 .../50-afterburn-network-kargs-default.conf | 0 .../coreos-copy-firstboot-network.service | 0 .../coreos-copy-firstboot-network.sh | 0 .../coreos-enable-network.service | 0 .../coreos-enable-network.sh | 0 .../{15coreos-network => 35coreos-network}/module-setup.sh | 0 27 files changed, 1 insertion(+), 1 deletion(-) rename overlay.d/05core/usr/lib/dracut/modules.d/{30ignition-coreos => 35coreos-ignition}/coreos-boot-edit.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{30ignition-coreos => 35coreos-ignition}/coreos-boot-edit.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{30ignition-coreos => 35coreos-ignition}/coreos-diskful-generator (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{30ignition-coreos => 35coreos-ignition}/coreos-gpt-setup.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{30ignition-coreos => 35coreos-ignition}/coreos-gpt-setup.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{30ignition-coreos => 35coreos-ignition}/coreos-teardown-initramfs.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{30ignition-coreos => 35coreos-ignition}/coreos-teardown-initramfs.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{30ignition-coreos => 35coreos-ignition}/module-setup.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/coreos-live-clear-sssd-cache.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/coreos-live-unmount-tmpfs-var.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/coreos-live-unmount-tmpfs-var.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/coreos-liveiso-persist-osmet.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/coreos-liveiso-reconfigure-nm-wait-online.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/coreos-livepxe-persist-osmet.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/coreos-livepxe-rootfs.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/coreos-livepxe-rootfs.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/is-live-image.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/live-generator (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/module-setup.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{20live => 35coreos-live}/ostree-cmdline.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{15coreos-network => 35coreos-network}/50-afterburn-network-kargs-default.conf (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{15coreos-network => 35coreos-network}/coreos-copy-firstboot-network.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{15coreos-network => 35coreos-network}/coreos-copy-firstboot-network.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{15coreos-network => 35coreos-network}/coreos-enable-network.service (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{15coreos-network => 35coreos-network}/coreos-enable-network.sh (100%) rename overlay.d/05core/usr/lib/dracut/modules.d/{15coreos-network => 35coreos-network}/module-setup.sh (100%) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 1aa8274099..39b7fbc2f2 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -101,7 +101,7 @@ packages: - afterburn - afterburn-dracut - passwd - # Dependency of 20live dracut module + # Dependency of 35coreos-live dracut module - bsdtar # SSH - openssh-server openssh-clients diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-boot-edit.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-boot-edit.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-boot-edit.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-boot-edit.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-diskful-generator b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-diskful-generator rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-gpt-setup.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-gpt-setup.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-gpt-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-gpt-setup.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-teardown-initramfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-teardown-initramfs.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-teardown-initramfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/coreos-teardown-initramfs.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/30ignition-coreos/module-setup.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-live-clear-sssd-cache.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-live-clear-sssd-cache.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-live-unmount-tmpfs-var.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-live-unmount-tmpfs-var.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-live-unmount-tmpfs-var.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-live-unmount-tmpfs-var.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-persist-osmet.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-persist-osmet.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-reconfigure-nm-wait-online.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-reconfigure-nm-wait-online.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-reconfigure-nm-wait-online.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-reconfigure-nm-wait-online.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-livepxe-persist-osmet.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-livepxe-persist-osmet.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-livepxe-rootfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-livepxe-rootfs.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-livepxe-rootfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-livepxe-rootfs.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/is-live-image.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/is-live-image.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/module-setup.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/ostree-cmdline.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/20live/ostree-cmdline.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/50-afterburn-network-kargs-default.conf b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/50-afterburn-network-kargs-default.conf rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-copy-firstboot-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-copy-firstboot-network.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-copy-firstboot-network.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-copy-firstboot-network.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-enable-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-enable-network.service rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-enable-network.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-enable-network.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh similarity index 100% rename from overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/module-setup.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh From bdcebad9c07a7f90661865ef8001d07fda896922 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 4 Jan 2021 16:09:50 -0500 Subject: [PATCH 024/489] 05core: add `|| exit 1` to `systemctl add-{requires,wants}` calls Because dracut directly sources `module-setup.sh` scripts and isn't compatible with `set -e`, we can't just turn it on in our modules. Instead, let's just manually add `|| exit 1` in all the calls to `systemctl add-{requires,wants}` so that we catch regressions like https://github.com/coreos/fedora-coreos-config/issues/799 at build time in the future. --- .../lib/dracut/modules.d/35coreos-ignition/module-setup.sh | 4 +++- .../usr/lib/dracut/modules.d/35coreos-live/module-setup.sh | 4 +++- .../usr/lib/dracut/modules.d/35coreos-network/module-setup.sh | 4 +++- .../lib/dracut/modules.d/40ignition-ostree/module-setup.sh | 4 +++- .../usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh | 4 +++- .../lib/dracut/modules.d/99emergency-timeout/module-setup.sh | 4 +++- 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh index 03565e21e6..da869947e0 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh @@ -11,7 +11,9 @@ install_ignition_unit() { local target="${1:-ignition-complete.target}"; shift local instantiated="${1:-$unit}"; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - systemctl -q --root="$initdir" add-requires "$target" "$instantiated" + # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 + systemctl -q --root="$initdir" add-requires "$target" "$instantiated" || exit 1 } install() { diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh index 0cf81a2a20..6ae1b8e494 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh @@ -7,7 +7,9 @@ install_and_enable_unit() { unit="$1"; shift target="$1"; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - systemctl -q --root="$initdir" add-requires "$target" "$unit" + # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 + systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1 } install() { diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh index 12dec8b1b3..7c910b1b74 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh @@ -2,7 +2,9 @@ install_and_enable_unit() { unit="$1"; shift target="$1"; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - systemctl -q --root="$initdir" add-requires "$target" "$unit" + # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 + systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1 } install() { diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh index ba10fed1c4..e88b75c25e 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh @@ -10,7 +10,9 @@ install_ignition_unit() { local unit=$1; shift local target=${1:-complete} inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - systemctl -q --root="$initdir" add-requires "ignition-${target}.target" "$unit" + # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 + systemctl -q --root="$initdir" add-requires "ignition-${target}.target" "$unit" || exit 1 } install() { diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh index d5cd1b1e12..cac7b643f4 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh @@ -2,7 +2,9 @@ install_unit() { unit="$1"; shift target="$1"; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - systemctl -q --root="$initdir" add-requires "$target" "$unit" + # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 + systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1 } install() { diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh index ed4ccc57ba..63907da412 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh @@ -7,7 +7,9 @@ install_unit_wants() { local target="$1"; shift local instantiated="${1:-$unit}"; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - systemctl -q --root="$initdir" add-wants "$target" "$instantiated" + # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 + systemctl -q --root="$initdir" add-wants "$target" "$instantiated" || exit 1 } install() { From f2b88c2c547430d6d80a2ca656a8add9777bcecb Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Tue, 5 Jan 2021 16:05:09 +0000 Subject: [PATCH 025/489] overrides: drop stale Afterburn entries --- manifest-lock.overrides.aarch64.yaml | 6 ------ manifest-lock.overrides.ppc64le.yaml | 6 ------ manifest-lock.overrides.s390x.yaml | 6 ------ manifest-lock.overrides.x86_64.yaml | 6 ------ 4 files changed, 24 deletions(-) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 8e6ad8a364..92b1fb973e 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -15,9 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.aarch64 - # Fast-track Afterburn release - # https://bodhi.fedoraproject.org/updates/FEDORA-2020-94fd991213 - afterburn: - evra: 4.6.0-2.fc33.aarch64 - afterburn-dracut: - evra: 4.6.0-2.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index e9c123f612..d14f6a913b 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -15,9 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.ppc64le - # Fast-track Afterburn release - # https://bodhi.fedoraproject.org/updates/FEDORA-2020-94fd991213 - afterburn: - evra: 4.6.0-2.fc33.ppc64le - afterburn-dracut: - evra: 4.6.0-2.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index 2ff0adbc3e..da2fbcf7e2 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -15,9 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.s390x - # Fast-track Afterburn release - # https://bodhi.fedoraproject.org/updates/FEDORA-2020-94fd991213 - afterburn: - evra: 4.6.0-2.fc33.s390x - afterburn-dracut: - evra: 4.6.0-2.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 0a82913b1b..85787152ac 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -15,9 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.x86_64 - # Fast-track Afterburn release - # https://bodhi.fedoraproject.org/updates/FEDORA-2020-94fd991213 - afterburn: - evra: 4.6.0-2.fc33.x86_64 - afterburn-dracut: - evra: 4.6.0-2.fc33.x86_64 From 707107f1f4817efd4905b31e753f1c6297d217d8 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 5 Jan 2021 21:39:17 +0000 Subject: [PATCH 026/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 062812ec15..4e42a5678b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1214,7 +1214,7 @@ } }, "metadata": { - "generated": "2021-01-04T21:07:07Z", + "generated": "2021-01-05T21:07:13Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1223,7 +1223,7 @@ "generated": "2021-01-03T21:44:56Z" }, "fedora-updates": { - "generated": "2021-01-04T00:44:12Z" + "generated": "2021-01-05T00:56:35Z" } } } From b30c72bc80135c5ff2524272bf5e3d37dd57286c Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Wed, 16 Dec 2020 13:51:32 -0500 Subject: [PATCH 027/489] use WALinuxAgent-udev package for Azure udev rules BZ#1748432 was filed while working on #159 and the udev rules were split out into a separate package as part of F32. Let's stop carrying the rules in the overlay and use the provided package now. --- manifest-lock.x86_64.json | 3 ++ manifests/fedora-coreos-base.yaml | 1 + .../lib/udev/rules.d/66-azure-storage.rules | 28 ------------------- .../udev/rules.d/99-azure-product-uuid.rules | 9 ------ 4 files changed, 4 insertions(+), 37 deletions(-) delete mode 100644 overlay.d/05core/usr/lib/udev/rules.d/66-azure-storage.rules delete mode 100644 overlay.d/05core/usr/lib/udev/rules.d/99-azure-product-uuid.rules diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 4e42a5678b..b76a3e22f1 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -12,6 +12,9 @@ "NetworkManager-tui": { "evra": "1:1.26.4-1.fc33.x86_64" }, + "WALinuxAgent-udev": { + "evra": "2.2.52-1.fc33.noarch" + }, "acl": { "evra": "2.2.53-9.fc33.x86_64" }, diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 39b7fbc2f2..68e701947f 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -134,6 +134,7 @@ packages: - xfsprogs e2fsprogs btrfs-progs mdadm - cryptsetup - cifs-utils + - WALinuxAgent-udev # Time sync - chrony # Allow communication between sudo and SSSD diff --git a/overlay.d/05core/usr/lib/udev/rules.d/66-azure-storage.rules b/overlay.d/05core/usr/lib/udev/rules.d/66-azure-storage.rules deleted file mode 100644 index 5fb3693031..0000000000 --- a/overlay.d/05core/usr/lib/udev/rules.d/66-azure-storage.rules +++ /dev/null @@ -1,28 +0,0 @@ -ACTION=="add|change", SUBSYSTEM=="block", ENV{ID_VENDOR}=="Msft", ENV{ID_MODEL}=="Virtual_Disk", GOTO="azure_disk" -GOTO="azure_end" - -LABEL="azure_disk" -# Root has a GUID of 0000 as the second value -# The resource/resource has GUID of 0001 as the second value -ATTRS{device_id}=="?00000000-0000-*", ENV{fabric_name}="root", GOTO="azure_names" -ATTRS{device_id}=="?00000000-0001-*", ENV{fabric_name}="resource", GOTO="azure_names" -ATTRS{device_id}=="?00000001-0001-*", ENV{fabric_name}="BEK", GOTO="azure_names" -# Wellknown SCSI controllers -ATTRS{device_id}=="{f8b3781a-1e82-4818-a1c3-63d806ec15bb}", ENV{fabric_scsi_controller}="scsi0", GOTO="azure_datadisk" -ATTRS{device_id}=="{f8b3781b-1e82-4818-a1c3-63d806ec15bb}", ENV{fabric_scsi_controller}="scsi1", GOTO="azure_datadisk" -ATTRS{device_id}=="{f8b3781c-1e82-4818-a1c3-63d806ec15bb}", ENV{fabric_scsi_controller}="scsi2", GOTO="azure_datadisk" -ATTRS{device_id}=="{f8b3781d-1e82-4818-a1c3-63d806ec15bb}", ENV{fabric_scsi_controller}="scsi3", GOTO="azure_datadisk" -GOTO="azure_end" - -# Retrieve LUN number for datadisks -LABEL="azure_datadisk" -ENV{DEVTYPE}=="partition", PROGRAM="/bin/sh -c 'readlink /sys/class/block/%k/../device|cut -d: -f4'", ENV{fabric_name}="$env{fabric_scsi_controller}/lun$result", GOTO="azure_names" -PROGRAM="/bin/sh -c 'readlink /sys/class/block/%k/device|cut -d: -f4'", ENV{fabric_name}="$env{fabric_scsi_controller}/lun$result", GOTO="azure_names" -GOTO="azure_end" - -# Create the symlinks -LABEL="azure_names" -ENV{DEVTYPE}=="disk", SYMLINK+="disk/azure/$env{fabric_name}" -ENV{DEVTYPE}=="partition", SYMLINK+="disk/azure/$env{fabric_name}-part%n" - -LABEL="azure_end" diff --git a/overlay.d/05core/usr/lib/udev/rules.d/99-azure-product-uuid.rules b/overlay.d/05core/usr/lib/udev/rules.d/99-azure-product-uuid.rules deleted file mode 100644 index a5af9b1f48..0000000000 --- a/overlay.d/05core/usr/lib/udev/rules.d/99-azure-product-uuid.rules +++ /dev/null @@ -1,9 +0,0 @@ -SUBSYSTEM!="dmi", GOTO="product_uuid-exit" -ATTR{sys_vendor}!="Microsoft Corporation", GOTO="product_uuid-exit" -ATTR{product_name}!="Virtual Machine", GOTO="product_uuid-exit" -TEST!="/sys/devices/virtual/dmi/id/product_uuid", GOTO="product_uuid-exit" - -RUN+="/bin/chmod 0444 /sys/devices/virtual/dmi/id/product_uuid" - -LABEL="product_uuid-exit" - From 8c07b7391473910ba3884ee0d3763743805ac78f Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Wed, 16 Dec 2020 17:29:15 -0500 Subject: [PATCH 028/489] overlay: add new module for installing Azure udev rules We want the Azure udev rules present in the initrd, so that Ignition is able to detect the disks and act on them. If the udev rules end up being installed into the initramfs as part of the WALinuxAgent-udev package, the dracut module should be removed. See https://bugzilla.redhat.com/show_bug.cgi?id=1909287 --- .../25coreos-azure-udev/module-setup.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh new file mode 100644 index 0000000000..e796e89267 --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +# We want to provide Azure udev rules as part of the initrd, so that Ignition +# is able to detect disks and act on them. +# +# If the WALinuxAgent-udev package is changed to install the udev rules as +# part of the initramfs, we should drop this module. +# +# See https://bugzilla.redhat.com/show_bug.cgi?id=1909287 +# See also https://bugzilla.redhat.com/show_bug.cgi?id=1756173 + +install() { + inst_multiple \ + /usr/lib/udev/rules.d/66-azure-storage.rules \ + /usr/lib/udev/rules.d/99-azure-product-uuid.rules +} From 7f0a662ebdafdce0f36a00ab2ab9e0d719a1cbfb Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 6 Jan 2021 17:59:45 +0000 Subject: [PATCH 029/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index b76a3e22f1..2fb55d7487 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1217,16 +1217,16 @@ } }, "metadata": { - "generated": "2021-01-05T21:07:13Z", + "generated": "2021-01-06T17:28:37Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-03T21:44:56Z" + "generated": "2021-01-06T14:20:20Z" }, "fedora-updates": { - "generated": "2021-01-05T00:56:35Z" + "generated": "2021-01-06T01:13:33Z" } } } From 1de21ffa98bb22995e5b059501e1955bf52b562c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 2 Oct 2020 12:40:27 -0400 Subject: [PATCH 030/489] overlay/boot-mount-generator: Mount /boot read-only,nodev,nosuid ostree has had support for leaving `/boot` mounted read-only for a long time: https://github.com/ostreedev/ostree/pull/1767 (And then later extended to `/sysroot`) Particularly for CoreOS, only a few things should be touching `/boot`, and we control all of them. Those projects should create a new mount namespace and remount these partitions writable just while they need it. The main thing we're accomplishing here is making the system more resilient against accidental damage from a sysadmin root shell as well as configuration management tools like Puppet/Ansible. None of those should be directly manipulating files on these partitions, they should go through the API of one of our projects (e.g. `rpm-ostree kargs`, `bootupctl`) etc. While we're here, also add `nodev,nosuid` because some OS hardening scanners like to see this. IMO it's of minimal value, but hey, might as well. --- .../system-generators/coreos-boot-mount-generator | 14 ++++++++++---- tests/kola/misc-ro | 13 +++++++++---- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator index d20186de0d..cc8e418d79 100755 --- a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator +++ b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator @@ -35,8 +35,9 @@ fi mk_mount() { local mount_pt="${1}"; shift local label="${1}"; shift - local path="/dev/disk/by-label/${label}" + local options="${1}"; shift + local path="/dev/disk/by-label/${label}" local unit_name=$(systemd-escape -p ${mount_pt} --suffix=mount) eval $(udevadm info --query property --export "${path}") @@ -61,15 +62,20 @@ After=systemd-fsck@${device}.service [Mount] What=${path} Where=${mount_pt} +Options=${options} EOF add_wants "${unit_name}" } - -# Don't create mount units for /boot or /boot/efi on live systems. +# Don't create mount units for /boot on live systems. # ConditionPathExists won't work here because conditions don't affect # the dependency on the underlying device unit. if [ ! -f /run/ostree-live ]; then - mk_mount /boot boot + # We mount read-only by default mostly to protect + # against accidental damage. Only a few things + # owned by CoreOS should be touching /boot or the ESP. + # Use nodev,nosuid because some hardening guides want + # that even though it's of minimal value. + mk_mount /boot boot ro,nodev,nosuid fi diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 4f2dfdd7f0..1a777ae4b2 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -51,10 +51,15 @@ if ip link | grep -o -e " eth[0-9]:"; then fi ok nic naming -if test -w /sysroot; then - fatal "found writable /sysroot" -fi -ok sysroot ro +for part in /sysroot /boot; do + if ! findmnt -n -o options ${part} | grep -q "ro,"; then + fatal "${part} is missing ro option" + fi + if test -w "${part}" || touch "${part}/somefile" 2>/dev/null; then + fatal "${part} is writable" + fi +done +ok read-only partitions if ! lsattr -d / | grep -qe '--i--'; then fatal "missing immutable bit on /" From 51cd4932c7346e9f266ce6940044c7c7e8f80195 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 21 Dec 2020 15:18:13 -0500 Subject: [PATCH 031/489] Switch to sqlite rpmdb backend There won't be any support for writing to the bdb backend in f34, so e.g. pkglayering won't work (and obviously even composes wouldn't work once we move cosa to f34). All the production streams now have an f33 barrier release (as part of the resolved workarounds), so it should be safe to switch to sqlite now. For the other rpm-ostree-based variants, we'll probably just flip the default in rpm-ostree to sqlite in f34. But at least in FCOS, we can do this now so that we flush out any issues earlier and squash the ugly warnings when querying the rpmdb. Closes: https://github.com/coreos/fedora-coreos-tracker/issues/623 --- manifests/fedora-coreos-base.yaml | 3 +++ tests/kola/misc-ro | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 68e701947f..0f43eefbfd 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -40,6 +40,9 @@ check-groups: default-target: multi-user.target +# we can drop this when it's the rpm-ostree default +rpmdb: sqlite + # ⚠⚠⚠ ONLY TEMPORARY HACKS ALLOWED HERE; ALL ENTRIES NEED TRACKER LINKS ⚠⚠⚠ # See also the version of this in fedora-coreos.yaml postprocess: diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 1a777ae4b2..dc9e706c6b 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -116,12 +116,12 @@ if [ -n "${unlabeled}" ]; then fi ok no files with unlabeled_t SELinux label -# make sure we stick with bdb until we're ready to move to sqlite +# make sure we're using the sqlite rpmdb backend # https://github.com/coreos/fedora-coreos-tracker/issues/623 -if [ ! -f /usr/share/rpm/Packages ]; then - fatal "Didn't find bdb file /usr/share/rpm/Packages" +if [ ! -f /usr/share/rpm/rpmdb.sqlite ]; then + fatal "Didn't find file /usr/share/rpm/rpmdb.sqlite" fi -ok rpmdb is bdb +ok rpmdb is sqlite # make sure we don't default to having swap on zram # https://github.com/coreos/fedora-coreos-tracker/issues/509 From 6c72d2eea6ad570cd9be934b6b92066551b8999e Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 7 Jan 2021 21:40:47 +0000 Subject: [PATCH 032/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2fb55d7487..91d733f7f4 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -64,7 +64,7 @@ "evra": "0.2.4-2.fc33.x86_64" }, "bsdtar": { - "evra": "3.5.0-1.fc33.x86_64" + "evra": "3.5.1-1.fc33.x86_64" }, "btrfs-progs": { "evra": "5.9-1.fc33.x86_64" @@ -481,10 +481,10 @@ "evra": "2.0.20-21.fc33.x86_64" }, "keyutils": { - "evra": "1.6-5.fc33.x86_64" + "evra": "1.6.1-1.fc33.x86_64" }, "keyutils-libs": { - "evra": "1.6-5.fc33.x86_64" + "evra": "1.6.1-1.fc33.x86_64" }, "kmod": { "evra": "27-3.fc33.x86_64" @@ -508,7 +508,7 @@ "evra": "0.3.111-10.fc33.x86_64" }, "libarchive": { - "evra": "3.5.0-1.fc33.x86_64" + "evra": "3.5.1-1.fc33.x86_64" }, "libargon2": { "evra": "20171227-5.fc33.x86_64" @@ -589,7 +589,7 @@ "evra": "10.2.1-9.fc33.x86_64" }, "libgpg-error": { - "evra": "1.39-1.fc33.x86_64" + "evra": "1.41-1.fc33.x86_64" }, "libgudev": { "evra": "234-1.fc33.x86_64" @@ -1195,10 +1195,10 @@ "evra": "5.7.0-1.fc33.x86_64" }, "xz": { - "evra": "5.2.5-3.fc33.x86_64" + "evra": "5.2.5-4.fc33.x86_64" }, "xz-libs": { - "evra": "5.2.5-3.fc33.x86_64" + "evra": "5.2.5-4.fc33.x86_64" }, "yajl": { "evra": "2.1.0-15.fc33.x86_64" @@ -1217,7 +1217,7 @@ } }, "metadata": { - "generated": "2021-01-06T17:28:37Z", + "generated": "2021-01-07T21:07:28Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1226,7 +1226,7 @@ "generated": "2021-01-06T14:20:20Z" }, "fedora-updates": { - "generated": "2021-01-06T01:13:33Z" + "generated": "2021-01-07T00:55:43Z" } } } From 5165d99926f037e8103732743ac0354410b1d805 Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Fri, 8 Jan 2021 06:53:23 -0500 Subject: [PATCH 033/489] overrides: fast-track Ignition 2.9.0 --- manifest-lock.overrides.aarch64.yaml | 4 ++++ manifest-lock.overrides.ppc64le.yaml | 4 ++++ manifest-lock.overrides.s390x.yaml | 4 ++++ manifest-lock.overrides.x86_64.yaml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 92b1fb973e..5d3df6edcd 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -15,3 +15,7 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.aarch64 + # Fast-track new Ignition release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0741ae4908 + ignition: + evra: 2.9.0-1.git1d56dc8.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index d14f6a913b..db19e300d6 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -15,3 +15,7 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.ppc64le + # Fast-track new Ignition release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0741ae4908 + ignition: + evra: 2.9.0-1.git1d56dc8.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index da2fbcf7e2..ed0e2d3bc1 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -15,3 +15,7 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.s390x + # Fast-track new Ignition release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0741ae4908 + ignition: + evra: 2.9.0-1.git1d56dc8.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 85787152ac..9ceae38d1b 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -15,3 +15,7 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.x86_64 + # Fast-track new Ignition release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0741ae4908 + ignition: + evra: 2.9.0-1.git1d56dc8.fc33.x86_64 From bfa26fb1f2fc8d2889b9811159900dd9ef08c224 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 8 Jan 2021 21:56:10 +0000 Subject: [PATCH 034/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 91d733f7f4..3887423fe7 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -409,7 +409,7 @@ "evra": "0.341-1.fc33.noarch" }, "ignition": { - "evra": "2.8.1-1.gitc733d23.fc33.x86_64" + "evra": "2.9.0-1.git1d56dc8.fc33.x86_64" }, "iproute": { "evra": "5.9.0-1.fc33.x86_64" @@ -643,7 +643,7 @@ "evra": "1.0.4-12.fc33.x86_64" }, "libmodulemd": { - "evra": "2.11.0-1.fc33.x86_64" + "evra": "2.11.1-1.fc33.x86_64" }, "libmount": { "evra": "2.36-3.fc33.x86_64" @@ -1217,16 +1217,16 @@ } }, "metadata": { - "generated": "2021-01-07T21:07:28Z", + "generated": "2021-01-08T21:08:03Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-06T14:20:20Z" + "generated": "2021-01-08T18:34:53Z" }, "fedora-updates": { - "generated": "2021-01-07T00:55:43Z" + "generated": "2021-01-08T02:53:13Z" } } } From 19a67f2f2b20cf6567a3655b1fea7ff9eaad6100 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 9 Jan 2021 21:38:31 +0000 Subject: [PATCH 035/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 3887423fe7..2c4d0d9c30 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -406,7 +406,7 @@ "evra": "3.23-3.fc33.x86_64" }, "hwdata": { - "evra": "0.341-1.fc33.noarch" + "evra": "0.343-1.fc33.noarch" }, "ignition": { "evra": "2.9.0-1.git1d56dc8.fc33.x86_64" @@ -1033,10 +1033,10 @@ "evra": "4.16.0-5.fc33.x86_64" }, "rpm-ostree": { - "evra": "2020.8-1.fc33.x86_64" + "evra": "2020.10-1.fc33.x86_64" }, "rpm-ostree-libs": { - "evra": "2020.8-1.fc33.x86_64" + "evra": "2020.10-1.fc33.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.0-5.fc33.x86_64" @@ -1165,7 +1165,7 @@ "evra": "1.31-2.fc33.x86_64" }, "toolbox": { - "evra": "0.0.97-1.fc33.x86_64" + "evra": "0.0.98.1-1.fc33.x86_64" }, "tpm2-tools": { "evra": "4.3.0-1.fc33.x86_64" @@ -1217,16 +1217,16 @@ } }, "metadata": { - "generated": "2021-01-08T21:08:03Z", + "generated": "2021-01-09T21:07:10Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-08T18:34:53Z" + "generated": "2021-01-08T22:02:01Z" }, "fedora-updates": { - "generated": "2021-01-08T02:53:13Z" + "generated": "2021-01-09T01:00:45Z" } } } From 97a399175d16f84f2c1fe6bfc4fdd2ab93a80e89 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 10 Jan 2021 21:42:20 +0000 Subject: [PATCH 036/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2c4d0d9c30..cb5c0ead0d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -523,7 +523,7 @@ "evra": "0.1.1-46.fc33.x86_64" }, "libblkid": { - "evra": "2.36-3.fc33.x86_64" + "evra": "2.36.1-1.fc33.x86_64" }, "libbrotli": { "evra": "1.0.9-3.fc33.x86_64" @@ -568,7 +568,7 @@ "evra": "2.1.8-10.fc33.x86_64" }, "libfdisk": { - "evra": "2.36-3.fc33.x86_64" + "evra": "2.36.1-1.fc33.x86_64" }, "libffi": { "evra": "3.1-26.fc33.x86_64" @@ -646,7 +646,7 @@ "evra": "2.11.1-1.fc33.x86_64" }, "libmount": { - "evra": "2.36-3.fc33.x86_64" + "evra": "2.36.1-1.fc33.x86_64" }, "libndp": { "evra": "1.7-6.fc33.x86_64" @@ -661,7 +661,7 @@ "evra": "1.0.1-18.fc33.x86_64" }, "libnfsidmap": { - "evra": "1:2.5.2-1.rc3.fc33.x86_64" + "evra": "1:2.5.2-1.rc4.fc33.x86_64" }, "libnftnl": { "evra": "1.1.7-3.fc33.x86_64" @@ -724,7 +724,7 @@ "evra": "4.3.1-3.fc33.x86_64" }, "libsmartcols": { - "evra": "2.36-3.fc33.x86_64" + "evra": "2.36.1-1.fc33.x86_64" }, "libsmbclient": { "evra": "2:4.13.3-0.fc33.x86_64" @@ -793,7 +793,7 @@ "evra": "1.2.1-2.fc33.x86_64" }, "libuuid": { - "evra": "2.36-3.fc33.x86_64" + "evra": "2.36.1-1.fc33.x86_64" }, "libvarlink-util": { "evra": "19-3.fc33.x86_64" @@ -892,7 +892,7 @@ "evra": "0.52.21-8.fc33.x86_64" }, "nfs-utils-coreos": { - "evra": "1:2.5.2-1.rc3.fc33.x86_64" + "evra": "1:2.5.2-1.rc4.fc33.x86_64" }, "nftables": { "evra": "1:0.9.3-6.fc33.x86_64" @@ -1180,7 +1180,7 @@ "evra": "0.12.1-2.fc33.x86_64" }, "util-linux": { - "evra": "2.36-3.fc33.x86_64" + "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { "evra": "2:8.2.2146-2.fc33.x86_64" @@ -1217,16 +1217,16 @@ } }, "metadata": { - "generated": "2021-01-09T21:07:10Z", + "generated": "2021-01-10T21:07:23Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-08T22:02:01Z" + "generated": "2021-01-09T21:45:48Z" }, "fedora-updates": { - "generated": "2021-01-09T01:00:45Z" + "generated": "2021-01-10T00:58:01Z" } } } From c041adc2e2a41d84f372eeda261a60d914e2f033 Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Tue, 12 Jan 2021 08:22:17 -0500 Subject: [PATCH 037/489] overrides: fast-track ignition release --- manifest-lock.overrides.aarch64.yaml | 4 ++-- manifest-lock.overrides.ppc64le.yaml | 4 ++-- manifest-lock.overrides.s390x.yaml | 4 ++-- manifest-lock.overrides.x86_64.yaml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 5d3df6edcd..2f7c03a67d 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -16,6 +16,6 @@ packages: systemd-udev: evra: 246.7-1.fc33.aarch64 # Fast-track new Ignition release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0741ae4908 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a ignition: - evra: 2.9.0-1.git1d56dc8.fc33.aarch64 + evra: 2.9.0-2.git1d56dc8.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index db19e300d6..6051444d8a 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -16,6 +16,6 @@ packages: systemd-udev: evra: 246.7-1.fc33.ppc64le # Fast-track new Ignition release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0741ae4908 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a ignition: - evra: 2.9.0-1.git1d56dc8.fc33.ppc64le + evra: 2.9.0-2.git1d56dc8.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index ed0e2d3bc1..aa71824ffe 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -16,6 +16,6 @@ packages: systemd-udev: evra: 246.7-1.fc33.s390x # Fast-track new Ignition release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0741ae4908 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a ignition: - evra: 2.9.0-1.git1d56dc8.fc33.s390x + evra: 2.9.0-2.git1d56dc8.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 9ceae38d1b..239efd2f98 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -16,6 +16,6 @@ packages: systemd-udev: evra: 246.7-1.fc33.x86_64 # Fast-track new Ignition release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0741ae4908 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a ignition: - evra: 2.9.0-1.git1d56dc8.fc33.x86_64 + evra: 2.9.0-2.git1d56dc8.fc33.x86_64 From 9afd0b9f8faab379b78426aa44c68503e7a7d777 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 12 Jan 2021 22:05:09 +0000 Subject: [PATCH 038/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index cb5c0ead0d..f94e39c598 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -409,7 +409,7 @@ "evra": "0.343-1.fc33.noarch" }, "ignition": { - "evra": "2.9.0-1.git1d56dc8.fc33.x86_64" + "evra": "2.9.0-2.git1d56dc8.fc33.x86_64" }, "iproute": { "evra": "5.9.0-1.fc33.x86_64" @@ -652,7 +652,7 @@ "evra": "1.7-6.fc33.x86_64" }, "libnet": { - "evra": "1.1.6-20.fc33.x86_64" + "evra": "1.2-1.fc33.x86_64" }, "libnetfilter_conntrack": { "evra": "1.0.7-5.fc33.x86_64" @@ -1217,16 +1217,16 @@ } }, "metadata": { - "generated": "2021-01-10T21:07:23Z", + "generated": "2021-01-12T21:15:14Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-09T21:45:48Z" + "generated": "2021-01-12T14:15:24Z" }, "fedora-updates": { - "generated": "2021-01-10T00:58:01Z" + "generated": "2021-01-12T01:12:22Z" } } } From b7d199f860487580e5833459fae90f6da7141b58 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 13 Jan 2021 21:42:18 +0000 Subject: [PATCH 039/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index f94e39c598..eee0f63090 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -145,10 +145,10 @@ "evra": "0.7.2-1.fc33.x86_64" }, "coreutils": { - "evra": "8.32-12.fc33.x86_64" + "evra": "8.32-15.fc33.x86_64" }, "coreutils-common": { - "evra": "8.32-12.fc33.x86_64" + "evra": "8.32-15.fc33.x86_64" }, "cpio": { "evra": "2.13-8.fc33.x86_64" @@ -337,7 +337,7 @@ "evra": "3.9.4-1.fc33.x86_64" }, "fwupd": { - "evra": "1.5.4-1.fc33.x86_64" + "evra": "1.5.5-1.fc33.x86_64" }, "gawk": { "evra": "5.1.0-2.fc33.x86_64" @@ -1217,7 +1217,7 @@ } }, "metadata": { - "generated": "2021-01-12T21:15:14Z", + "generated": "2021-01-13T21:07:38Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1226,7 +1226,7 @@ "generated": "2021-01-12T14:15:24Z" }, "fedora-updates": { - "generated": "2021-01-12T01:12:22Z" + "generated": "2021-01-13T01:06:15Z" } } } From 742099ce57973bd73c0e51169764a6369834d9bc Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 15 Jan 2021 21:51:34 +0000 Subject: [PATCH 040/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index eee0f63090..c439f2c983 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -49,16 +49,16 @@ "evra": "1:2.8-9.fc33.noarch" }, "bind-libs": { - "evra": "32:9.11.25-2.fc33.x86_64" + "evra": "32:9.11.26-2.fc33.x86_64" }, "bind-libs-lite": { - "evra": "32:9.11.25-2.fc33.x86_64" + "evra": "32:9.11.26-2.fc33.x86_64" }, "bind-license": { - "evra": "32:9.11.25-2.fc33.noarch" + "evra": "32:9.11.26-2.fc33.noarch" }, "bind-utils": { - "evra": "32:9.11.25-2.fc33.x86_64" + "evra": "32:9.11.26-2.fc33.x86_64" }, "bootupd": { "evra": "0.2.4-2.fc33.x86_64" @@ -469,13 +469,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.9.16-200.fc33.x86_64" + "evra": "5.10.6-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.9.16-200.fc33.x86_64" + "evra": "5.10.6-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.9.16-200.fc33.x86_64" + "evra": "5.10.6-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.20-21.fc33.x86_64" @@ -613,7 +613,7 @@ "evra": "2.4.0-4.fc33.x86_64" }, "libjcat": { - "evra": "0.1.4-1.fc33.x86_64" + "evra": "0.1.5-1.fc33.x86_64" }, "libjose": { "evra": "10-8.fc33.x86_64" @@ -643,7 +643,7 @@ "evra": "1.0.4-12.fc33.x86_64" }, "libmodulemd": { - "evra": "2.11.1-1.fc33.x86_64" + "evra": "2.11.2-2.fc33.x86_64" }, "libmount": { "evra": "2.36.1-1.fc33.x86_64" @@ -1027,10 +1027,10 @@ "evra": "1.2.5-5.rc1.fc33.3.x86_64" }, "rpm": { - "evra": "4.16.0-5.fc33.x86_64" + "evra": "4.16.1.2-1.fc33.x86_64" }, "rpm-libs": { - "evra": "4.16.0-5.fc33.x86_64" + "evra": "4.16.1.2-1.fc33.x86_64" }, "rpm-ostree": { "evra": "2020.10-1.fc33.x86_64" @@ -1039,7 +1039,7 @@ "evra": "2020.10-1.fc33.x86_64" }, "rpm-plugin-selinux": { - "evra": "4.16.0-5.fc33.x86_64" + "evra": "4.16.1.2-1.fc33.x86_64" }, "rsync": { "evra": "3.2.3-3.fc33.x86_64" @@ -1217,16 +1217,16 @@ } }, "metadata": { - "generated": "2021-01-13T21:07:38Z", + "generated": "2021-01-15T21:08:31Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-12T14:15:24Z" + "generated": "2021-01-13T21:50:59Z" }, "fedora-updates": { - "generated": "2021-01-13T01:06:15Z" + "generated": "2021-01-15T01:18:02Z" } } } From 8b571be68ed8b2d7909f55b53c30b98757569eba Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 16 Jan 2021 21:35:58 +0000 Subject: [PATCH 041/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index c439f2c983..84d3e85003 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -310,7 +310,7 @@ "evra": "0.8.4-1.fc33.noarch" }, "flatpak-session-helper": { - "evra": "1.8.4-1.fc33.x86_64" + "evra": "1.10.0-1.fc33.x86_64" }, "fstrm": { "evra": "0.6.0-1.fc33.x86_64" @@ -469,13 +469,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.10.6-200.fc33.x86_64" + "evra": "5.10.7-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.10.6-200.fc33.x86_64" + "evra": "5.10.7-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.10.6-200.fc33.x86_64" + "evra": "5.10.7-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.20-21.fc33.x86_64" @@ -1165,7 +1165,7 @@ "evra": "1.31-2.fc33.x86_64" }, "toolbox": { - "evra": "0.0.98.1-1.fc33.x86_64" + "evra": "0.0.99-1.fc33.x86_64" }, "tpm2-tools": { "evra": "4.3.0-1.fc33.x86_64" @@ -1217,7 +1217,7 @@ } }, "metadata": { - "generated": "2021-01-15T21:08:31Z", + "generated": "2021-01-16T21:07:18Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1226,7 +1226,7 @@ "generated": "2021-01-13T21:50:59Z" }, "fedora-updates": { - "generated": "2021-01-15T01:18:02Z" + "generated": "2021-01-16T01:10:27Z" } } } From 7ba0b1b106ce0b89bc84b917b90b725527c60c9e Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 17 Jan 2021 21:37:05 +0000 Subject: [PATCH 042/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 84d3e85003..cb0e8f2160 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -307,7 +307,7 @@ "evra": "1:4.7.0-7.fc33.x86_64" }, "firewalld-filesystem": { - "evra": "0.8.4-1.fc33.noarch" + "evra": "0.8.6-1.fc33.noarch" }, "flatpak-session-helper": { "evra": "1.10.0-1.fc33.x86_64" @@ -1063,10 +1063,10 @@ "evra": "4.8-5.fc33.x86_64" }, "selinux-policy": { - "evra": "3.14.6-33.fc33.noarch" + "evra": "3.14.6-34.fc33.noarch" }, "selinux-policy-targeted": { - "evra": "3.14.6-33.fc33.noarch" + "evra": "3.14.6-34.fc33.noarch" }, "setup": { "evra": "2.13.7-2.fc33.noarch" @@ -1217,16 +1217,16 @@ } }, "metadata": { - "generated": "2021-01-16T21:07:18Z", + "generated": "2021-01-17T21:07:18Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-13T21:50:59Z" + "generated": "2021-01-16T21:42:46Z" }, "fedora-updates": { - "generated": "2021-01-16T01:10:27Z" + "generated": "2021-01-17T01:29:27Z" } } } From 9da46add641df8580c0003f710e838502bb9d3f0 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 18 Jan 2021 21:39:12 +0000 Subject: [PATCH 043/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index cb0e8f2160..f0e50f951c 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -358,13 +358,13 @@ "evra": "2.66.4-1.fc33.x86_64" }, "glibc": { - "evra": "2.32-2.fc33.x86_64" + "evra": "2.32-3.fc33.x86_64" }, "glibc-all-langpacks": { - "evra": "2.32-2.fc33.x86_64" + "evra": "2.32-3.fc33.x86_64" }, "glibc-common": { - "evra": "2.32-2.fc33.x86_64" + "evra": "2.32-3.fc33.x86_64" }, "gmp": { "evra": "1:6.2.0-5.fc33.x86_64" @@ -643,7 +643,7 @@ "evra": "1.0.4-12.fc33.x86_64" }, "libmodulemd": { - "evra": "2.11.2-2.fc33.x86_64" + "evra": "2.12.0-1.fc33.x86_64" }, "libmount": { "evra": "2.36.1-1.fc33.x86_64" @@ -1217,16 +1217,16 @@ } }, "metadata": { - "generated": "2021-01-17T21:07:18Z", + "generated": "2021-01-18T21:08:20Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-16T21:42:46Z" + "generated": "2021-01-17T21:46:28Z" }, "fedora-updates": { - "generated": "2021-01-17T01:29:27Z" + "generated": "2021-01-18T01:24:53Z" } } } From 10a04860386c6357797c5c0b30fc7f05b26c5589 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 19 Jan 2021 21:38:36 +0000 Subject: [PATCH 044/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index f0e50f951c..8123013f49 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1217,16 +1217,16 @@ } }, "metadata": { - "generated": "2021-01-18T21:08:20Z", + "generated": "2021-01-19T21:07:35Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-17T21:46:28Z" + "generated": "2021-01-18T21:49:34Z" }, "fedora-updates": { - "generated": "2021-01-18T01:24:53Z" + "generated": "2021-01-19T02:15:00Z" } } } From 505ed511a4597997b923cfe1657a1332596bf6b6 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 14 Jan 2021 15:49:49 -0500 Subject: [PATCH 045/489] coreos-growpart: drop support for growing multipathed disks The model we're moving towards is one where multipath enablement is configured via Ignition and so only takes effect on the next boot: https://github.com/openshift/os/pull/484#issuecomment-760454177 Therefore, we don't need to worry here about support for growing a multipathed root partition. This simplifies a big chunk of the script. --- .../40ignition-ostree/coreos-growpart | 50 ++++++------------- 1 file changed, 15 insertions(+), 35 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-growpart b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-growpart index f32fcee065..224bb3e974 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-growpart +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-growpart @@ -45,43 +45,23 @@ case "${TYPE:-}" in *) echo "error: Unsupported filesystem for ${path}: '${TYPE:-}'" 1>&2; exit 1 ;; esac -if [[ "${src}" =~ "/dev/mapper" ]]; then - eval $(udevadm info --query property --export "${src}") - # get the partition, if any, and the name for the device mapper - partition="${ID_PART_ENTRY_NUMBER:-}" - dm_name="${DM_NAME//$partition/}" - # identify the type of device mapper. - subsystem=$(dmsetup info ${dm_name} -C -o subsystem --noheadings) - - # for now, we only support multipath devices - if [ "${subsystem}" == "mpath" ] && [ -n "${partition}" ]; then - # growpart does not understand device mapper, instead of having sfdisk inform the kernel, - # use kpartx to inform the kernel and the device mapper linear maps. - echo ", +" | sfdisk --no-reread --no-tell-kernel --force -N "${ID_PART_ENTRY_NUMBER}" "/dev/mapper/${dm_name}" - kpartx -fu /dev/mapper/${dm_name} - else - echo "coreos-growpart: unsupported device-mapper target: ${dm_name}" - exit 0 - fi +if test "${TYPE:-}" = "btrfs"; then + # Theoretically btrfs can have multiple devices, but when + # we start we will always have exactly one. + devpath=$(btrfs device usage /sysroot | grep /dev | cut -f 1 -d ,) + devpath=$(realpath /sys/class/block/${devpath#/dev/}) else - if test "${TYPE:-}" = "btrfs"; then - # Theoretically btrfs can have multiple devices, but when - # we start we will always have exactly one. - devpath=$(btrfs device usage /sysroot | grep /dev | cut -f 1 -d ,) - devpath=$(realpath /sys/class/block/${devpath#/dev/}) - else - # Handle traditional disk/partitions - majmin=$(findmnt -nvr -o MAJ:MIN "$path" | tail -n1) - devpath=$(realpath "/sys/dev/block/$majmin") - fi - partition="${partition:-$(cat "$devpath/partition")}" - parent_path=$(dirname "$devpath") - parent_device=/dev/$(basename "${parent_path}") - - # TODO: make this idempotent, and don't error out if - # we can't resize. - growpart "${parent_device}" "${partition}" || true + # Handle traditional disk/partitions + majmin=$(findmnt -nvr -o MAJ:MIN "$path" | tail -n1) + devpath=$(realpath "/sys/dev/block/$majmin") fi +partition="${partition:-$(cat "$devpath/partition")}" +parent_path=$(dirname "$devpath") +parent_device=/dev/$(basename "${parent_path}") + +# TODO: make this idempotent, and don't error out if +# we can't resize. +growpart "${parent_device}" "${partition}" || true # Wipe any filesystem signatures from the extended partition that don't # correspond to the FS type we detected earlier. From 3e3fdd3cdd525516d0721690187db8a7d3a6ce16 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 13 Jan 2021 16:58:35 -0500 Subject: [PATCH 046/489] coreos-teardown-initramfs: make Description use Title Case That's the convention for systemd unit descriptions. --- .../35coreos-ignition/coreos-teardown-initramfs.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service index a2131afcbc..060530e721 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service @@ -3,7 +3,7 @@ # https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763 [Unit] -Description=CoreOS Tear down initramfs +Description=CoreOS Tear Down Initramfs DefaultDependencies=false # We want to run the teardown after all other Ignition stages From 793b0ff482b4ebe97e0474fdaa2a9010d74f8de8 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 19 Jan 2021 11:39:24 -0500 Subject: [PATCH 047/489] Add python3-libs to exclude list This was in rawhide due to sudo but will drop out now with https://src.fedoraproject.org/rpms/sudo/pull-request/21. Let's exclude it here to make sure we catch it more easily in the future. --- manifests/fedora-coreos.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/fedora-coreos.yaml b/manifests/fedora-coreos.yaml index c92effcd71..1d43b2873f 100644 --- a/manifests/fedora-coreos.yaml +++ b/manifests/fedora-coreos.yaml @@ -85,7 +85,9 @@ remove-files: exclude-packages: - python - python2 + - python2-libs - python3 + - python3-libs - perl - nodejs - dnf From d7a3c856a78160c5dbbc3863563cbbe3b90a4376 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 20 Jan 2021 21:44:04 +0000 Subject: [PATCH 048/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 8123013f49..16c3e43870 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -469,13 +469,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.10.7-200.fc33.x86_64" + "evra": "5.10.8-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.10.7-200.fc33.x86_64" + "evra": "5.10.8-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.10.7-200.fc33.x86_64" + "evra": "5.10.8-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.20-21.fc33.x86_64" @@ -1099,7 +1099,7 @@ "evra": "1.1.8-4.fc33.x86_64" }, "socat": { - "evra": "1.7.3.4-3.fc33.x86_64" + "evra": "1.7.4.1-1.fc33.x86_64" }, "sqlite-libs": { "evra": "3.34.0-1.fc33.x86_64" @@ -1138,7 +1138,7 @@ "evra": "2.4.0-4.fc33.x86_64" }, "sudo": { - "evra": "1.9.2-1.fc33.x86_64" + "evra": "1.9.5p1-1.fc33.x86_64" }, "systemd": { "evra": "246.7-1.fc33.x86_64" @@ -1217,7 +1217,7 @@ } }, "metadata": { - "generated": "2021-01-19T21:07:35Z", + "generated": "2021-01-20T21:09:35Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1226,7 +1226,7 @@ "generated": "2021-01-18T21:49:34Z" }, "fedora-updates": { - "generated": "2021-01-19T02:15:00Z" + "generated": "2021-01-20T01:19:08Z" } } } From 8aa57b012c13dba910cead3d0f0bd8574449308f Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 20 Jan 2021 15:53:31 -0500 Subject: [PATCH 049/489] 40ignition-ostree: make transposefs-related errors hard Noticed that `ignition-ostree-transposefs-save.service` didn't break the boot immediately after an error while debugging logs with @mike-nguyen. Let's cargo-cult the `OnFailure` bits into those services too. I think we may still be suffering from https://github.com/systemd/systemd/issues/14142 in RHEL systemd. --- .../ignition-ostree-transposefs-detect.service | 2 ++ .../ignition-ostree-transposefs-restore.service | 2 ++ .../40ignition-ostree/ignition-ostree-transposefs-save.service | 2 ++ 3 files changed, 6 insertions(+) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service index 495949ed2a..389dc9eedf 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service @@ -6,6 +6,8 @@ Before=ignition-disks.service Before=initrd-root-fs.target Before=sysroot.mount ConditionKernelCommandLine=ostree +OnFailure=emergency.target +OnFailureJobMode=isolate # This stage requires udevd to detect disks Requires=systemd-udevd.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service index 0b6d1449fc..4eca578934 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service @@ -6,6 +6,8 @@ After=ignition-disks.service After=ignition-ostree-uuid-root.service Before=ignition-ostree-growfs.service Before=ignition-ostree-mount-firstboot-sysroot.service +OnFailure=emergency.target +OnFailureJobMode=isolate ConditionKernelCommandLine=ostree ConditionPathIsDirectory=/run/ignition-ostree-transposefs diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service index 591da2d9af..bc03499ecb 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service @@ -8,6 +8,8 @@ ConditionPathIsDirectory=/run/ignition-ostree-transposefs # Any services looking at mounts need to order after this # because it causes device re-probing. After=coreos-gpt-setup.service +OnFailure=emergency.target +OnFailureJobMode=isolate [Service] Type=oneshot From 076ba7c0917db6d2d2d12c82f0251d5eff32651a Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 22 Jan 2021 21:41:55 +0000 Subject: [PATCH 050/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 30 +++++++++--------------------- 1 file changed, 9 insertions(+), 21 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 16c3e43870..f211a22d1d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -67,7 +67,7 @@ "evra": "3.5.1-1.fc33.x86_64" }, "btrfs-progs": { - "evra": "5.9-1.fc33.x86_64" + "evra": "5.10-1.fc33.x86_64" }, "bubblewrap": { "evra": "0.4.1-2.fc33.x86_64" @@ -190,7 +190,7 @@ "evra": "1:1.12.20-2.fc33.x86_64" }, "dbus-broker": { - "evra": "24-1.fc33.x86_64" + "evra": "26-1.fc33.x86_64" }, "dbus-common": { "evra": "1:1.12.20-2.fc33.noarch" @@ -223,7 +223,7 @@ "evra": "3.7-7.fc33.x86_64" }, "dnsmasq": { - "evra": "2.82-3.fc33.x86_64" + "evra": "2.83-1.fc33.x86_64" }, "dosfstools": { "evra": "4.1-12.fc33.x86_64" @@ -343,7 +343,7 @@ "evra": "5.1.0-2.fc33.x86_64" }, "gdisk": { - "evra": "1.0.5-2.fc33.x86_64" + "evra": "1.0.6-1.fc33.x86_64" }, "gettext": { "evra": "0.21-3.fc33.x86_64" @@ -405,9 +405,6 @@ "hostname": { "evra": "3.23-3.fc33.x86_64" }, - "hwdata": { - "evra": "0.343-1.fc33.noarch" - }, "ignition": { "evra": "2.9.0-2.git1d56dc8.fc33.x86_64" }, @@ -598,7 +595,7 @@ "evra": "0.3.5-1.fc33.x86_64" }, "libibverbs": { - "evra": "32.0-1.fc33.x86_64" + "evra": "33.0-1.fc33.x86_64" }, "libicu": { "evra": "67.1-4.fc33.x86_64" @@ -730,7 +727,7 @@ "evra": "2:4.13.3-0.fc33.x86_64" }, "libsmbios": { - "evra": "2.4.2-10.fc33.x86_64" + "evra": "2.4.3-1.fc33.x86_64" }, "libsolv": { "evra": "0.7.15-1.fc33.x86_64" @@ -954,12 +951,6 @@ "passwd": { "evra": "0.80-9.fc33.x86_64" }, - "pciutils": { - "evra": "3.6.4-2.fc33.x86_64" - }, - "pciutils-libs": { - "evra": "3.6.4-2.fc33.x86_64" - }, "pcre": { "evra": "8.44-2.fc33.x86_64" }, @@ -1017,9 +1008,6 @@ "qrencode-libs": { "evra": "4.0.2-6.fc33.x86_64" }, - "rdma-core": { - "evra": "32.0-1.fc33.x86_64" - }, "readline": { "evra": "8.0-5.fc33.x86_64" }, @@ -1217,16 +1205,16 @@ } }, "metadata": { - "generated": "2021-01-20T21:09:35Z", + "generated": "2021-01-22T21:07:27Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-18T21:49:34Z" + "generated": "2021-01-21T21:44:52Z" }, "fedora-updates": { - "generated": "2021-01-20T01:19:08Z" + "generated": "2021-01-22T01:20:44Z" } } } From 83fc64505321ae98cae39220f0ecff07c1e3d524 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 23 Jan 2021 21:35:34 +0000 Subject: [PATCH 051/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index f211a22d1d..ef2aafbc19 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -310,7 +310,7 @@ "evra": "0.8.6-1.fc33.noarch" }, "flatpak-session-helper": { - "evra": "1.10.0-1.fc33.x86_64" + "evra": "1.10.1-1.fc33.x86_64" }, "fstrm": { "evra": "0.6.0-1.fc33.x86_64" @@ -466,13 +466,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.10.8-200.fc33.x86_64" + "evra": "5.10.9-201.fc33.x86_64" }, "kernel-core": { - "evra": "5.10.8-200.fc33.x86_64" + "evra": "5.10.9-201.fc33.x86_64" }, "kernel-modules": { - "evra": "5.10.8-200.fc33.x86_64" + "evra": "5.10.9-201.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.20-21.fc33.x86_64" @@ -1205,16 +1205,16 @@ } }, "metadata": { - "generated": "2021-01-22T21:07:27Z", + "generated": "2021-01-23T21:07:28Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-21T21:44:52Z" + "generated": "2021-01-22T21:51:46Z" }, "fedora-updates": { - "generated": "2021-01-22T01:20:44Z" + "generated": "2021-01-23T01:01:20Z" } } } From 1d28accccc15f15a8efcbf2c8d16f6c5792cee91 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 24 Jan 2021 21:35:08 +0000 Subject: [PATCH 052/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index ef2aafbc19..0f6c9c903a 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -234,9 +234,6 @@ "dracut-network": { "evra": "050-64.git20200529.fc33.x86_64" }, - "dracut-squash": { - "evra": "050-64.git20200529.fc33.x86_64" - }, "e2fsprogs": { "evra": "1.45.6-4.fc33.x86_64" }, @@ -475,7 +472,7 @@ "evra": "5.10.9-201.fc33.x86_64" }, "kexec-tools": { - "evra": "2.0.20-21.fc33.x86_64" + "evra": "2.0.21-4.fc33.x86_64" }, "keyutils": { "evra": "1.6.1-1.fc33.x86_64" @@ -1092,9 +1089,6 @@ "sqlite-libs": { "evra": "3.34.0-1.fc33.x86_64" }, - "squashfs-tools": { - "evra": "4.4-2.20200513gitc570c61.fc33.x86_64" - }, "ssh-key-dir": { "evra": "0.1.2-5.fc33.x86_64" }, @@ -1205,16 +1199,16 @@ } }, "metadata": { - "generated": "2021-01-23T21:07:28Z", + "generated": "2021-01-24T21:07:32Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-22T21:51:46Z" + "generated": "2021-01-23T21:42:23Z" }, "fedora-updates": { - "generated": "2021-01-23T01:01:20Z" + "generated": "2021-01-24T01:19:58Z" } } } From efc6d79515831233b312eb6d4c767b43c5807c15 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sun, 24 Jan 2021 14:16:18 +0000 Subject: [PATCH 053/489] overlay: Disable systemd-firstboot even if installed I'm trying to hack on systemd using `cosa build-fast`, which doesn't run through the `remove-from-packages` path which we use to disable systemd-firstboot. Let's also add this cheap mechanism to disable it even if it's installed. --- manifests/ignition-and-ostree.yaml | 3 ++- .../system/systemd-firstboot.service.d/fcos-disable.conf | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf diff --git a/manifests/ignition-and-ostree.yaml b/manifests/ignition-and-ostree.yaml index 3ac0667137..668d8b2ffa 100644 --- a/manifests/ignition-and-ostree.yaml +++ b/manifests/ignition-and-ostree.yaml @@ -27,7 +27,8 @@ packages: remove-from-packages: # We don't want systemd-firstboot.service. It conceptually conflicts with - # Ignition. + # Ignition. We also inject runtime bits to disable it in systemd-firstboot.service.d/fcos-disable.conf + # to make it easier to use systemd builds from git. - [systemd, /usr/bin/systemd-firstboot, /usr/lib/systemd/system/systemd-firstboot.service, /usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service] diff --git a/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf b/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf new file mode 100644 index 0000000000..cbda0b99ae --- /dev/null +++ b/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf @@ -0,0 +1,6 @@ +# Disable systemd-firstboot because it conflicts with Ignition. +# In most cases this is handled via the remove-from-packages +# bits in the manifest (ignition-and-ostree.yaml), but +# we want to support overlaying builds of systemd from git. +[Unit] +ConditionPathExists=/run/nosuchfile From ee7d2f6c1c1514778011f33a95cea51758b4c6c1 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 25 Jan 2021 21:59:09 +0000 Subject: [PATCH 054/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 0f6c9c903a..505bd56dd6 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -49,16 +49,16 @@ "evra": "1:2.8-9.fc33.noarch" }, "bind-libs": { - "evra": "32:9.11.26-2.fc33.x86_64" + "evra": "32:9.11.27-1.fc33.x86_64" }, "bind-libs-lite": { - "evra": "32:9.11.26-2.fc33.x86_64" + "evra": "32:9.11.27-1.fc33.x86_64" }, "bind-license": { - "evra": "32:9.11.26-2.fc33.noarch" + "evra": "32:9.11.27-1.fc33.noarch" }, "bind-utils": { - "evra": "32:9.11.26-2.fc33.x86_64" + "evra": "32:9.11.27-1.fc33.x86_64" }, "bootupd": { "evra": "0.2.4-2.fc33.x86_64" @@ -889,7 +889,7 @@ "evra": "1:2.5.2-1.rc4.fc33.x86_64" }, "nftables": { - "evra": "1:0.9.3-6.fc33.x86_64" + "evra": "1:0.9.3-7.fc33.x86_64" }, "nmap-ncat": { "evra": "2:7.80-5.fc33.x86_64" @@ -1199,16 +1199,16 @@ } }, "metadata": { - "generated": "2021-01-24T21:07:32Z", + "generated": "2021-01-25T21:10:16Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-23T21:42:23Z" + "generated": "2021-01-24T21:44:36Z" }, "fedora-updates": { - "generated": "2021-01-24T01:19:58Z" + "generated": "2021-01-25T00:54:50Z" } } } From 59d862db0789312b3e28c41c9e5131f6a31e0e5f Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 26 Jan 2021 21:43:09 +0000 Subject: [PATCH 055/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 505bd56dd6..aa23a6258b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1199,16 +1199,16 @@ } }, "metadata": { - "generated": "2021-01-25T21:10:16Z", + "generated": "2021-01-26T21:09:58Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-24T21:44:36Z" + "generated": "2021-01-25T22:07:37Z" }, "fedora-updates": { - "generated": "2021-01-25T00:54:50Z" + "generated": "2021-01-26T01:49:56Z" } } } From 6fe1cff5ade8bc7489b6ab542d6f3cb5c92d9082 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 27 Jan 2021 12:59:15 -0500 Subject: [PATCH 056/489] overrides: pin sudo to 1.9.5p2-1.fc33 for CVE-2021-3156 --- manifest-lock.overrides.aarch64.yaml | 4 ++++ manifest-lock.overrides.ppc64le.yaml | 4 ++++ manifest-lock.overrides.s390x.yaml | 4 ++++ manifest-lock.overrides.x86_64.yaml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 2f7c03a67d..97d95a8fb1 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -19,3 +19,7 @@ packages: # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a ignition: evra: 2.9.0-2.git1d56dc8.fc33.aarch64 + # CVE-2021-3156 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a + sudo: + evra: 1.9.5p2-1.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index 6051444d8a..bd1e6fb0b5 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -19,3 +19,7 @@ packages: # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a ignition: evra: 2.9.0-2.git1d56dc8.fc33.ppc64le + # CVE-2021-3156 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a + sudo: + evra: 1.9.5p2-1.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index aa71824ffe..eb5e3e2e78 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -19,3 +19,7 @@ packages: # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a ignition: evra: 2.9.0-2.git1d56dc8.fc33.s390x + # CVE-2021-3156 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a + sudo: + evra: 1.9.5p2-1.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 239efd2f98..5a40f73d36 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -19,3 +19,7 @@ packages: # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a ignition: evra: 2.9.0-2.git1d56dc8.fc33.x86_64 + # CVE-2021-3156 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a + sudo: + evra: 1.9.5p2-1.fc33.x86_64 From 24ec495d914f75a7b1bb2b1973193724b85978ae Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 28 Jan 2021 14:27:23 -0500 Subject: [PATCH 057/489] overrides: drop graduated overrides --- manifest-lock.overrides.aarch64.yaml | 8 -------- manifest-lock.overrides.ppc64le.yaml | 8 -------- manifest-lock.overrides.s390x.yaml | 8 -------- manifest-lock.overrides.x86_64.yaml | 8 -------- 4 files changed, 32 deletions(-) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 97d95a8fb1..92b1fb973e 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -15,11 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.aarch64 - # Fast-track new Ignition release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a - ignition: - evra: 2.9.0-2.git1d56dc8.fc33.aarch64 - # CVE-2021-3156 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a - sudo: - evra: 1.9.5p2-1.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index bd1e6fb0b5..d14f6a913b 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -15,11 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.ppc64le - # Fast-track new Ignition release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a - ignition: - evra: 2.9.0-2.git1d56dc8.fc33.ppc64le - # CVE-2021-3156 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a - sudo: - evra: 1.9.5p2-1.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index eb5e3e2e78..da2fbcf7e2 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -15,11 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.s390x - # Fast-track new Ignition release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a - ignition: - evra: 2.9.0-2.git1d56dc8.fc33.s390x - # CVE-2021-3156 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a - sudo: - evra: 1.9.5p2-1.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 5a40f73d36..85787152ac 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -15,11 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.x86_64 - # Fast-track new Ignition release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c1659799a - ignition: - evra: 2.9.0-2.git1d56dc8.fc33.x86_64 - # CVE-2021-3156 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a - sudo: - evra: 1.9.5p2-1.fc33.x86_64 From 0d7d64ed4a2c3df4d41f54554a33ff7bf7d1751d Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 28 Jan 2021 21:45:35 +0000 Subject: [PATCH 058/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index aa23a6258b..7c117d354b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -163,7 +163,7 @@ "evra": "3.15-1.fc33.x86_64" }, "crun": { - "evra": "0.16-3.fc33.x86_64" + "evra": "0.17-1.fc33.x86_64" }, "crypto-policies": { "evra": "20200918-1.git85dccc5.fc33.noarch" @@ -322,7 +322,7 @@ "evra": "2.9.9-10.fc33.x86_64" }, "fuse-overlayfs": { - "evra": "1.3.0-1.fc33.x86_64" + "evra": "1.4.0-1.fc33.x86_64" }, "fuse-sshfs": { "evra": "3.7.1-1.fc33.x86_64" @@ -463,13 +463,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.10.9-201.fc33.x86_64" + "evra": "5.10.10-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.10.9-201.fc33.x86_64" + "evra": "5.10.10-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.10.9-201.fc33.x86_64" + "evra": "5.10.10-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.21-4.fc33.x86_64" @@ -1018,10 +1018,10 @@ "evra": "4.16.1.2-1.fc33.x86_64" }, "rpm-ostree": { - "evra": "2020.10-1.fc33.x86_64" + "evra": "2021.1-2.fc33.x86_64" }, "rpm-ostree-libs": { - "evra": "2020.10-1.fc33.x86_64" + "evra": "2021.1-2.fc33.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.2-1.fc33.x86_64" @@ -1087,7 +1087,7 @@ "evra": "1.7.4.1-1.fc33.x86_64" }, "sqlite-libs": { - "evra": "3.34.0-1.fc33.x86_64" + "evra": "3.34.1-1.fc33.x86_64" }, "ssh-key-dir": { "evra": "0.1.2-5.fc33.x86_64" @@ -1120,7 +1120,7 @@ "evra": "2.4.0-4.fc33.x86_64" }, "sudo": { - "evra": "1.9.5p1-1.fc33.x86_64" + "evra": "1.9.5p2-1.fc33.x86_64" }, "systemd": { "evra": "246.7-1.fc33.x86_64" @@ -1199,16 +1199,16 @@ } }, "metadata": { - "generated": "2021-01-26T21:09:58Z", + "generated": "2021-01-28T21:14:10Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-25T22:07:37Z" + "generated": "2021-01-27T18:49:12Z" }, "fedora-updates": { - "generated": "2021-01-26T01:49:56Z" + "generated": "2021-01-28T01:02:42Z" } } } From 12bb57775059f865c85c6831cfc74bf41c4d202b Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 27 Jan 2021 16:27:17 -0500 Subject: [PATCH 059/489] overlay/teardown: assume coreos-relabel exists We can assume now that we always have coreos-relabel and drop the fallback to relabeling via tmpfiles. This dates back from when this code lived in ignition-dracut and it felt odd to rely on coreos-relabel. --- .../coreos-teardown-initramfs.sh | 21 +++++-------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh index 2c8e5353a5..0d676f0f38 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh @@ -22,17 +22,6 @@ dracut_func() { return $rc } -selinux_relabel() { - # If we have access to coreos-relabel then let's use that because - # it allows us to set labels on things before switching root - # If not, fallback to tmpfiles. - if command -v coreos-relabel; then - coreos-relabel $1 - else - echo "Z $1 - - -" >> "/run/tmpfiles.d/$(basename $0)-relabel.conf" - fi -} - # Determine if the generated NM connection profiles match the default # that would be given to us if the user had provided no additional # configuration. i.e. did the user give us any network configuration @@ -95,7 +84,7 @@ propagate_initramfs_networking() { else echo "info: propagating initramfs networking config to the real root" cp -v /run/NetworkManager/system-connections/* /sysroot/etc/NetworkManager/system-connections/ - selinux_relabel /etc/NetworkManager/system-connections/ + coreos-relabel /etc/NetworkManager/system-connections/ fi else echo "info: no initramfs networking information to propagate" @@ -147,7 +136,7 @@ propagate_initramfs_hostname() { if [ -n "$hostname" ]; then echo "info: propagating initramfs hostname (${hostname}) to the real root" echo $hostname > /sysroot/etc/hostname - selinux_relabel /etc/hostname + coreos-relabel /etc/hostname else echo "info: no initramfs hostname information to propagate" fi @@ -161,7 +150,7 @@ propagate_initramfs_hostname() { hostname=$( /sysroot/etc/hostname - selinux_relabel /etc/hostname + coreos-relabel /etc/hostname else echo "info: no initramfs hostname information to propagate" fi @@ -176,8 +165,8 @@ propagate_initramfs_multipath() { echo "info: propagating automatic multipath configuration" cp -v /etc/multipath.conf /sysroot/etc/ mkdir -p /sysroot/etc/multipath/multipath.conf.d - selinux_relabel /etc/multipath.conf - selinux_relabel /etc/multipath/multipath.conf.d + coreos-relabel /etc/multipath.conf + coreos-relabel /etc/multipath/multipath.conf.d else echo "info: no initramfs automatic multipath configuration to propagate" fi From eb9d88e95c24f748ad5dd5286a33de99dfb9ff5a Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 27 Jan 2021 16:57:21 -0500 Subject: [PATCH 060/489] overlay: propagate multipath config post-firstboot Because multipath support now works on the second boot, the propagation code in `coreos-teardown-network.service` didn't work. Split that code out into a separate dracut module and have it run on subsequent boots. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1920571 --- .../coreos-teardown-initramfs.sh | 20 ------------------- .../coreos-propagate-multipath-conf.service | 11 ++++++++++ .../coreos-propagate-multipath-conf.sh | 17 ++++++++++++++++ .../35coreos-multipath/module-setup.sh | 19 ++++++++++++++++++ 4 files changed, 47 insertions(+), 20 deletions(-) create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service create mode 100755 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh create mode 100755 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh index 0d676f0f38..8bcac9e3c9 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh @@ -156,22 +156,6 @@ propagate_initramfs_hostname() { fi } -# Persist automatic multipath configuration, if any. -# When booting with `rd.multipath=default`, the default multipath -# configuration is written. We need to ensure that the mutlipath configuration -# is persisted to the final target. -propagate_initramfs_multipath() { - if [ ! -f /sysroot/etc/multipath.conf ] && [ -f /etc/multipath.conf ]; then - echo "info: propagating automatic multipath configuration" - cp -v /etc/multipath.conf /sysroot/etc/ - mkdir -p /sysroot/etc/multipath/multipath.conf.d - coreos-relabel /etc/multipath.conf - coreos-relabel /etc/multipath/multipath.conf.d - else - echo "info: no initramfs automatic multipath configuration to propagate" - fi -} - down_interface() { echo "info: taking down network device: $1" # On recommendation from the NM team let's try to delete the device @@ -242,10 +226,6 @@ main() { # clean it up so that no information from outside of the # real root is passed on to NetworkManager in the real root rm -rf /run/NetworkManager/ - - # If automated multipath configuration has been enabled, ensure - # that its propagated to the real rootfs. - propagate_initramfs_multipath } main diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service new file mode 100644 index 0000000000..271fdf81fd --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service @@ -0,0 +1,11 @@ +[Unit] +Description=CoreOS Propagate Multipath Configuration +After=ostree-prepare-root.service +Before=initrd.target + +ConditionKernelCommandLine=rd.multipath=default + +[Service] +Type=oneshot +ExecStart=/usr/sbin/coreos-propagate-multipath-conf +RemainAfterExit=yes diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh new file mode 100755 index 0000000000..ebf0113737 --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh @@ -0,0 +1,17 @@ +#!/bin/bash +set -euo pipefail + +# Persist automatic multipath configuration, if any. +# When booting with `rd.multipath=default`, the default multipath +# configuration is written. We need to ensure that the multipath configuration +# is persisted to the final target. + +if [ ! -f /sysroot/etc/multipath.conf ] && [ -f /etc/multipath.conf ]; then + echo "info: propagating automatic multipath configuration" + cp -v /etc/multipath.conf /sysroot/etc/ + mkdir -p /sysroot/etc/multipath/multipath.conf.d + coreos-relabel /etc/multipath.conf + coreos-relabel /etc/multipath/multipath.conf.d +else + echo "info: no initramfs automatic multipath configuration to propagate" +fi diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh new file mode 100755 index 0000000000..c0257fd066 --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +install_ignition_unit() { + local unit=$1; shift + local target=${1:-complete} + inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" + # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 + systemctl -q --root="$initdir" add-requires "ignition-${target}.target" "$unit" || exit 1 +} + +install() { + inst_script "$moddir/coreos-propagate-multipath-conf.sh" \ + "/usr/sbin/coreos-propagate-multipath-conf" + + install_ignition_unit coreos-propagate-multipath-conf.service subsequent +} From 867ba196b927bfa189db598f3b3530a10f7cf170 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 29 Jan 2021 21:41:28 +0000 Subject: [PATCH 061/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 7c117d354b..e980bd9e27 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -402,6 +402,9 @@ "hostname": { "evra": "3.23-3.fc33.x86_64" }, + "hwdata": { + "evra": "0.343-1.fc33.noarch" + }, "ignition": { "evra": "2.9.0-2.git1d56dc8.fc33.x86_64" }, @@ -592,7 +595,7 @@ "evra": "0.3.5-1.fc33.x86_64" }, "libibverbs": { - "evra": "33.0-1.fc33.x86_64" + "evra": "33.0-2.fc33.x86_64" }, "libicu": { "evra": "67.1-4.fc33.x86_64" @@ -862,7 +865,7 @@ "evra": "2:0.4.0-2.fc33.x86_64" }, "mozjs78": { - "evra": "78.6.0-1.fc33.x86_64" + "evra": "78.7.0-1.fc33.x86_64" }, "mpfr": { "evra": "4.1.0-2.fc33.x86_64" @@ -948,6 +951,12 @@ "passwd": { "evra": "0.80-9.fc33.x86_64" }, + "pciutils": { + "evra": "3.6.4-2.fc33.x86_64" + }, + "pciutils-libs": { + "evra": "3.6.4-2.fc33.x86_64" + }, "pcre": { "evra": "8.44-2.fc33.x86_64" }, @@ -1005,6 +1014,9 @@ "qrencode-libs": { "evra": "4.0.2-6.fc33.x86_64" }, + "rdma-core": { + "evra": "33.0-2.fc33.x86_64" + }, "readline": { "evra": "8.0-5.fc33.x86_64" }, @@ -1199,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-01-28T21:14:10Z", + "generated": "2021-01-29T21:07:44Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-27T18:49:12Z" + "generated": "2021-01-28T21:58:20Z" }, "fedora-updates": { - "generated": "2021-01-28T01:02:42Z" + "generated": "2021-01-29T01:38:17Z" } } } From f055e38e41ea38100a35c8b4bee261d5d061cde9 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 30 Jan 2021 21:44:01 +0000 Subject: [PATCH 062/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index e980bd9e27..b5dea4da1e 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -724,7 +724,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "libsmbclient": { - "evra": "2:4.13.3-0.fc33.x86_64" + "evra": "2:4.13.4-0.fc33.x86_64" }, "libsmbios": { "evra": "2.4.3-1.fc33.x86_64" @@ -799,7 +799,7 @@ "evra": "0.3.0-10.fc33.x86_64" }, "libwbclient": { - "evra": "2:4.13.3-0.fc33.x86_64" + "evra": "2:4.13.4-0.fc33.x86_64" }, "libxcrypt": { "evra": "4.4.17-1.fc33.x86_64" @@ -940,10 +940,10 @@ "evra": "2020.8-1.fc33.x86_64" }, "p11-kit": { - "evra": "0.23.22-1.fc33.x86_64" + "evra": "0.23.22-2.fc33.x86_64" }, "p11-kit-trust": { - "evra": "0.23.22-1.fc33.x86_64" + "evra": "0.23.22-2.fc33.x86_64" }, "pam": { "evra": "1.4.0-10.fc33.x86_64" @@ -1045,16 +1045,16 @@ "evra": "2:1.0.0-279.dev.gitdedadbf.fc33.x86_64" }, "samba-client-libs": { - "evra": "2:4.13.3-0.fc33.x86_64" + "evra": "2:4.13.4-0.fc33.x86_64" }, "samba-common": { - "evra": "2:4.13.3-0.fc33.noarch" + "evra": "2:4.13.4-0.fc33.noarch" }, "samba-common-libs": { - "evra": "2:4.13.3-0.fc33.x86_64" + "evra": "2:4.13.4-0.fc33.x86_64" }, "samba-libs": { - "evra": "2:4.13.3-0.fc33.x86_64" + "evra": "2:4.13.4-0.fc33.x86_64" }, "sed": { "evra": "4.8-5.fc33.x86_64" @@ -1168,7 +1168,7 @@ "evra": "3.0.3-1.fc33.x86_64" }, "tzdata": { - "evra": "2020f-1.fc33.noarch" + "evra": "2021a-1.fc33.noarch" }, "userspace-rcu": { "evra": "0.12.1-2.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-01-29T21:07:44Z", + "generated": "2021-01-30T21:07:38Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-28T21:58:20Z" + "generated": "2021-01-29T21:52:15Z" }, "fedora-updates": { - "generated": "2021-01-29T01:38:17Z" + "generated": "2021-01-30T01:04:45Z" } } } From 9c9e48f447d77f41d2de181176ca3bd450fdd6c1 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 31 Jan 2021 21:36:56 +0000 Subject: [PATCH 063/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index b5dea4da1e..59d9ba6070 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -415,16 +415,16 @@ "evra": "5.9.0-1.fc33.x86_64" }, "iptables": { - "evra": "1.8.5-4.fc33.x86_64" + "evra": "1.8.5-5.fc33.x86_64" }, "iptables-libs": { - "evra": "1.8.5-4.fc33.x86_64" + "evra": "1.8.5-5.fc33.x86_64" }, "iptables-nft": { - "evra": "1.8.5-4.fc33.x86_64" + "evra": "1.8.5-5.fc33.x86_64" }, "iptables-services": { - "evra": "1.8.5-4.fc33.x86_64" + "evra": "1.8.5-5.fc33.x86_64" }, "iputils": { "evra": "20200821-1.fc33.x86_64" @@ -631,7 +631,7 @@ "evra": "9-8.fc33.x86_64" }, "libmaxminddb": { - "evra": "1.4.3-1.fc33.x86_64" + "evra": "1.5.0-1.fc33.x86_64" }, "libmetalink": { "evra": "0.1.3-13.fc33.x86_64" @@ -688,7 +688,7 @@ "evra": "0.21.1-2.fc33.x86_64" }, "libpwquality": { - "evra": "1.4.4-1.fc33.x86_64" + "evra": "1.4.4-2.fc33.x86_64" }, "libref_array": { "evra": "0.1.5-46.fc33.x86_64" @@ -892,7 +892,7 @@ "evra": "1:2.5.2-1.rc4.fc33.x86_64" }, "nftables": { - "evra": "1:0.9.3-7.fc33.x86_64" + "evra": "1:0.9.3-8.fc33.x86_64" }, "nmap-ncat": { "evra": "2:7.80-5.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-01-30T21:07:38Z", + "generated": "2021-01-31T21:07:39Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-29T21:52:15Z" + "generated": "2021-01-30T21:56:48Z" }, "fedora-updates": { - "generated": "2021-01-30T01:04:45Z" + "generated": "2021-01-31T00:59:37Z" } } } From c2b791a912592da0928297f05a4b14b1856c434a Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 1 Feb 2021 12:27:12 -0500 Subject: [PATCH 064/489] overrides: fast-track kernel for CVE-2021-3347 ("Use after free via PI futex state") A flaw was found in the Linux kernel. A use after free issue in PI futex may lead to code execution. Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=1922249 Bodhi update: https://bodhi.fedoraproject.org/updates/FEDORA-2021-879c756377 --- manifest-lock.overrides.aarch64.yaml | 8 ++++++++ manifest-lock.overrides.ppc64le.yaml | 8 ++++++++ manifest-lock.overrides.s390x.yaml | 8 ++++++++ manifest-lock.overrides.x86_64.yaml | 8 ++++++++ 4 files changed, 32 insertions(+) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 92b1fb973e..e5ffb64713 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -15,3 +15,11 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.aarch64 + # Fast-track kernel fix for CVE-2021-3347 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e805a5051 + kernel: + evra: 5.10.12-200.fc33.aarch64 + kernel-core: + evra: 5.10.12-200.fc33.aarch64 + kernel-modules: + evra: 5.10.12-200.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index d14f6a913b..03dcfccfb5 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -15,3 +15,11 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.ppc64le + # Fast-track kernel fix for CVE-2021-3347 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e805a5051 + kernel: + evra: 5.10.12-200.fc33.ppc64le + kernel-core: + evra: 5.10.12-200.fc33.ppc64le + kernel-modules: + evra: 5.10.12-200.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index da2fbcf7e2..3b83e41ffa 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -15,3 +15,11 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.s390x + # Fast-track kernel fix for CVE-2021-3347 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e805a5051 + kernel: + evra: 5.10.12-200.fc33.s390x + kernel-core: + evra: 5.10.12-200.fc33.s390x + kernel-modules: + evra: 5.10.12-200.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 85787152ac..283fd8009f 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -15,3 +15,11 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.x86_64 + # Fast-track kernel fix for CVE-2021-3347 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e805a5051 + kernel: + evra: 5.10.12-200.fc33.x86_64 + kernel-core: + evra: 5.10.12-200.fc33.x86_64 + kernel-modules: + evra: 5.10.12-200.fc33.x86_64 From a72825ae939707a5914d184d7ee6c31d7f24ab48 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 1 Feb 2021 21:35:50 +0000 Subject: [PATCH 065/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 59d9ba6070..3734fddb33 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -466,13 +466,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.10.10-200.fc33.x86_64" + "evra": "5.10.12-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.10.10-200.fc33.x86_64" + "evra": "5.10.12-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.10.10-200.fc33.x86_64" + "evra": "5.10.12-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.21-4.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-01-31T21:07:39Z", + "generated": "2021-02-01T21:07:33Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-01-30T21:56:48Z" + "generated": "2021-02-01T19:28:04Z" }, "fedora-updates": { - "generated": "2021-01-31T00:59:37Z" + "generated": "2021-02-01T01:40:54Z" } } } From 0fc04d671d7d340b774bd2695f3b2cdce524a08b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 2 Feb 2021 21:44:33 +0000 Subject: [PATCH 066/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 3734fddb33..7d70d916dc 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1211,7 +1211,7 @@ } }, "metadata": { - "generated": "2021-02-01T21:07:33Z", + "generated": "2021-02-02T21:07:47Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1220,7 +1220,7 @@ "generated": "2021-02-01T19:28:04Z" }, "fedora-updates": { - "generated": "2021-02-01T01:40:54Z" + "generated": "2021-02-02T03:01:09Z" } } } From 07ba41f9d412a4c0848c8fee1aebfcdd89f8bc79 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 3 Feb 2021 21:38:22 +0000 Subject: [PATCH 067/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 7d70d916dc..385a12b06f 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -403,7 +403,7 @@ "evra": "3.23-3.fc33.x86_64" }, "hwdata": { - "evra": "0.343-1.fc33.noarch" + "evra": "0.344-1.fc33.noarch" }, "ignition": { "evra": "2.9.0-2.git1d56dc8.fc33.x86_64" @@ -1211,7 +1211,7 @@ } }, "metadata": { - "generated": "2021-02-02T21:07:47Z", + "generated": "2021-02-03T21:07:39Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1220,7 +1220,7 @@ "generated": "2021-02-01T19:28:04Z" }, "fedora-updates": { - "generated": "2021-02-02T03:01:09Z" + "generated": "2021-02-03T00:58:58Z" } } } From e58d55960959304fd565a39ee9fcddd9aee8e1c1 Mon Sep 17 00:00:00 2001 From: Kelvin Fan Date: Thu, 3 Dec 2020 16:54:03 -0500 Subject: [PATCH 068/489] fedora-coreos-base: Add postprocess script to configure `login.defs` Add `/run/motd.d` as one of the directories that `login(1)` reads from to display the MOTD. This is required for newer versions of `console-login-helper-messages` to function properly. The script can be dropped when `util-linux` adds `/run/motd.d` as a default in Fedora 34. https://src.fedoraproject.org/rpms/util-linux/pull-request/8 https://github.com/coreos/fedora-coreos-tracker/issues/704#issuecomment-772862174 --- manifests/fedora-coreos-base.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 0f43eefbfd..e64ff993bb 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -96,6 +96,20 @@ postprocess: DNSStubListener=no EOF + # Edit `login.defs` to configure `login(1)` to read from `/run/motd.d` for + # displaying the MOTD. This is required for newer versions of + # `console-login-helper-messages` to function properly. + # This will be dropped once Fedora util-linux adds `/run/motd.d` as a default + # in Fedora 34. + # https://src.fedoraproject.org/rpms/util-linux/pull-request/8 + # https://github.com/coreos/fedora-coreos-tracker/issues/704#issuecomment-772862174 + - | + #!/usr/bin/env bash + source /etc/os-release + if [ ${VERSION_ID} -lt 34 ]; then + echo 'MOTD_FILE=/usr/share/misc/motd:/run/motd:/run/motd.d:/etc/motd:/etc/motd.d' >> /etc/login.defs + fi + packages: # Security - selinux-policy-targeted From 8fc392350a658284951dfb7b082136bfe2f92946 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 4 Feb 2021 17:18:03 -0500 Subject: [PATCH 069/489] overrides: fast-track rpm-ostree-2021.1-3.fc33 To unblock lockfile bumps which try to pull in new libsolv and hit against https://github.com/coreos/rpm-ostree/pull/2490. --- manifest-lock.overrides.aarch64.yaml | 6 ++++++ manifest-lock.overrides.ppc64le.yaml | 6 ++++++ manifest-lock.overrides.s390x.yaml | 6 ++++++ manifest-lock.overrides.x86_64.yaml | 6 ++++++ 4 files changed, 24 insertions(+) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index e5ffb64713..00eadd55da 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -23,3 +23,9 @@ packages: evra: 5.10.12-200.fc33.aarch64 kernel-modules: evra: 5.10.12-200.fc33.aarch64 + # Fast-track rpm-ostree for libsolv fix + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-937b45bf55 + rpm-ostree: + evra: 2021.1-3.fc33.aarch64 + rpm-ostree-libs: + evra: 2021.1-3.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index 03dcfccfb5..374a4719bb 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -23,3 +23,9 @@ packages: evra: 5.10.12-200.fc33.ppc64le kernel-modules: evra: 5.10.12-200.fc33.ppc64le + # Fast-track rpm-ostree for libsolv fix + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-937b45bf55 + rpm-ostree: + evra: 2021.1-3.fc33.ppc64le + rpm-ostree-libs: + evra: 2021.1-3.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index 3b83e41ffa..f2515ae51f 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -23,3 +23,9 @@ packages: evra: 5.10.12-200.fc33.s390x kernel-modules: evra: 5.10.12-200.fc33.s390x + # Fast-track rpm-ostree for libsolv fix + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-937b45bf55 + rpm-ostree: + evra: 2021.1-3.fc33.s390x + rpm-ostree-libs: + evra: 2021.1-3.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 283fd8009f..3aace7f3ef 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -23,3 +23,9 @@ packages: evra: 5.10.12-200.fc33.x86_64 kernel-modules: evra: 5.10.12-200.fc33.x86_64 + # Fast-track rpm-ostree for libsolv fix + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-937b45bf55 + rpm-ostree: + evra: 2021.1-3.fc33.x86_64 + rpm-ostree-libs: + evra: 2021.1-3.fc33.x86_64 From 7aafde790b7989370699853b742eb3246ed12e3f Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 5 Feb 2021 21:36:35 +0000 Subject: [PATCH 070/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 385a12b06f..f9acf2650a 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -730,7 +730,7 @@ "evra": "2.4.3-1.fc33.x86_64" }, "libsolv": { - "evra": "0.7.15-1.fc33.x86_64" + "evra": "0.7.17-1.fc33.x86_64" }, "libss": { "evra": "1.45.6-4.fc33.x86_64" @@ -916,13 +916,13 @@ "evra": "2.4.50-5.fc33.x86_64" }, "openssh": { - "evra": "8.4p1-4.fc33.x86_64" + "evra": "8.4p1-5.fc33.x86_64" }, "openssh-clients": { - "evra": "8.4p1-4.fc33.x86_64" + "evra": "8.4p1-5.fc33.x86_64" }, "openssh-server": { - "evra": "8.4p1-4.fc33.x86_64" + "evra": "8.4p1-5.fc33.x86_64" }, "openssl": { "evra": "1:1.1.1i-1.fc33.x86_64" @@ -961,10 +961,10 @@ "evra": "8.44-2.fc33.x86_64" }, "pcre2": { - "evra": "10.36-1.fc33.x86_64" + "evra": "10.36-3.fc33.x86_64" }, "pcre2-syntax": { - "evra": "10.36-1.fc33.noarch" + "evra": "10.36-3.fc33.noarch" }, "pigz": { "evra": "2.4-7.fc33.x86_64" @@ -1030,10 +1030,10 @@ "evra": "4.16.1.2-1.fc33.x86_64" }, "rpm-ostree": { - "evra": "2021.1-2.fc33.x86_64" + "evra": "2021.1-3.fc33.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.1-2.fc33.x86_64" + "evra": "2021.1-3.fc33.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.2-1.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-02-03T21:07:39Z", + "generated": "2021-02-05T21:07:19Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-01T19:28:04Z" + "generated": "2021-02-05T01:19:10Z" }, "fedora-updates": { - "generated": "2021-02-03T00:58:58Z" + "generated": "2021-02-05T01:01:46Z" } } } From b1c64bd4911b1ef32c5ea5c0c339a70aff94c7a0 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 6 Feb 2021 21:36:50 +0000 Subject: [PATCH 071/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index f9acf2650a..2b4059594d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -145,10 +145,10 @@ "evra": "0.7.2-1.fc33.x86_64" }, "coreutils": { - "evra": "8.32-15.fc33.x86_64" + "evra": "8.32-17.fc33.x86_64" }, "coreutils-common": { - "evra": "8.32-15.fc33.x86_64" + "evra": "8.32-17.fc33.x86_64" }, "cpio": { "evra": "2.13-8.fc33.x86_64" @@ -355,13 +355,13 @@ "evra": "2.66.4-1.fc33.x86_64" }, "glibc": { - "evra": "2.32-3.fc33.x86_64" + "evra": "2.32-4.fc33.x86_64" }, "glibc-all-langpacks": { - "evra": "2.32-3.fc33.x86_64" + "evra": "2.32-4.fc33.x86_64" }, "glibc-common": { - "evra": "2.32-3.fc33.x86_64" + "evra": "2.32-4.fc33.x86_64" }, "gmp": { "evra": "1:6.2.0-5.fc33.x86_64" @@ -952,10 +952,10 @@ "evra": "0.80-9.fc33.x86_64" }, "pciutils": { - "evra": "3.6.4-2.fc33.x86_64" + "evra": "3.7.0-3.fc33.x86_64" }, "pciutils-libs": { - "evra": "3.6.4-2.fc33.x86_64" + "evra": "3.7.0-3.fc33.x86_64" }, "pcre": { "evra": "8.44-2.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-02-05T21:07:19Z", + "generated": "2021-02-06T21:07:30Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-05T01:19:10Z" + "generated": "2021-02-05T21:48:39Z" }, "fedora-updates": { - "generated": "2021-02-05T01:01:46Z" + "generated": "2021-02-06T00:53:34Z" } } } From 20eb9456af2e871d212a1c252e277b1c4ae4bcb7 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 7 Feb 2021 21:38:02 +0000 Subject: [PATCH 072/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2b4059594d..60caaafe38 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -175,7 +175,7 @@ "evra": "2.3.4-1.fc33.x86_64" }, "cups-libs": { - "evra": "1:2.3.3op1-1.fc33.x86_64" + "evra": "1:2.3.3op2-1.fc33.x86_64" }, "curl": { "evra": "7.71.1-8.fc33.x86_64" @@ -268,7 +268,7 @@ "evra": "0.0.4-7.fc33.x86_64" }, "fedora-gpg-keys": { - "evra": "33-1.noarch" + "evra": "33-2.noarch" }, "fedora-release-common": { "evra": "33-3.noarch" @@ -280,16 +280,16 @@ "evra": "33-3.noarch" }, "fedora-repos": { - "evra": "33-1.noarch" + "evra": "33-2.noarch" }, "fedora-repos-archive": { - "evra": "33-1.noarch" + "evra": "33-2.noarch" }, "fedora-repos-modular": { - "evra": "33-1.noarch" + "evra": "33-2.noarch" }, "fedora-repos-ostree": { - "evra": "33-1.noarch" + "evra": "33-2.noarch" }, "file": { "evra": "5.39-3.fc33.x86_64" @@ -1177,7 +1177,10 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2146-2.fc33.x86_64" + "evra": "2:8.2.2465-1.fc33.x86_64" + }, + "vim-wrappers": { + "evra": "2:8.2.2465-1.fc33.noarch" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1211,16 +1214,16 @@ } }, "metadata": { - "generated": "2021-02-06T21:07:30Z", + "generated": "2021-02-07T21:07:18Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-05T21:48:39Z" + "generated": "2021-02-06T21:48:06Z" }, "fedora-updates": { - "generated": "2021-02-06T00:53:34Z" + "generated": "2021-02-07T00:59:12Z" } } } From 714faaff064c722d9c5325fa015a40195bfe38fe Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 6 Feb 2021 20:22:54 +0000 Subject: [PATCH 073/489] manifest: Revert libsolv to 0.7.15-1.fc33 See https://bugzilla.redhat.com/show_bug.cgi?id=1925717 --- manifest-lock.overrides.aarch64.yaml | 9 +++------ manifest-lock.overrides.ppc64le.yaml | 9 +++------ manifest-lock.overrides.s390x.yaml | 9 +++------ manifest-lock.overrides.x86_64.yaml | 9 +++------ 4 files changed, 12 insertions(+), 24 deletions(-) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 00eadd55da..5aca1d19ad 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -23,9 +23,6 @@ packages: evra: 5.10.12-200.fc33.aarch64 kernel-modules: evra: 5.10.12-200.fc33.aarch64 - # Fast-track rpm-ostree for libsolv fix - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-937b45bf55 - rpm-ostree: - evra: 2021.1-3.fc33.aarch64 - rpm-ostree-libs: - evra: 2021.1-3.fc33.aarch64 + # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 + libsolv: + evra: 0.7.15-1.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index 374a4719bb..dcb5f9de1b 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -23,9 +23,6 @@ packages: evra: 5.10.12-200.fc33.ppc64le kernel-modules: evra: 5.10.12-200.fc33.ppc64le - # Fast-track rpm-ostree for libsolv fix - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-937b45bf55 - rpm-ostree: - evra: 2021.1-3.fc33.ppc64le - rpm-ostree-libs: - evra: 2021.1-3.fc33.ppc64le + # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 + libsolv: + evra: 0.7.15-1.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index f2515ae51f..121ed0e5ac 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -23,9 +23,6 @@ packages: evra: 5.10.12-200.fc33.s390x kernel-modules: evra: 5.10.12-200.fc33.s390x - # Fast-track rpm-ostree for libsolv fix - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-937b45bf55 - rpm-ostree: - evra: 2021.1-3.fc33.s390x - rpm-ostree-libs: - evra: 2021.1-3.fc33.s390x + # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 + libsolv: + evra: 0.7.15-1.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 3aace7f3ef..763b5b93bd 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -23,9 +23,6 @@ packages: evra: 5.10.12-200.fc33.x86_64 kernel-modules: evra: 5.10.12-200.fc33.x86_64 - # Fast-track rpm-ostree for libsolv fix - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-937b45bf55 - rpm-ostree: - evra: 2021.1-3.fc33.x86_64 - rpm-ostree-libs: - evra: 2021.1-3.fc33.x86_64 + # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 + libsolv: + evra: 0.7.15-1.fc33.x86_64 From e68419cd04de2a68ba262ccd70188ae5f710750c Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Mon, 8 Feb 2021 15:06:42 -0500 Subject: [PATCH 074/489] overrides: fast-track Ignition for IMDSv2 and packaging cleanups --- manifest-lock.overrides.aarch64.yaml | 4 ++++ manifest-lock.overrides.ppc64le.yaml | 4 ++++ manifest-lock.overrides.s390x.yaml | 4 ++++ manifest-lock.overrides.x86_64.yaml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 5aca1d19ad..67c5168eed 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -26,3 +26,7 @@ packages: # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 libsolv: evra: 0.7.15-1.fc33.aarch64 + # Fast-track Ignition cleanups and IMDSv2 fix + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e7c4ba680 + ignition: + evra: 2.9.0-4.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index dcb5f9de1b..8a49353ec8 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -26,3 +26,7 @@ packages: # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 libsolv: evra: 0.7.15-1.fc33.ppc64le + # Fast-track Ignition cleanups and IMDSv2 fix + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e7c4ba680 + ignition: + evra: 2.9.0-4.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index 121ed0e5ac..7d1ffc4e24 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -26,3 +26,7 @@ packages: # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 libsolv: evra: 0.7.15-1.fc33.s390x + # Fast-track Ignition cleanups and IMDSv2 fix + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e7c4ba680 + ignition: + evra: 2.9.0-4.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 763b5b93bd..47e76e60dc 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -26,3 +26,7 @@ packages: # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 libsolv: evra: 0.7.15-1.fc33.x86_64 + # Fast-track Ignition cleanups and IMDSv2 fix + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e7c4ba680 + ignition: + evra: 2.9.0-4.fc33.x86_64 From 47410e86025a19ba03dd8c4c2cf7ab4462eb499b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 9 Feb 2021 21:56:30 +0000 Subject: [PATCH 075/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 60caaafe38..788f99c697 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -352,7 +352,7 @@ "evra": "2.29.2-3.fc33.x86_64" }, "glib2": { - "evra": "2.66.4-1.fc33.x86_64" + "evra": "2.66.6-1.fc33.x86_64" }, "glibc": { "evra": "2.32-4.fc33.x86_64" @@ -406,7 +406,7 @@ "evra": "0.344-1.fc33.noarch" }, "ignition": { - "evra": "2.9.0-2.git1d56dc8.fc33.x86_64" + "evra": "2.9.0-4.fc33.x86_64" }, "iproute": { "evra": "5.9.0-1.fc33.x86_64" @@ -730,7 +730,7 @@ "evra": "2.4.3-1.fc33.x86_64" }, "libsolv": { - "evra": "0.7.17-1.fc33.x86_64" + "evra": "0.7.15-1.fc33.x86_64" }, "libss": { "evra": "1.45.6-4.fc33.x86_64" @@ -1214,16 +1214,16 @@ } }, "metadata": { - "generated": "2021-02-07T21:07:18Z", + "generated": "2021-02-09T21:10:01Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-06T21:48:06Z" + "generated": "2021-02-08T21:49:58Z" }, "fedora-updates": { - "generated": "2021-02-07T00:59:12Z" + "generated": "2021-02-09T00:43:28Z" } } } From 4aaef0333c049d41a9c910d2cb9d05c101ff361b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 10 Feb 2021 21:37:44 +0000 Subject: [PATCH 076/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 788f99c697..c8760819b6 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1,16 +1,16 @@ { "packages": { "NetworkManager": { - "evra": "1:1.26.4-1.fc33.x86_64" + "evra": "1:1.26.6-1.fc33.x86_64" }, "NetworkManager-libnm": { - "evra": "1:1.26.4-1.fc33.x86_64" + "evra": "1:1.26.6-1.fc33.x86_64" }, "NetworkManager-team": { - "evra": "1:1.26.4-1.fc33.x86_64" + "evra": "1:1.26.6-1.fc33.x86_64" }, "NetworkManager-tui": { - "evra": "1:1.26.4-1.fc33.x86_64" + "evra": "1:1.26.6-1.fc33.x86_64" }, "WALinuxAgent-udev": { "evra": "2.2.52-1.fc33.noarch" @@ -1214,16 +1214,16 @@ } }, "metadata": { - "generated": "2021-02-09T21:10:01Z", + "generated": "2021-02-10T21:07:59Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-08T21:49:58Z" + "generated": "2021-02-09T22:03:36Z" }, "fedora-updates": { - "generated": "2021-02-09T00:43:28Z" + "generated": "2021-02-10T00:56:21Z" } } } From 44bfdaae8288b57a2860f804bddaf7eed49dbda5 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 11 Feb 2021 21:42:11 +0000 Subject: [PATCH 077/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 67 +++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 35 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index c8760819b6..c8441087eb 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -268,7 +268,7 @@ "evra": "0.0.4-7.fc33.x86_64" }, "fedora-gpg-keys": { - "evra": "33-2.noarch" + "evra": "33-3.noarch" }, "fedora-release-common": { "evra": "33-3.noarch" @@ -280,16 +280,16 @@ "evra": "33-3.noarch" }, "fedora-repos": { - "evra": "33-2.noarch" + "evra": "33-3.noarch" }, "fedora-repos-archive": { - "evra": "33-2.noarch" + "evra": "33-3.noarch" }, "fedora-repos-modular": { - "evra": "33-2.noarch" + "evra": "33-3.noarch" }, "fedora-repos-ostree": { - "evra": "33-2.noarch" + "evra": "33-3.noarch" }, "file": { "evra": "5.39-3.fc33.x86_64" @@ -379,22 +379,22 @@ "evra": "3.4-5.fc33.x86_64" }, "grub2-common": { - "evra": "1:2.04-31.fc33.noarch" + "evra": "1:2.04-32.fc33.noarch" }, "grub2-efi-x64": { - "evra": "1:2.04-31.fc33.x86_64" + "evra": "1:2.04-32.fc33.x86_64" }, "grub2-pc": { - "evra": "1:2.04-31.fc33.x86_64" + "evra": "1:2.04-32.fc33.x86_64" }, "grub2-pc-modules": { - "evra": "1:2.04-31.fc33.noarch" + "evra": "1:2.04-32.fc33.noarch" }, "grub2-tools": { - "evra": "1:2.04-31.fc33.x86_64" + "evra": "1:2.04-32.fc33.x86_64" }, "grub2-tools-minimal": { - "evra": "1:2.04-31.fc33.x86_64" + "evra": "1:2.04-32.fc33.x86_64" }, "gzip": { "evra": "1.10-3.fc33.x86_64" @@ -607,7 +607,7 @@ "evra": "1.3.1-46.fc33.x86_64" }, "libipa_hbac": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "libjcat": { "evra": "0.1.5-1.fc33.x86_64" @@ -664,7 +664,7 @@ "evra": "1.1.7-3.fc33.x86_64" }, "libnghttp2": { - "evra": "1.41.0-3.fc33.x86_64" + "evra": "1.43.0-1.fc33.x86_64" }, "libnl3": { "evra": "3.5.0-5.fc33.x86_64" @@ -742,16 +742,16 @@ "evra": "0.9.5-1.fc33.noarch" }, "libsss_certmap": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "libsss_idmap": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "libsss_nss_idmap": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "libsss_sudo": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "libstdc++": { "evra": "10.2.1-9.fc33.x86_64" @@ -1030,10 +1030,10 @@ "evra": "4.16.1.2-1.fc33.x86_64" }, "rpm-ostree": { - "evra": "2021.1-3.fc33.x86_64" + "evra": "2021.1-4.fc33.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.1-3.fc33.x86_64" + "evra": "2021.1-4.fc33.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.2-1.fc33.x86_64" @@ -1105,31 +1105,31 @@ "evra": "0.1.2-5.fc33.x86_64" }, "sssd": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "sssd-ad": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "sssd-client": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "sssd-common": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "sssd-common-pac": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "sssd-ipa": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "sssd-krb5": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "sssd-krb5-common": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "sssd-ldap": { - "evra": "2.4.0-4.fc33.x86_64" + "evra": "2.3.1-4.fc33.x86_64" }, "sudo": { "evra": "1.9.5p2-1.fc33.x86_64" @@ -1177,10 +1177,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2465-1.fc33.x86_64" - }, - "vim-wrappers": { - "evra": "2:8.2.2465-1.fc33.noarch" + "evra": "2:8.2.2488-1.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1214,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-02-10T21:07:59Z", + "generated": "2021-02-11T21:07:29Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-09T22:03:36Z" + "generated": "2021-02-10T21:47:23Z" }, "fedora-updates": { - "generated": "2021-02-10T00:56:21Z" + "generated": "2021-02-11T01:29:27Z" } } } From 474d64531e166d17b17e526b94c8d6ea92da0f5a Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 12 Feb 2021 22:00:34 +0000 Subject: [PATCH 078/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index c8441087eb..8271383600 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -112,7 +112,7 @@ "evra": "5.2-37.fc33.x86_64" }, "conmon": { - "evra": "2:2.0.21-3.fc33.x86_64" + "evra": "2:2.0.26-1.fc33.x86_64" }, "console-login-helper-messages": { "evra": "0.20.3-1.fc33.noarch" @@ -454,7 +454,7 @@ "evra": "0.14-7.fc33.x86_64" }, "json-glib": { - "evra": "1.6.0-1.fc33.x86_64" + "evra": "1.6.2-1.fc33.x86_64" }, "kbd": { "evra": "2.3.0-2.fc33.x86_64" @@ -529,7 +529,7 @@ "evra": "0.10.0-4.fc33.x86_64" }, "libcap": { - "evra": "2.26-8.fc33.x86_64" + "evra": "2.48-1.fc33.x86_64" }, "libcap-ng": { "evra": "0.8-1.fc33.x86_64" @@ -610,7 +610,7 @@ "evra": "2.3.1-4.fc33.x86_64" }, "libjcat": { - "evra": "0.1.5-1.fc33.x86_64" + "evra": "0.1.6-1.fc33.x86_64" }, "libjose": { "evra": "10-8.fc33.x86_64" @@ -820,13 +820,13 @@ "evra": "2.5.1-27.fc33.x86_64" }, "linux-firmware": { - "evra": "20201218-116.fc33.noarch" + "evra": "20210208-117.fc33.noarch" }, "linux-firmware-whence": { - "evra": "20201218-116.fc33.noarch" + "evra": "20210208-117.fc33.noarch" }, "lmdb-libs": { - "evra": "0.9.27-1.fc33.x86_64" + "evra": "0.9.28-1.fc33.x86_64" }, "logrotate": { "evra": "3.17.0-3.fc33.x86_64" @@ -925,10 +925,10 @@ "evra": "8.4p1-5.fc33.x86_64" }, "openssl": { - "evra": "1:1.1.1i-1.fc33.x86_64" + "evra": "1:1.1.1i-3.fc33.x86_64" }, "openssl-libs": { - "evra": "1:1.1.1i-1.fc33.x86_64" + "evra": "1:1.1.1i-3.fc33.x86_64" }, "os-prober": { "evra": "1.77-6.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-02-11T21:07:29Z", + "generated": "2021-02-12T21:12:58Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-10T21:47:23Z" + "generated": "2021-02-11T21:46:47Z" }, "fedora-updates": { - "generated": "2021-02-11T01:29:27Z" + "generated": "2021-02-12T01:27:30Z" } } } From cc45f25b02d177af094029ad341fc5f747245617 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 12 Feb 2021 14:45:14 -0500 Subject: [PATCH 079/489] manifest: ship specific sssd subpackages instead The `sssd` subpackage is a meta-package which just pulls in the default set of packages. This default set changed in Fedora 34, which started pulling in `python3-sssdconfig`: https://bugzilla.redhat.com/show_bug.cgi?id=1927907 From the maintainer feedback there, it seems like it'd be better anyway to be more explicit about the specific backends we want to ship. So let's do that here: break out `sssd` into the client and the backends for AD, IPA, KRB5, and LDAP. --- manifests/fedora-coreos-base.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index e64ff993bb..607ea18def 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -159,7 +159,9 @@ packages: # https://github.com/coreos/fedora-coreos-tracker/issues/445 - libsss_sudo # Extra runtime - - sssd shadow-utils + - shadow-utils + # SSSD; we only ship a subset of the backends + - sssd-client sssd-ad sssd-ipa sssd-krb5 sssd-ldap # There are things that write outside of the journal still (such as the classic wtmp, etc.) # (auditd also writes outside the journal but it has its own log rotation.) # Anything package layered will also tend to expect files dropped in From 8a4b1fdb1a4b769008afb97ccabd1e900b6c88cd Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 17 Feb 2021 02:19:54 +0000 Subject: [PATCH 080/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 51 ++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 8271383600..12aa885e25 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -34,7 +34,7 @@ "evra": "2.4.48-10.fc33.x86_64" }, "audit-libs": { - "evra": "3.0-1.fc33.x86_64" + "evra": "3.0.1-1.fc33.x86_64" }, "avahi-libs": { "evra": "0.8-7.fc33.x86_64" @@ -115,16 +115,16 @@ "evra": "2:2.0.26-1.fc33.x86_64" }, "console-login-helper-messages": { - "evra": "0.20.3-1.fc33.noarch" + "evra": "0.21.1-1.fc33.noarch" }, "console-login-helper-messages-issuegen": { - "evra": "0.20.3-1.fc33.noarch" + "evra": "0.21.1-1.fc33.noarch" }, "console-login-helper-messages-motdgen": { - "evra": "0.20.3-1.fc33.noarch" + "evra": "0.21.1-1.fc33.noarch" }, "console-login-helper-messages-profile": { - "evra": "0.20.3-1.fc33.noarch" + "evra": "0.21.1-1.fc33.noarch" }, "container-selinux": { "evra": "2:2.151.0-1.fc33.noarch" @@ -352,7 +352,7 @@ "evra": "2.29.2-3.fc33.x86_64" }, "glib2": { - "evra": "2.66.6-1.fc33.x86_64" + "evra": "2.66.7-1.fc33.x86_64" }, "glibc": { "evra": "2.32-4.fc33.x86_64" @@ -607,7 +607,7 @@ "evra": "1.3.1-46.fc33.x86_64" }, "libipa_hbac": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "libjcat": { "evra": "0.1.6-1.fc33.x86_64" @@ -679,7 +679,7 @@ "evra": "0.2.1-46.fc33.x86_64" }, "libpcap": { - "evra": "14:1.9.1-6.fc33.x86_64" + "evra": "14:1.10.0-1.fc33.x86_64" }, "libpkgconf": { "evra": "1.7.3-5.fc33.x86_64" @@ -742,16 +742,16 @@ "evra": "0.9.5-1.fc33.noarch" }, "libsss_certmap": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "libsss_idmap": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "libsss_nss_idmap": { "evra": "2.4.1-1.fc33.x86_64" }, "libsss_sudo": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "libstdc++": { "evra": "10.2.1-9.fc33.x86_64" @@ -781,7 +781,7 @@ "evra": "0.9.10-9.fc33.x86_64" }, "libusbx": { - "evra": "1.0.23-2.fc33.x86_64" + "evra": "1.0.24-1.fc33.x86_64" }, "libuser": { "evra": "0.62-26.fc33.x86_64" @@ -1104,32 +1104,29 @@ "ssh-key-dir": { "evra": "0.1.2-5.fc33.x86_64" }, - "sssd": { - "evra": "2.3.1-4.fc33.x86_64" - }, "sssd-ad": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "sssd-client": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "sssd-common": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "sssd-common-pac": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "sssd-ipa": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "sssd-krb5": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "sssd-krb5-common": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "sssd-ldap": { - "evra": "2.3.1-4.fc33.x86_64" + "evra": "2.4.1-1.fc33.x86_64" }, "sudo": { "evra": "1.9.5p2-1.fc33.x86_64" @@ -1201,7 +1198,7 @@ "evra": "1.1.9-1.fc33.x86_64" }, "zincati": { - "evra": "0.0.14-1.fc33.x86_64" + "evra": "0.0.17-1.fc33.x86_64" }, "zlib": { "evra": "1.2.11-23.fc33.x86_64" @@ -1211,16 +1208,16 @@ } }, "metadata": { - "generated": "2021-02-12T21:12:58Z", + "generated": "2021-02-17T01:46:18Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-11T21:46:47Z" + "generated": "2021-02-12T22:12:43Z" }, "fedora-updates": { - "generated": "2021-02-12T01:27:30Z" + "generated": "2021-02-16T01:54:52Z" } } } From 02bda433f7b0a4cb8dd30273f634701b96726cbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Mon, 8 Feb 2021 18:09:31 +0100 Subject: [PATCH 081/489] overlay.d/20platform-chrony: Minor whitespace fix --- .../lib/systemd/system-generators/coreos-platform-chrony | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony b/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony index 27511e730c..30d987f09f 100755 --- a/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony +++ b/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony @@ -46,11 +46,11 @@ if ! cmp {/usr,}/etc/chrony.conf >/dev/null; then exit 0 fi -(echo "# Generated by $self - do not edit directly" +(echo "# Generated by $self - do not edit directly" sed -e s,'^makestep,#makestep,' -e s,'^pool,#pool,' < /etc/chrony.conf cat < "${confpath}" case "${platform}" in - azure) + azure) (echo '# See also https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync' echo 'refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0' ) >> "${confpath}" ;; From 75c4b1049e4005a7a0deb33c1965bcfc3617b1a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Mon, 8 Feb 2021 18:15:12 +0100 Subject: [PATCH 082/489] overlay.d/20platform-chrony: Exit early if already run Make sure we exit early if: * the config is not the default one and as been modified * this script already generated a configuration for chrony Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1924869 --- .../system-generators/coreos-platform-chrony | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony b/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony index 30d987f09f..71f030d6f1 100755 --- a/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony +++ b/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony @@ -26,6 +26,18 @@ case "${platform}" in *) exit 0 ;; esac +# Exit early if we have already been run once +if [[ -f "${confpath}" ]]; then + echo "$self: ${confpath} already exists; skipping" + exit 0 +fi + +# Exit early if chrony configuration as been changed from the image default +if ! cmp {/usr,}/etc/chrony.conf >/dev/null; then + echo "$self: /etc/chrony.conf is modified; not changing the default" + exit 0 +fi + # If not set already (by host customization or this script), set # PEERNTP=no so that DHCP-provided NTP servers are not added to chrony. # By doing this we assume the better NTP server choice is the @@ -41,11 +53,6 @@ PEERNTP=no EOF fi -if ! cmp {/usr,}/etc/chrony.conf >/dev/null; then - echo "$self: /etc/chrony.conf is modified; not changing the default" - exit 0 -fi - (echo "# Generated by $self - do not edit directly" sed -e s,'^makestep,#makestep,' -e s,'^pool,#pool,' < /etc/chrony.conf cat < Date: Thu, 18 Feb 2021 14:00:41 -0500 Subject: [PATCH 083/489] overlay.d/05core: Remove CLHM-{issuegen,motdgen} units These units no longer exist after CLHM v0.21. --- .../05core/usr/lib/systemd/system-preset/40-coreos.preset | 4 ---- 1 file changed, 4 deletions(-) diff --git a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset index 183366eb50..fede7828b9 100644 --- a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset +++ b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset @@ -1,10 +1,6 @@ # Presets here that eventually should live in the generic fedora presets enable coreos-growpart.service # console-login-helper-messages - https://github.com/coreos/console-login-helper-messages -enable console-login-helper-messages-issuegen.service -enable console-login-helper-messages-motdgen.service -enable console-login-helper-messages-issuegen.path -enable console-login-helper-messages-motdgen.path enable console-login-helper-messages-gensnippet-os-release.service enable console-login-helper-messages-gensnippet-ssh-keys.service # CA certs (probably to add to base fedora eventually) From 903864f7c20fca47fdef871d796304d541cf3869 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 18 Feb 2021 16:05:10 -0500 Subject: [PATCH 084/489] overrides: drop graduated overrides And also drop the libsolv override now that we're shipping with the patched rpm-ostree. --- manifest-lock.overrides.aarch64.yaml | 15 --------------- manifest-lock.overrides.ppc64le.yaml | 15 --------------- manifest-lock.overrides.s390x.yaml | 15 --------------- manifest-lock.overrides.x86_64.yaml | 15 --------------- 4 files changed, 60 deletions(-) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 67c5168eed..92b1fb973e 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -15,18 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.aarch64 - # Fast-track kernel fix for CVE-2021-3347 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e805a5051 - kernel: - evra: 5.10.12-200.fc33.aarch64 - kernel-core: - evra: 5.10.12-200.fc33.aarch64 - kernel-modules: - evra: 5.10.12-200.fc33.aarch64 - # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 - libsolv: - evra: 0.7.15-1.fc33.aarch64 - # Fast-track Ignition cleanups and IMDSv2 fix - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e7c4ba680 - ignition: - evra: 2.9.0-4.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index 8a49353ec8..d14f6a913b 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -15,18 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.ppc64le - # Fast-track kernel fix for CVE-2021-3347 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e805a5051 - kernel: - evra: 5.10.12-200.fc33.ppc64le - kernel-core: - evra: 5.10.12-200.fc33.ppc64le - kernel-modules: - evra: 5.10.12-200.fc33.ppc64le - # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 - libsolv: - evra: 0.7.15-1.fc33.ppc64le - # Fast-track Ignition cleanups and IMDSv2 fix - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e7c4ba680 - ignition: - evra: 2.9.0-4.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index 7d1ffc4e24..da2fbcf7e2 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -15,18 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.s390x - # Fast-track kernel fix for CVE-2021-3347 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e805a5051 - kernel: - evra: 5.10.12-200.fc33.s390x - kernel-core: - evra: 5.10.12-200.fc33.s390x - kernel-modules: - evra: 5.10.12-200.fc33.s390x - # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 - libsolv: - evra: 0.7.15-1.fc33.s390x - # Fast-track Ignition cleanups and IMDSv2 fix - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e7c4ba680 - ignition: - evra: 2.9.0-4.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 47e76e60dc..85787152ac 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -15,18 +15,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.x86_64 - # Fast-track kernel fix for CVE-2021-3347 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e805a5051 - kernel: - evra: 5.10.12-200.fc33.x86_64 - kernel-core: - evra: 5.10.12-200.fc33.x86_64 - kernel-modules: - evra: 5.10.12-200.fc33.x86_64 - # https://bugzilla.redhat.com/show_bug.cgi?id=1925717 - libsolv: - evra: 0.7.15-1.fc33.x86_64 - # Fast-track Ignition cleanups and IMDSv2 fix - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e7c4ba680 - ignition: - evra: 2.9.0-4.fc33.x86_64 From 01d59373c09632affb46fb932dcb98e7665348cd Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 18 Feb 2021 17:39:19 -0500 Subject: [PATCH 085/489] presets: disable systemd-oomd.service It requires swap, which we don't turn on by default. (It also requires cgroups v2, which we currently don't turn on by default but are aiming to in the near future.) --- overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset | 2 ++ 1 file changed, 2 insertions(+) diff --git a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset index fede7828b9..a279f38fe4 100644 --- a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset +++ b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset @@ -22,3 +22,5 @@ enable bootupd.socket # The event for the attached device comes as a diag event. # Ideally it should have been added as part of base Fedora - but since it was arch specific, it was not added: https://bugzilla.redhat.com/show_bug.cgi?id=1433859 enable rtas_errd.service +# We don't have swap by default, and systemd-oomd hard requires it. +disable systemd-oomd.service From b287a6a529f8de2cad96ab9a75b1f505750081f0 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 23 Feb 2021 15:00:35 +0000 Subject: [PATCH 086/489] overlay: create 40-coreos-systemd.preset Let's keep 40-coreos.preset to be only `enable` stanzas for "our stuff" overall. Create a separate `40-coreos-systemd.preset` which only relates to systemd things because it really is a distinct problem domain. --- .../usr/lib/systemd/system-preset/40-coreos-systemd.preset | 4 ++++ .../05core/usr/lib/systemd/system-preset/40-coreos.preset | 2 -- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset diff --git a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset new file mode 100644 index 0000000000..67c18e78f6 --- /dev/null +++ b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset @@ -0,0 +1,4 @@ +# This file contains overrides for systemd services that are +# enabled by default, but conflict with things we ship +# We don't have swap by default, and systemd-oomd hard requires it. +disable systemd-oomd.service diff --git a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset index a279f38fe4..fede7828b9 100644 --- a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset +++ b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset @@ -22,5 +22,3 @@ enable bootupd.socket # The event for the attached device comes as a diag event. # Ideally it should have been added as part of base Fedora - but since it was arch specific, it was not added: https://bugzilla.redhat.com/show_bug.cgi?id=1433859 enable rtas_errd.service -# We don't have swap by default, and systemd-oomd hard requires it. -disable systemd-oomd.service From 2fef5a5dfcf54a6db67997dd275c43281fbec863 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 23 Feb 2021 15:00:35 +0000 Subject: [PATCH 087/489] 40-coreos-systemd.preset: Disable systemd-sysext.service I was just reading the pre-release notes: https://lists.freedesktop.org/archives/systemd-devel/2021-February/046147.html This hasn't been tested with ostree/rpm-ostree and heavily overlaps with the latter. Preemptively disable the service; it will hopefully be subpackaged though for Fedora. --- .../usr/lib/systemd/system-preset/40-coreos-systemd.preset | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset index 67c18e78f6..2b287e7238 100644 --- a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset +++ b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset @@ -2,3 +2,7 @@ # enabled by default, but conflict with things we ship # We don't have swap by default, and systemd-oomd hard requires it. disable systemd-oomd.service +# This hasn't been tested with ostree/rpm-ostree and heavily overlaps +# with the latter. Preemptively disable the service; it will hopefully +# be subpackaged though for Fedora. +disable systemd-sysext.service From bc2e5963f09ef19480e859b327ddc711d528c1b6 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 23 Feb 2021 15:05:35 +0000 Subject: [PATCH 088/489] overlay/40-coreos-systemd:: Add systemd-firstboot disablement here too This way we're moving closer to having our systemd overrides in one place. --- .../lib/systemd/system-preset/40-coreos-systemd.preset | 10 +++++++++- .../systemd-firstboot.service.d/fcos-disable.conf | 7 +++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset index 2b287e7238..a242ebaaa1 100644 --- a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset +++ b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset @@ -1,7 +1,15 @@ # This file contains overrides for systemd services that are -# enabled by default, but conflict with things we ship +# enabled by default, but conflict with things we ship. + # We don't have swap by default, and systemd-oomd hard requires it. disable systemd-oomd.service + +# Disable systemd-firstboot because it conflicts with Ignition. +# In most cases this is handled via the remove-from-packages +# bits in the manifest (ignition-and-ostree.yaml), but +# we want to support overlaying builds of systemd from git. +disable systemd-firstboot.service + # This hasn't been tested with ostree/rpm-ostree and heavily overlaps # with the latter. Preemptively disable the service; it will hopefully # be subpackaged though for Fedora. diff --git a/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf b/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf index cbda0b99ae..fc7f00518b 100644 --- a/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf +++ b/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf @@ -1,6 +1,5 @@ -# Disable systemd-firstboot because it conflicts with Ignition. -# In most cases this is handled via the remove-from-packages -# bits in the manifest (ignition-and-ostree.yaml), but -# we want to support overlaying builds of systemd from git. +# See the comment in 40-coreos-systemd.preset; we're +# keeping this even stronger disable override for now, +# but it may not really be necessary. [Unit] ConditionPathExists=/run/nosuchfile From 03bf48614f566f3786b7ff8f479bdf7309882e63 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 23 Feb 2021 16:27:07 -0500 Subject: [PATCH 089/489] overrides: pin clevis to 15-2.fc33 The dracut module from the latest Clevis v16 release has an undeclared dependency on `seq`. There's a patch to fix that upstream: https://github.com/latchset/clevis/pull/295 But for now, let's just pin to the previous release. This will unblock lockfile bumps. --- manifest-lock.overrides.aarch64.yaml | 10 ++++++++++ manifest-lock.overrides.ppc64le.yaml | 10 ++++++++++ manifest-lock.overrides.s390x.yaml | 10 ++++++++++ manifest-lock.overrides.x86_64.yaml | 10 ++++++++++ 4 files changed, 40 insertions(+) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 92b1fb973e..c0e218f3fd 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -15,3 +15,13 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.aarch64 + # Pin to previous version until we have + # https://github.com/latchset/clevis/pull/295 + clevis: + evra: 15-2.fc33.aarch64 + clevis-dracut: + evra: 15-2.fc33.aarch64 + clevis-luks: + evra: 15-2.fc33.aarch64 + clevis-systemd: + evra: 15-2.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index d14f6a913b..602d9cbe7b 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -15,3 +15,13 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.ppc64le + # Pin to previous version until we have + # https://github.com/latchset/clevis/pull/295 + clevis: + evra: 15-2.fc33.ppc64le + clevis-dracut: + evra: 15-2.fc33.ppc64le + clevis-luks: + evra: 15-2.fc33.ppc64le + clevis-systemd: + evra: 15-2.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index da2fbcf7e2..ea7e5b8c03 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -15,3 +15,13 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.s390x + # Pin to previous version until we have + # https://github.com/latchset/clevis/pull/295 + clevis: + evra: 15-2.fc33.s390x + clevis-dracut: + evra: 15-2.fc33.s390x + clevis-luks: + evra: 15-2.fc33.s390x + clevis-systemd: + evra: 15-2.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 85787152ac..1f689e9fcd 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -15,3 +15,13 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.x86_64 + # Pin to previous version until we have + # https://github.com/latchset/clevis/pull/295 + clevis: + evra: 15-2.fc33.x86_64 + clevis-dracut: + evra: 15-2.fc33.x86_64 + clevis-luks: + evra: 15-2.fc33.x86_64 + clevis-systemd: + evra: 15-2.fc33.x86_64 From 214e9c95924536cb05d7a2358abf34418f61cc67 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 24 Feb 2021 18:04:37 +0000 Subject: [PATCH 090/489] manifest: Add stalld The immediate desire is to use this in OpenShift, but it's quite similar to irqbalance, albeit disabled by default. It's very small, off by default but the people who want it really want it. Closes: https://github.com/coreos/fedora-coreos-tracker/issues/753 --- manifest-lock.x86_64.json | 5 ++++- manifests/fedora-coreos-base.yaml | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 12aa885e25..f34e593026 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1128,6 +1128,9 @@ "sssd-ldap": { "evra": "2.4.1-1.fc33.x86_64" }, + "stalld": { + "evra": "1.8-1.fc33.x86_64" + }, "sudo": { "evra": "1.9.5p2-1.fc33.x86_64" }, @@ -1208,7 +1211,7 @@ } }, "metadata": { - "generated": "2021-02-17T01:46:18Z", + "generated": "2021-02-24T18:41:46Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 607ea18def..71169170cc 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -198,6 +198,8 @@ packages: - zram-generator # kdump (https://github.com/coreos/fedora-coreos-tracker/issues/622) - kexec-tools + # Similar to irqbalance: https://github.com/coreos/fedora-coreos-tracker/issues/753 + - stalld # This thing is crying out to be pulled into systemd, but that hasn't happened # yet. Also we may want to add to rpm-ostree something like arch negation; From 3d7132caa48d3984351ee4fb7d84d36b7ea06e63 Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Tue, 23 Feb 2021 13:00:56 -0500 Subject: [PATCH 091/489] manifest: split out networking tools into separate file As part of requesting `iproute-tc`[0], it was suggested to break out the generic networking tools into a separate file so that they could be shared with RHCOS. [0] https://github.com/coreos/fedora-coreos-tracker/issues/742 --- manifests/fedora-coreos-base.yaml | 16 ++++++---------- manifests/networking-tools.yaml | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 10 deletions(-) create mode 100644 manifests/networking-tools.yaml diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 71169170cc..e6843cbca6 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -5,6 +5,7 @@ include: - ignition-and-ostree.yaml - file-transfer.yaml + - networking-tools.yaml initramfs-args: - --no-hostonly @@ -131,17 +132,13 @@ packages: - podman-plugins dnsmasq # Remote IPC for podman - libvarlink-util - # Networking + # Minimal NFS client - nfs-utils-coreos - - NetworkManager hostname - - iproute-tc + # Active Directory support - adcli - ## Teaming https://github.com/coreos/fedora-coreos-config/pull/289 and http://bugzilla.redhat.com/1758162 - - NetworkManager-team teamd - # Static firewalling - - iptables nftables iptables-nft iptables-services - # Interactive Networking configuration during coreos-install - - NetworkManager-tui + # Additional firewall support; we aren't including these in RHCOS or they + # don't exist in RHEL + - iptables-nft iptables-services # WireGuard https://github.com/coreos/fedora-coreos-tracker/issues/362 - wireguard-tools # Storage @@ -170,7 +167,6 @@ packages: - logrotate # Used by admins interactively - sudo coreutils attr less tar xz gzip bzip2 - - socat net-tools bind-utils - bash-completion - openssl - vim-minimal diff --git a/manifests/networking-tools.yaml b/manifests/networking-tools.yaml new file mode 100644 index 0000000000..636fca03fc --- /dev/null +++ b/manifests/networking-tools.yaml @@ -0,0 +1,18 @@ +# This defines a set of tools that are useful for configuring, debugging, +# or manipulating the network of a system. It is desired to keep this list +# generic enough to be shared downstream with RHCOS. + +packages: + # Standard tools for configuring network/hostname + - NetworkManager hostname + # Interactive Networking configuration during coreos-install + - NetworkManager-tui + # Teaming https://github.com/coreos/fedora-coreos-config/pull/289 + # and http://bugzilla.redhat.com/1758162 + - NetworkManager-team teamd + # Route manipulation and QoS + - iproute iproute-tc + # Firewall manipulation + - iptables nftables + # Interactive network tools for admins + - socat net-tools bind-utils From ac0d2f32167f4ac777c1b5dd861079c6ca48ba27 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 24 Feb 2021 20:13:20 +0000 Subject: [PATCH 092/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 66 +++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index f34e593026..aa8ccc7634 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -34,7 +34,7 @@ "evra": "2.4.48-10.fc33.x86_64" }, "audit-libs": { - "evra": "3.0.1-1.fc33.x86_64" + "evra": "3.0.1-2.fc33.x86_64" }, "avahi-libs": { "evra": "0.8-7.fc33.x86_64" @@ -145,10 +145,10 @@ "evra": "0.7.2-1.fc33.x86_64" }, "coreutils": { - "evra": "8.32-17.fc33.x86_64" + "evra": "8.32-18.fc33.x86_64" }, "coreutils-common": { - "evra": "8.32-17.fc33.x86_64" + "evra": "8.32-18.fc33.x86_64" }, "cpio": { "evra": "2.13-8.fc33.x86_64" @@ -190,7 +190,7 @@ "evra": "1:1.12.20-2.fc33.x86_64" }, "dbus-broker": { - "evra": "26-1.fc33.x86_64" + "evra": "27-2.fc33.x86_64" }, "dbus-common": { "evra": "1:1.12.20-2.fc33.noarch" @@ -250,13 +250,13 @@ "evra": "37-14.fc33.x86_64" }, "elfutils-default-yama-scope": { - "evra": "0.182-1.fc33.noarch" + "evra": "0.183-1.fc33.noarch" }, "elfutils-libelf": { - "evra": "0.182-1.fc33.x86_64" + "evra": "0.183-1.fc33.x86_64" }, "elfutils-libs": { - "evra": "0.182-1.fc33.x86_64" + "evra": "0.183-1.fc33.x86_64" }, "ethtool": { "evra": "2:5.10-1.fc33.x86_64" @@ -466,13 +466,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.10.12-200.fc33.x86_64" + "evra": "5.10.16-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.10.12-200.fc33.x86_64" + "evra": "5.10.16-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.10.12-200.fc33.x86_64" + "evra": "5.10.16-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.21-4.fc33.x86_64" @@ -529,7 +529,7 @@ "evra": "0.10.0-4.fc33.x86_64" }, "libcap": { - "evra": "2.48-1.fc33.x86_64" + "evra": "2.48-2.fc33.x86_64" }, "libcap-ng": { "evra": "0.8-1.fc33.x86_64" @@ -607,7 +607,7 @@ "evra": "1.3.1-46.fc33.x86_64" }, "libipa_hbac": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "libjcat": { "evra": "0.1.6-1.fc33.x86_64" @@ -730,7 +730,7 @@ "evra": "2.4.3-1.fc33.x86_64" }, "libsolv": { - "evra": "0.7.15-1.fc33.x86_64" + "evra": "0.7.17-1.fc33.x86_64" }, "libss": { "evra": "1.45.6-4.fc33.x86_64" @@ -742,16 +742,16 @@ "evra": "0.9.5-1.fc33.noarch" }, "libsss_certmap": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "libsss_idmap": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "libsss_nss_idmap": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "libsss_sudo": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "libstdc++": { "evra": "10.2.1-9.fc33.x86_64" @@ -781,7 +781,7 @@ "evra": "0.9.10-9.fc33.x86_64" }, "libusbx": { - "evra": "1.0.24-1.fc33.x86_64" + "evra": "1.0.24-2.fc33.x86_64" }, "libuser": { "evra": "0.62-26.fc33.x86_64" @@ -802,7 +802,7 @@ "evra": "2:4.13.4-0.fc33.x86_64" }, "libxcrypt": { - "evra": "4.4.17-1.fc33.x86_64" + "evra": "4.4.18-1.fc33.x86_64" }, "libxml2": { "evra": "2.9.10-8.fc33.x86_64" @@ -856,7 +856,7 @@ "evra": "4.1-6.fc33.x86_64" }, "microcode_ctl": { - "evra": "2:2.1-43.fc33.x86_64" + "evra": "2:2.1-43.1.fc33.x86_64" }, "moby-engine": { "evra": "19.03.13-1.ce.git4484c46.fc33.x86_64" @@ -868,7 +868,7 @@ "evra": "78.7.0-1.fc33.x86_64" }, "mpfr": { - "evra": "4.1.0-2.fc33.x86_64" + "evra": "4.1.0-4.fc33.x86_64" }, "ncurses": { "evra": "6.2-3.20200222.fc33.x86_64" @@ -1105,28 +1105,28 @@ "evra": "0.1.2-5.fc33.x86_64" }, "sssd-ad": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "sssd-client": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "sssd-common": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "sssd-common-pac": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "sssd-ipa": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "sssd-krb5": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "sssd-krb5-common": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "sssd-ldap": { - "evra": "2.4.1-1.fc33.x86_64" + "evra": "2.4.2-2.fc33.x86_64" }, "stalld": { "evra": "1.8-1.fc33.x86_64" @@ -1177,7 +1177,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2488-1.fc33.x86_64" + "evra": "2:8.2.2529-1.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-02-24T18:41:46Z", + "generated": "2021-02-24T19:40:36Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-12T22:12:43Z" + "generated": "2021-02-24T19:26:23Z" }, "fedora-updates": { - "generated": "2021-02-16T01:54:52Z" + "generated": "2021-02-22T00:55:10Z" } } } From 4a93391f9425fb963d1e608561a990ea8590c90b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 24 Feb 2021 21:43:40 +0000 Subject: [PATCH 093/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index aa8ccc7634..5190c05d7b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -466,13 +466,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.10.16-200.fc33.x86_64" + "evra": "5.10.17-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.10.16-200.fc33.x86_64" + "evra": "5.10.17-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.10.16-200.fc33.x86_64" + "evra": "5.10.17-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.21-4.fc33.x86_64" @@ -961,10 +961,10 @@ "evra": "8.44-2.fc33.x86_64" }, "pcre2": { - "evra": "10.36-3.fc33.x86_64" + "evra": "10.36-4.fc33.x86_64" }, "pcre2-syntax": { - "evra": "10.36-3.fc33.noarch" + "evra": "10.36-4.fc33.noarch" }, "pigz": { "evra": "2.4-7.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-02-24T19:40:36Z", + "generated": "2021-02-24T21:09:46Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-24T19:26:23Z" + "generated": "2021-02-24T20:21:50Z" }, "fedora-updates": { - "generated": "2021-02-22T00:55:10Z" + "generated": "2021-02-24T20:16:37Z" } } } From 57354ea1d46dc77e152290331b77b6559b1e084d Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 24 Feb 2021 15:18:09 -0500 Subject: [PATCH 094/489] manifest: use DEFAULT_HOSTNAME=localhost systemd in f34 learned to read the default hostname from a `DEFAULT_HOSTNAME` key in `/etc/os-release`. Use that to set the hostname back to `localhost` on f34 so that once we move over we can unpin the systemd build which had this same effect at compilation time. Ideally, this would be part of `fedora-release`, but I'm trying to aim for a better fix where the compiled-in default hostname in Fedora is back to `localhost` and only on the variants where we really want `fedora` would we set `DEFAULT_HOSTNAME=fedora` in `fedora-release`. So for now, let's just do this here. Closes: #649 --- manifest-lock.overrides.aarch64.yaml | 7 +++---- manifest-lock.overrides.ppc64le.yaml | 7 +++---- manifest-lock.overrides.s390x.yaml | 7 +++---- manifest-lock.overrides.x86_64.yaml | 7 +++---- manifests/fedora-coreos-base.yaml | 12 ++++++++++++ 5 files changed, 24 insertions(+), 16 deletions(-) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index c0e218f3fd..beb7a92c43 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -1,8 +1,7 @@ packages: - # Fast-track systemd update that reverts fallback hostname change - # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-739956843 - # This is a one-off build, please don't remove it without talking - # to dustymabe or jlebon. + # Keep this until we move to Fedora 34. + # https://github.com/coreos/fedora-coreos-tracker/issues/649 + # https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 systemd: evra: 246.7-1.fc33.aarch64 systemd-container: diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index 602d9cbe7b..9c65d5bf34 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -1,8 +1,7 @@ packages: - # Fast-track systemd update that reverts fallback hostname change - # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-739956843 - # This is a one-off build, please don't remove it without talking - # to dustymabe or jlebon. + # Keep this until we move to Fedora 34. + # https://github.com/coreos/fedora-coreos-tracker/issues/649 + # https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 systemd: evra: 246.7-1.fc33.ppc64le systemd-container: diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index ea7e5b8c03..a430166e16 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -1,8 +1,7 @@ packages: - # Fast-track systemd update that reverts fallback hostname change - # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-739956843 - # This is a one-off build, please don't remove it without talking - # to dustymabe or jlebon. + # Keep this until we move to Fedora 34. + # https://github.com/coreos/fedora-coreos-tracker/issues/649 + # https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 systemd: evra: 246.7-1.fc33.s390x systemd-container: diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 1f689e9fcd..862b864289 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -1,8 +1,7 @@ packages: - # Fast-track systemd update that reverts fallback hostname change - # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-739956843 - # This is a one-off build, please don't remove it without talking - # to dustymabe or jlebon. + # Keep this until we move to Fedora 34. + # https://github.com/coreos/fedora-coreos-tracker/issues/649 + # https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 systemd: evra: 246.7-1.fc33.x86_64 systemd-container: diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index e6843cbca6..4aab5791a5 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -97,6 +97,18 @@ postprocess: DNSStubListener=no EOF + # Set the fallback hostname to `localhost`. This piggybacks on the + # postprocess script above which neuters systemd-resolved, because + # currently, a fallback hostname of `localhost` + systemd-resolved breaks + # rDNS. Eventually, we should be able to drop this at the same time as we drop + # the above. See: https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 + - | + #!/usr/bin/env bash + source /etc/os-release + if [ ${VERSION_ID} -ge 34 ] && [ -z "${DEFAULT_HOSTNAME:-}" ]; then + echo 'DEFAULT_HOSTNAME=localhost' >> /usr/lib/os-release + fi + # Edit `login.defs` to configure `login(1)` to read from `/run/motd.d` for # displaying the MOTD. This is required for newer versions of # `console-login-helper-messages` to function properly. From 17def375fc92a661ea75dc859940f410c122455e Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 26 Feb 2021 21:36:59 +0000 Subject: [PATCH 095/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 5190c05d7b..3d0a1da484 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -133,10 +133,10 @@ "evra": "1.4.3-1.fc33.x86_64" }, "containernetworking-plugins": { - "evra": "0.9.0-1.fc33.x86_64" + "evra": "0.9.1-2.fc33.x86_64" }, "containers-common": { - "evra": "1:1.2.0-13.fc33.x86_64" + "evra": "4:1-4.fc33.noarch" }, "coreos-installer": { "evra": "0.7.2-1.fc33.x86_64" @@ -979,10 +979,10 @@ "evra": "1.7.3-5.fc33.x86_64" }, "podman": { - "evra": "2:2.2.1-1.fc33.x86_64" + "evra": "2:3.0.1-1.fc33.x86_64" }, "podman-plugins": { - "evra": "2:2.2.1-1.fc33.x86_64" + "evra": "2:3.0.1-1.fc33.x86_64" }, "policycoreutils": { "evra": "3.1-4.fc33.x86_64" @@ -1030,10 +1030,10 @@ "evra": "4.16.1.2-1.fc33.x86_64" }, "rpm-ostree": { - "evra": "2021.1-4.fc33.x86_64" + "evra": "2021.2-2.fc33.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.1-4.fc33.x86_64" + "evra": "2021.2-2.fc33.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.2-1.fc33.x86_64" @@ -1084,7 +1084,7 @@ "evra": "15-8.x86_64" }, "skopeo": { - "evra": "1:1.2.0-13.fc33.x86_64" + "evra": "1:1.2.2-1.fc33.x86_64" }, "slang": { "evra": "2.3.2-8.fc33.x86_64" @@ -1129,7 +1129,7 @@ "evra": "2.4.2-2.fc33.x86_64" }, "stalld": { - "evra": "1.8-1.fc33.x86_64" + "evra": "1.9-1.fc33.x86_64" }, "sudo": { "evra": "1.9.5p2-1.fc33.x86_64" @@ -1177,7 +1177,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2529-1.fc33.x86_64" + "evra": "2:8.2.2541-1.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-02-24T21:09:46Z", + "generated": "2021-02-26T21:07:42Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-24T20:21:50Z" + "generated": "2021-02-24T21:51:44Z" }, "fedora-updates": { - "generated": "2021-02-24T20:16:37Z" + "generated": "2021-02-26T00:31:13Z" } } } From 5998cc19106d0c5f4697ee3f22b44995045f6045 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 27 Feb 2021 21:37:55 +0000 Subject: [PATCH 096/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 3d0a1da484..92319c829e 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -115,16 +115,16 @@ "evra": "2:2.0.26-1.fc33.x86_64" }, "console-login-helper-messages": { - "evra": "0.21.1-1.fc33.noarch" + "evra": "0.21.1-2.fc33.noarch" }, "console-login-helper-messages-issuegen": { - "evra": "0.21.1-1.fc33.noarch" + "evra": "0.21.1-2.fc33.noarch" }, "console-login-helper-messages-motdgen": { - "evra": "0.21.1-1.fc33.noarch" + "evra": "0.21.1-2.fc33.noarch" }, "console-login-helper-messages-profile": { - "evra": "0.21.1-1.fc33.noarch" + "evra": "0.21.1-2.fc33.noarch" }, "container-selinux": { "evra": "2:2.151.0-1.fc33.noarch" @@ -466,13 +466,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.10.17-200.fc33.x86_64" + "evra": "5.10.18-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.10.17-200.fc33.x86_64" + "evra": "5.10.18-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.10.17-200.fc33.x86_64" + "evra": "5.10.18-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.21-4.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-02-26T21:07:42Z", + "generated": "2021-02-27T21:07:55Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-24T21:51:44Z" + "generated": "2021-02-26T21:46:14Z" }, "fedora-updates": { - "generated": "2021-02-26T00:31:13Z" + "generated": "2021-02-26T23:25:24Z" } } } From 72a2e7e5b89746b7ea320ee9da057bd8ccba52e0 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 28 Feb 2021 21:37:17 +0000 Subject: [PATCH 097/489] lockfiles: bump to latest --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 92319c829e..527efa14d0 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -163,7 +163,7 @@ "evra": "3.15-1.fc33.x86_64" }, "crun": { - "evra": "0.17-1.fc33.x86_64" + "evra": "0.18-1.fc33.x86_64" }, "crypto-policies": { "evra": "20200918-1.git85dccc5.fc33.noarch" @@ -334,7 +334,7 @@ "evra": "3.9.4-1.fc33.x86_64" }, "fwupd": { - "evra": "1.5.5-1.fc33.x86_64" + "evra": "1.5.7-1.fc33.x86_64" }, "gawk": { "evra": "5.1.0-2.fc33.x86_64" @@ -658,7 +658,7 @@ "evra": "1.0.1-18.fc33.x86_64" }, "libnfsidmap": { - "evra": "1:2.5.2-1.rc4.fc33.x86_64" + "evra": "1:2.5.3-0.fc33.x86_64" }, "libnftnl": { "evra": "1.1.7-3.fc33.x86_64" @@ -865,7 +865,7 @@ "evra": "2:0.4.0-2.fc33.x86_64" }, "mozjs78": { - "evra": "78.7.0-1.fc33.x86_64" + "evra": "78.8.0-2.fc33.x86_64" }, "mpfr": { "evra": "4.1.0-4.fc33.x86_64" @@ -889,7 +889,7 @@ "evra": "0.52.21-8.fc33.x86_64" }, "nfs-utils-coreos": { - "evra": "1:2.5.2-1.rc4.fc33.x86_64" + "evra": "1:2.5.3-0.fc33.x86_64" }, "nftables": { "evra": "1:0.9.3-8.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-02-27T21:07:55Z", + "generated": "2021-02-28T21:07:45Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-26T21:46:14Z" + "generated": "2021-02-27T21:45:10Z" }, "fedora-updates": { - "generated": "2021-02-26T23:25:24Z" + "generated": "2021-02-28T17:09:53Z" } } } From 291b2de9042b68cf7d017a89f5e7c0a39f78d4b4 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 1 Mar 2021 22:23:11 +0000 Subject: [PATCH 098/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/147/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 527efa14d0..462299f5df 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -466,13 +466,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.10.18-200.fc33.x86_64" + "evra": "5.10.19-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.10.18-200.fc33.x86_64" + "evra": "5.10.19-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.10.18-200.fc33.x86_64" + "evra": "5.10.19-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.21-4.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-02-28T21:07:45Z", + "generated": "2021-03-01T21:44:06Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-27T21:45:10Z" + "generated": "2021-02-28T21:46:23Z" }, "fedora-updates": { - "generated": "2021-02-28T17:09:53Z" + "generated": "2021-03-01T16:45:38Z" } } } From 60a8970b0b5f7024f56c04e4ade326d58ceeba9f Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 3 Mar 2021 21:42:49 +0000 Subject: [PATCH 099/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/150/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 462299f5df..b31af8e166 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -223,7 +223,7 @@ "evra": "3.7-7.fc33.x86_64" }, "dnsmasq": { - "evra": "2.83-1.fc33.x86_64" + "evra": "2.84-1.fc33.x86_64" }, "dosfstools": { "evra": "4.1-12.fc33.x86_64" @@ -403,7 +403,7 @@ "evra": "3.23-3.fc33.x86_64" }, "hwdata": { - "evra": "0.344-1.fc33.noarch" + "evra": "0.345-1.fc33.noarch" }, "ignition": { "evra": "2.9.0-4.fc33.x86_64" @@ -1177,7 +1177,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2541-1.fc33.x86_64" + "evra": "2:8.2.2559-1.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-03-01T21:44:06Z", + "generated": "2021-03-03T21:08:30Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-02-28T21:46:23Z" + "generated": "2021-03-02T22:46:07Z" }, "fedora-updates": { - "generated": "2021-03-01T16:45:38Z" + "generated": "2021-03-02T15:25:06Z" } } } From 2fcf25092ed76ca0214ddca8d2cbb0751da7813f Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 3 Mar 2021 15:28:00 -0500 Subject: [PATCH 100/489] transposefs: error out cleanly if less than 1G of RAM available I commonly do `cosa run` to test something related to rootfs reprovisioning and forget to allocate more RAM. The failure mode is a massive spam of "Input/output error" messages from `cp` unable to copy more files into RAM (and there doesn't seem to be a way to have it fail on first error; yet another reason we should rewrite this into !shell). Instead, just sanity-check that we have at least 1G of RAM and error out with a nice and clear message if not. --- .../40ignition-ostree/ignition-ostree-transposefs.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh index fcfddfceda..42043ad6e8 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh @@ -100,6 +100,16 @@ case "${1:-}" in echo "Found duplicate or missing ESP, BIOS-BOOT, or PReP labels in config" >&2 exit 1 fi + mem_available=$(grep MemAvailable /proc/meminfo | awk '{print $2}') + # Just error out early if we don't even have 1G to work with. This + # commonly happens if you `cosa run` but forget to add `--memory`. That + # way you get a nicer error instead of the spew of EIO errors from `cp`. + # The amount we need is really dependent on a bunch of factors, but just + # ballpark it at 3G. + if [ "${mem_available}" -lt $((1*1024*1024)) ] && [ "${wipes_root}" != 0 ]; then + echo "Root reprovisioning requires at least 3G of RAM" >&2 + exit 1 + fi modprobe zram num_devices=0 read dev < /sys/class/zram-control/hot_add # disksize is set arbitrarily large, as zram is capped by mem_limit @@ -107,7 +117,7 @@ case "${1:-}" in # Limit zram to 90% of available RAM: we want to be greedy since the # boot breaks anyway, but we still want to leave room for everything # else so it hits ENOSPC and doesn't invoke the OOM killer - echo $(( $(grep MemAvailable /proc/meminfo | awk '{print $2}') * 90 / 100 ))K > /sys/block/zram"${dev}"/mem_limit + echo $(( mem_available * 90 / 100 ))K > /sys/block/zram"${dev}"/mem_limit mkfs.xfs -q /dev/zram"${dev}" mkdir "${saved_data}" mount /dev/zram"${dev}" "${saved_data}" From b6dcb8a203d8604b4a27ceb902efc3e24577f848 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 4 Mar 2021 21:42:25 +0000 Subject: [PATCH 101/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/151/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index b31af8e166..cbf411d7aa 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -49,16 +49,16 @@ "evra": "1:2.8-9.fc33.noarch" }, "bind-libs": { - "evra": "32:9.11.27-1.fc33.x86_64" + "evra": "32:9.11.28-1.fc33.x86_64" }, "bind-libs-lite": { - "evra": "32:9.11.27-1.fc33.x86_64" + "evra": "32:9.11.28-1.fc33.x86_64" }, "bind-license": { - "evra": "32:9.11.27-1.fc33.noarch" + "evra": "32:9.11.28-1.fc33.noarch" }, "bind-utils": { - "evra": "32:9.11.27-1.fc33.x86_64" + "evra": "32:9.11.28-1.fc33.x86_64" }, "bootupd": { "evra": "0.2.4-2.fc33.x86_64" @@ -1060,10 +1060,10 @@ "evra": "4.8-5.fc33.x86_64" }, "selinux-policy": { - "evra": "3.14.6-34.fc33.noarch" + "evra": "3.14.6-35.fc33.noarch" }, "selinux-policy-targeted": { - "evra": "3.14.6-34.fc33.noarch" + "evra": "3.14.6-35.fc33.noarch" }, "setup": { "evra": "2.13.7-2.fc33.noarch" @@ -1159,7 +1159,7 @@ "evra": "1.31-2.fc33.x86_64" }, "toolbox": { - "evra": "0.0.99-1.fc33.x86_64" + "evra": "0.0.99.1-1.fc33.x86_64" }, "tpm2-tools": { "evra": "4.3.0-1.fc33.x86_64" @@ -1183,7 +1183,7 @@ "evra": "2.21-20.fc33.x86_64" }, "wireguard-tools": { - "evra": "1.0.20200827-2.fc33.x86_64" + "evra": "1.0.20210223-1.fc33.x86_64" }, "xfsprogs": { "evra": "5.7.0-1.fc33.x86_64" @@ -1211,7 +1211,7 @@ } }, "metadata": { - "generated": "2021-03-03T21:08:30Z", + "generated": "2021-03-04T21:08:45Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1220,7 +1220,7 @@ "generated": "2021-03-02T22:46:07Z" }, "fedora-updates": { - "generated": "2021-03-02T15:25:06Z" + "generated": "2021-03-04T19:57:48Z" } } } From ac8bb93dbc833ae27f46b24397bf64837c759dae Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Wed, 3 Mar 2021 18:02:04 -0500 Subject: [PATCH 102/489] manifests: improve ability to share downstream This introduces two new categories of packages which exist in both the FCOS and RHCOS manifests. The `system-configuration` manifest includes packages related to configuration and management of the system itself. Think storage, NTP, users/groups, etc. The `user-experience` manifest includes packages that will generally make a users time on the system more pleasant. Think commonly used Linux utilities, container tooling, remote access, etc. The goal of this change is to improve the ability to share these manifests with RHCOS and reduce the duplication of packages in the FCOS and RHCOS manifests. --- manifests/fedora-coreos-base.yaml | 44 ++++------------------------- manifests/system-configuration.yaml | 37 ++++++++++++++++++++++++ manifests/user-experience.yaml | 36 +++++++++++++++++++++++ 3 files changed, 79 insertions(+), 38 deletions(-) create mode 100644 manifests/system-configuration.yaml create mode 100644 manifests/user-experience.yaml diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 4aab5791a5..55da9e082e 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -6,6 +6,8 @@ include: - ignition-and-ostree.yaml - file-transfer.yaml - networking-tools.yaml + - system-configuration.yaml + - user-experience.yaml initramfs-args: - --no-hostonly @@ -125,23 +127,17 @@ postprocess: packages: # Security - - selinux-policy-targeted - polkit # System setup - - afterburn - afterburn-dracut - - passwd - # Dependency of 35coreos-live dracut module - - bsdtar # SSH - - openssh-server openssh-clients - ssh-key-dir # Containers - - podman skopeo runc systemd-container catatonit + - systemd-container catatonit - fuse-overlayfs slirp4netns # name resolution for podman containers # https://github.com/coreos/fedora-coreos-tracker/issues/519 - - podman-plugins dnsmasq + - podman-plugins # Remote IPC for podman - libvarlink-util # Minimal NFS client @@ -154,34 +150,17 @@ packages: # WireGuard https://github.com/coreos/fedora-coreos-tracker/issues/362 - wireguard-tools # Storage - - cloud-utils-growpart - - lvm2 iscsi-initiator-utils sg3_utils - - device-mapper-multipath - - xfsprogs e2fsprogs btrfs-progs mdadm - - cryptsetup - - cifs-utils + - btrfs-progs - WALinuxAgent-udev - # Time sync - - chrony # Allow communication between sudo and SSSD # for caching sudo rules by SSSD. # https://github.com/coreos/fedora-coreos-tracker/issues/445 - libsss_sudo - # Extra runtime - - shadow-utils # SSSD; we only ship a subset of the backends - sssd-client sssd-ad sssd-ipa sssd-krb5 sssd-ldap - # There are things that write outside of the journal still (such as the classic wtmp, etc.) - # (auditd also writes outside the journal but it has its own log rotation.) - # Anything package layered will also tend to expect files dropped in - # /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't - # have it then people's disks will slowly fill up with logs. - - logrotate # Used by admins interactively - - sudo coreutils attr less tar xz gzip bzip2 - - bash-completion + - attr - openssl - - vim-minimal - lsof # Provides terminal tools like clear, reset, tput, and tset - ncurses @@ -189,25 +168,14 @@ packages: # so we can't put it in file-transfer.yaml - fuse-sshfs # User experience - - console-login-helper-messages-issuegen - console-login-helper-messages-motdgen - - console-login-helper-messages-profile - - toolbox - # CoreOS Installer - - coreos-installer coreos-installer-bootinfra # i18n - kbd - # Parsing/Interacting with JSON data - - jq # nvme-cli for managing nvme disks - nvme-cli # zram-generator (but not zram-generator-defaults) for F33 change # https://github.com/coreos/fedora-coreos-tracker/issues/509 - zram-generator - # kdump (https://github.com/coreos/fedora-coreos-tracker/issues/622) - - kexec-tools - # Similar to irqbalance: https://github.com/coreos/fedora-coreos-tracker/issues/753 - - stalld # This thing is crying out to be pulled into systemd, but that hasn't happened # yet. Also we may want to add to rpm-ostree something like arch negation; diff --git a/manifests/system-configuration.yaml b/manifests/system-configuration.yaml new file mode 100644 index 0000000000..e5a0c3c7d5 --- /dev/null +++ b/manifests/system-configuration.yaml @@ -0,0 +1,37 @@ +# These are packages that are related to configuring parts of the system. +# It is intended to be kept generic so that it may be shared downstream with +# RHCOS. + +packages: + # Configuring SSH keys, cloud provider check-in, etc + - afterburn + # NTP support + - chrony + # Installing CoreOS itself + - coreos-installer coreos-installer-bootinfra + # Storage configuration/management + - cifs-utils + - cloud-utils-growpart + - cryptsetup + - device-mapper-multipath + - e2fsprogs + - iscsi-initiator-utils + - lvm2 + - mdadm + - sg3_utils + - xfsprogs + # User configuration + - passwd + - shadow-utils + # SELinux policy + - selinux-policy-targeted + # There are things that write outside of the journal still (such as the + # classic wtmp, etc.) + #(auditd also writes outside the journal but it has its own log rotation.) + # Anything package layered will also tend to expect files dropped in + # /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't + # have it then people's disks will slowly fill up with logs. + - logrotate + # Boost starving threads + # https://github.com/coreos/fedora-coreos-tracker/issues/753 + - stalld diff --git a/manifests/user-experience.yaml b/manifests/user-experience.yaml new file mode 100644 index 0000000000..60ce67d593 --- /dev/null +++ b/manifests/user-experience.yaml @@ -0,0 +1,36 @@ +# These packages are either widely used utilities/services or +# are targeted for improving the general CoreOS user experience. +# It is intended to be kept generic so that it may be shared downstream with +# RHCOS. + +packages: + # Basic user tools + ## jq - parsing/interacting with JSON data + - bash-completion + - coreutils + - jq + - less + - sudo + - vim-minimal + # File compression/decompression + ## (bsdtar - dependency of 35coreos-live dracut module) + - bsdtar + - bzip2 + - gzip + - tar + - xz + # Improved MOTD experience + - console-login-helper-messages-issuegen + - console-login-helper-messages-profile + # DNS/DHCP server + - dnsmasq + # kdump support + # https://github.com/coreos/fedora-coreos-tracker/issues/622 + - kexec-tools + # Remote Access + - openssh-clients openssh-server + # Container tooling + - podman + - runc + - skopeo + - toolbox From e682e95d57431196c86dc028d899014f0b9fc450 Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Thu, 4 Mar 2021 11:05:35 -0500 Subject: [PATCH 103/489] README: add blurb about interacting with CI jobs I keep forgetting how to interact with failed CI jobs, so I documented now to do so. --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index c93b82a7b2..6ae62cc33d 100644 --- a/README.md +++ b/README.md @@ -149,3 +149,16 @@ done # After verifying the list looks good: # - koji untag-build coreos-pool $untaglist ``` + +## Interacting with CI jobs on PRs + +Pull requests submitted to this repo will run through a CI job that builds +and tests Fedora CoreOS with your change. The CI jobs are run via Jenkins +in the [CentOS CI cluster](https://jenkins-coreos-ci.apps.ocp.ci.centos.org/) and +can be retried in case of a failure. + +In order to retry the failed job, click through to the details of the failed job +and use the retry "loopy icon" at the top right of the job page. You will need +to be logged into the CentOS CI cluster for this ability. See the instructions +on the [fedora-coreos-pipeline](https://github.com/coreos/fedora-coreos-pipeline) +repo on how to request access to the CentOS CI cluster. \ No newline at end of file From 0899d3cad15204b0197c8aed8e77161ce9271905 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 11 Feb 2021 16:13:05 -0500 Subject: [PATCH 104/489] overlay: add warning if rootfs < 8G We've recently had our first case of a "trapped" rootfs running out of space for upgrades: https://github.com/coreos/fedora-coreos-tracker/issues/731 Until we actually implement stronger behaviour for this, let's explicitly check for this case and emit a warning if we detect it. In the future, we'll look at making this a hard error by default (with an escape hatch). For more information, see: https://github.com/coreos/fedora-coreos-tracker/issues/586#issuecomment-777220000 --- .../coreos-check-rootfs-size | 37 +++++++++++++++++++ .../ignition-ostree-check-rootfs-size.service | 13 +++++++ .../40ignition-ostree/module-setup.sh | 4 ++ 3 files changed, 54 insertions(+) create mode 100755 overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size new file mode 100755 index 0000000000..2c320bed93 --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size @@ -0,0 +1,37 @@ +#!/bin/bash +set -euo pipefail + +# See also ignition-ostree-check-rootfs-size.service +# https://github.com/coreos/fedora-coreos-tracker/issues/586#issuecomment-777220000 + +srcdev=$(findmnt -nvr -o SOURCE /sysroot | tail -n1) +size=$(lsblk --nodeps --noheadings --bytes -o SIZE "${srcdev}") + +MINIMUM_GB=8 +MINIMUM_BYTES=$((1024 * 1024 * 1024 * MINIMUM_GB)) + +MOTD_DROPIN=/etc/motd.d/60-coreos-rootfs-size.motd + +YELLOW=$(echo -e '\033[0;33m') +RESET=$(echo -e '\033[0m') + +if [ "${size}" -lt "${MINIMUM_BYTES}" ]; then + mkdir -p "/sysroot/$(dirname "${MOTD_DROPIN}")" + cat > "/sysroot/${MOTD_DROPIN}" < Date: Thu, 4 Mar 2021 22:12:29 +0000 Subject: [PATCH 105/489] manifest: Block plymouth For (datacenter/cloud oriented) servers, we want to see the details by default. https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/ --- manifests/fedora-coreos.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/fedora-coreos.yaml b/manifests/fedora-coreos.yaml index 1d43b2873f..3da75faf8f 100644 --- a/manifests/fedora-coreos.yaml +++ b/manifests/fedora-coreos.yaml @@ -96,6 +96,9 @@ exclude-packages: # Let's make sure initscripts doesn't get pulled back in # https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254 - initscripts + # For (datacenter/cloud oriented) servers, we want to see the details by default. + # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/ + - plymouth # And remove some cruft from grub2 arch-include: From 2aafa70b5650efc92ace1e3756ea63fcd90fedfe Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 5 Mar 2021 10:33:01 -0500 Subject: [PATCH 106/489] README.md: Link to CoreOS CI docs There's already a bunch of info in the docs there. Let's enhance that if needed, and just link to it from projects. --- README.md | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 6ae62cc33d..23e4f8426d 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ To derive from this repository, the recommendation is to add it as a git submodule. Then create your own `manifest.yaml` which does `include: fedora-coreos-config/ignition-and-ostree.yaml` for example. You will also want to create an `overlay.d` and symlink in components -in this repository's `overlay.d. +in this repository's `overlay.d`. ## Overriding packages @@ -150,15 +150,9 @@ done # - koji untag-build coreos-pool $untaglist ``` -## Interacting with CI jobs on PRs +## CoreOS CI -Pull requests submitted to this repo will run through a CI job that builds -and tests Fedora CoreOS with your change. The CI jobs are run via Jenkins -in the [CentOS CI cluster](https://jenkins-coreos-ci.apps.ocp.ci.centos.org/) and -can be retried in case of a failure. - -In order to retry the failed job, click through to the details of the failed job -and use the retry "loopy icon" at the top right of the job page. You will need -to be logged into the CentOS CI cluster for this ability. See the instructions -on the [fedora-coreos-pipeline](https://github.com/coreos/fedora-coreos-pipeline) -repo on how to request access to the CentOS CI cluster. \ No newline at end of file +Pull requests submitted to this repo are tested by +[CoreOS CI](https://github.com/coreos/coreos-ci). You can see the pipeline +executed in `.cci.jenkinsfile`. For more information, including interacting with +CI, see the [CoreOS CI documentation](https://github.com/coreos/coreos-ci/blob/master/README-upstream-ci.md). From 30df661b7c313773a689025defe18b42a51386fd Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 6 Mar 2021 21:41:57 +0000 Subject: [PATCH 107/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/153/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index cbf411d7aa..8acb56026a 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -694,7 +694,7 @@ "evra": "0.1.5-46.fc33.x86_64" }, "librepo": { - "evra": "1.12.1-1.fc33.x86_64" + "evra": "1.13.0-1.fc33.x86_64" }, "libreport-filesystem": { "evra": "2.14.0-15.fc33.noarch" @@ -925,10 +925,10 @@ "evra": "8.4p1-5.fc33.x86_64" }, "openssl": { - "evra": "1:1.1.1i-3.fc33.x86_64" + "evra": "1:1.1.1j-1.fc33.x86_64" }, "openssl-libs": { - "evra": "1:1.1.1i-3.fc33.x86_64" + "evra": "1:1.1.1j-1.fc33.x86_64" }, "os-prober": { "evra": "1.77-6.fc33.x86_64" @@ -1201,7 +1201,7 @@ "evra": "1.1.9-1.fc33.x86_64" }, "zincati": { - "evra": "0.0.17-1.fc33.x86_64" + "evra": "0.0.18-1.fc33.x86_64" }, "zlib": { "evra": "1.2.11-23.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-03-04T21:08:45Z", + "generated": "2021-03-06T21:07:40Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-03-02T22:46:07Z" + "generated": "2021-03-04T21:50:19Z" }, "fedora-updates": { - "generated": "2021-03-04T19:57:48Z" + "generated": "2021-03-05T18:50:33Z" } } } From 8dbd6fa4878ec0b9a07bc035d05df0ed5bc39997 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 7 Mar 2021 21:50:29 +0000 Subject: [PATCH 108/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/154/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 8acb56026a..12f23a0ebb 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -814,7 +814,7 @@ "evra": "0.2.5-3.fc33.x86_64" }, "libzstd": { - "evra": "1.4.7-1.fc33.x86_64" + "evra": "1.4.9-1.fc33.x86_64" }, "linux-atm-libs": { "evra": "2.5.1-27.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-03-06T21:07:40Z", + "generated": "2021-03-07T21:14:47Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-03-04T21:50:19Z" + "generated": "2021-03-06T21:51:24Z" }, "fedora-updates": { - "generated": "2021-03-05T18:50:33Z" + "generated": "2021-03-07T16:28:23Z" } } } From ad5eb32f8bde4d09bfc4320166ed5a23953d4d33 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 9 Mar 2021 10:42:18 -0500 Subject: [PATCH 109/489] overlay: temporarily ship `seq` in initrd Previously we pinned clevis to v15 in order to work around https://github.com/latchset/clevis/pull/295. But overrides are not set up in the tagger for mechanical streams, so we can't easily pin in `branched` and `rawhide`. Let's just unpin and temporarily ship `seq` ourselves to work around this. Put that temporary hack in `40ignition-ostree` since that's the closest module conceptually to clevis. --- manifest-lock.overrides.aarch64.yaml | 10 ---------- manifest-lock.overrides.ppc64le.yaml | 10 ---------- manifest-lock.overrides.s390x.yaml | 10 ---------- manifest-lock.overrides.x86_64.yaml | 10 ---------- .../dracut/modules.d/40ignition-ostree/module-setup.sh | 3 +++ 5 files changed, 3 insertions(+), 40 deletions(-) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index beb7a92c43..c95c72ed56 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -14,13 +14,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.aarch64 - # Pin to previous version until we have - # https://github.com/latchset/clevis/pull/295 - clevis: - evra: 15-2.fc33.aarch64 - clevis-dracut: - evra: 15-2.fc33.aarch64 - clevis-luks: - evra: 15-2.fc33.aarch64 - clevis-systemd: - evra: 15-2.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index 9c65d5bf34..f979aca40e 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -14,13 +14,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.ppc64le - # Pin to previous version until we have - # https://github.com/latchset/clevis/pull/295 - clevis: - evra: 15-2.fc33.ppc64le - clevis-dracut: - evra: 15-2.fc33.ppc64le - clevis-luks: - evra: 15-2.fc33.ppc64le - clevis-systemd: - evra: 15-2.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index a430166e16..c65f06c8b9 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -14,13 +14,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.s390x - # Pin to previous version until we have - # https://github.com/latchset/clevis/pull/295 - clevis: - evra: 15-2.fc33.s390x - clevis-dracut: - evra: 15-2.fc33.s390x - clevis-luks: - evra: 15-2.fc33.s390x - clevis-systemd: - evra: 15-2.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 862b864289..8b0c5346d2 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -14,13 +14,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.x86_64 - # Pin to previous version until we have - # https://github.com/latchset/clevis/pull/295 - clevis: - evra: 15-2.fc33.x86_64 - clevis-dracut: - evra: 15-2.fc33.x86_64 - clevis-luks: - evra: 15-2.fc33.x86_64 - clevis-systemd: - evra: 15-2.fc33.x86_64 diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh index 5a52cda3d7..d2d61e1d0a 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh @@ -59,6 +59,9 @@ install() { sgdisk \ find + # TODO f34: check if we can drop this temporary workaround for https://github.com/latchset/clevis/pull/295 + inst_multiple seq + for x in mount populate; do install_ignition_unit ignition-ostree-${x}-var.service inst_script "$moddir/ignition-ostree-${x}-var.sh" "/usr/sbin/ignition-ostree-${x}-var" From cdcb78f3ad71b2df773cac97dc977d01be744e21 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 4 Mar 2021 16:42:48 -0500 Subject: [PATCH 110/489] overlay: nuke obsolete coreos-growpart.service preset That service no longer runs in the real root. The preset should've been removed as part of the move to the initramfs way back when. --- overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset index fede7828b9..9299d17f89 100644 --- a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset +++ b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset @@ -1,5 +1,5 @@ # Presets here that eventually should live in the generic fedora presets -enable coreos-growpart.service + # console-login-helper-messages - https://github.com/coreos/console-login-helper-messages enable console-login-helper-messages-gensnippet-os-release.service enable console-login-helper-messages-gensnippet-ssh-keys.service From eaca26086e63b53d21e68f9d6b07ce98835409f8 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 4 Mar 2021 16:35:51 -0500 Subject: [PATCH 111/489] overlay: rename coreos-growpart to ignition-ostree-growfs Now that coreos-growpart is only in the initramfs, its scope is essentially reduced to handling the `/sysroot`. Let's formalize this by renaming the script to match the service which calls it and dropping support for passing the target path as an argument. Also freshen up the comments at the top of the file. --- .../ignition-ostree-growfs.service | 2 +- ...eos-growpart => ignition-ostree-growfs.sh} | 20 +++++++++---------- .../40ignition-ostree/module-setup.sh | 5 +++-- .../root-reprovision/filesystem-only/test.sh | 4 ++-- tests/kola/root-reprovision/luks/test.sh | 6 +++--- tests/kola/root-reprovision/raid1/test.sh | 6 +++--- 6 files changed, 22 insertions(+), 21 deletions(-) rename overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/{coreos-growpart => ignition-ostree-growfs.sh} (83%) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service index 0dc4cf7950..63e4106160 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service @@ -15,5 +15,5 @@ Before=ostree-prepare-root.service [Service] Type=oneshot -ExecStart=/usr/libexec/coreos-growpart /sysroot +ExecStart=/usr/sbin/ignition-ostree-growfs RemainAfterExit=yes diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-growpart b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh similarity index 83% rename from overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-growpart rename to overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh index 224bb3e974..e7f488360a 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-growpart +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh @@ -1,23 +1,23 @@ #!/bin/bash set -euo pipefail -# See also ignition-ostree-growfs.service. - -# https://github.com/coreos/fedora-coreos-tracker/issues/18 -# See also image.ks. -# Growpart /, until we can fix Ignition for separate /var -# (And eventually we want ignition-disks) +# This script is run by ignition-ostree-growfs.service. It grows the root +# partition, unless it determines that either the rootfs was moved or the +# partition was already resized (e.g. via Ignition). +# If root reprovisioning was triggered, this file contains state of the root +# partition *before* ignition-disks. saved_partstate=/run/ignition-ostree-rootfs-partstate.json -path=$1 -shift +# We run after the rootfs is mounted at /sysroot, but before ostree-prepare-root +# moves it to /sysroot/sysroot. +path=/sysroot # The use of tail is to avoid errors from duplicate mounts; # this shouldn't happen for us but we're being conservative. src=$(findmnt -nvr -o SOURCE "$path" | tail -n1) -if [ "${path}" == /sysroot ] && [ -f "${saved_partstate}" ]; then +if [ -f "${saved_partstate}" ]; then # We're still ironing out our rootfs automatic growpart story, see e.g.: # https://github.com/coreos/fedora-coreos-tracker/issues/570 # https://github.com/coreos/fedora-coreos-tracker/issues/586 @@ -76,4 +76,4 @@ case "${TYPE}" in esac # this is useful for tests -touch /run/coreos-growpart.stamp +touch /run/ignition-ostree-growfs.stamp diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh index d2d61e1d0a..94610d3b6c 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh @@ -25,7 +25,7 @@ install() { sort \ uniq - # coreos-growpart deps + # ignition-ostree-growfs deps inst_multiple \ basename \ blkid \ @@ -90,7 +90,8 @@ install() { "/usr/sbin/coreos-rootflags" install_ignition_unit ignition-ostree-growfs.service - inst_script "$moddir/coreos-growpart" /usr/libexec/coreos-growpart + inst_script "$moddir/ignition-ostree-growfs.sh" \ + /usr/sbin/ignition-ostree-growfs install_ignition_unit ignition-ostree-check-rootfs-size.service inst_script "$moddir/coreos-check-rootfs-size" \ diff --git a/tests/kola/root-reprovision/filesystem-only/test.sh b/tests/kola/root-reprovision/filesystem-only/test.sh index 10b2faf8b8..13e671a9e7 100755 --- a/tests/kola/root-reprovision/filesystem-only/test.sh +++ b/tests/kola/root-reprovision/filesystem-only/test.sh @@ -8,8 +8,8 @@ fstype=$(findmnt -nvr / -o FSTYPE) case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") # check that the partition was grown - if [ ! -e /run/coreos-growpart.stamp ]; then - echo "coreos-growpart did not run" + if [ ! -e /run/ignition-ostree-growfs.stamp ]; then + echo "ignition-ostree-growfs did not run" exit 1 fi diff --git a/tests/kola/root-reprovision/luks/test.sh b/tests/kola/root-reprovision/luks/test.sh index ae357437bb..2594f935a1 100755 --- a/tests/kola/root-reprovision/luks/test.sh +++ b/tests/kola/root-reprovision/luks/test.sh @@ -13,9 +13,9 @@ fstype=$(findmnt -nvr / -o FSTYPE) case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") - # check that growpart didn't run - if [ -e /run/coreos-growpart.stamp ]; then - echo "coreos-growpart ran" + # check that ignition-ostree-growfs ran + if [ -e /run/ignition-ostree-growfs.stamp ]; then + echo "ignition-ostree-growfs ran" exit 1 fi diff --git a/tests/kola/root-reprovision/raid1/test.sh b/tests/kola/root-reprovision/raid1/test.sh index 7ecc340e60..b00c72ed89 100755 --- a/tests/kola/root-reprovision/raid1/test.sh +++ b/tests/kola/root-reprovision/raid1/test.sh @@ -13,9 +13,9 @@ fstype=$(findmnt -nvr / -o FSTYPE) case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") - # check that growpart didn't run - if [ -e /run/coreos-growpart.stamp ]; then - echo "coreos-growpart ran" + # check that ignition-ostree-growfs didn't run + if [ -e /run/ignition-ostree-growfs.stamp ]; then + echo "ignition-ostree-growfs ran" exit 1 fi From 544085a8a798e8814f03f61e5d20614652722c0d Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 4 Mar 2021 16:48:22 -0500 Subject: [PATCH 112/489] overlay/growfs: rename variable There's lots of `eval`s going on here. Let's copy the rootfs format name to a dedicated variable instead of re-using the same `eval`'ed name. --- .../40ignition-ostree/ignition-ostree-growfs.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh index e7f488360a..2a301edf64 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh @@ -40,12 +40,13 @@ fi # from the previous contents of the disk (notably ZFS), causing blkid to # refuse to return any filesystem type at all. eval $(blkid -o export "${src}") -case "${TYPE:-}" in +ROOTFS_TYPE=${TYPE:-} +case "${ROOTFS_TYPE}" in xfs|ext4|btrfs) ;; - *) echo "error: Unsupported filesystem for ${path}: '${TYPE:-}'" 1>&2; exit 1 ;; + *) echo "error: Unsupported filesystem for ${path}: '${ROOTFS_TYPE}'" 1>&2; exit 1 ;; esac -if test "${TYPE:-}" = "btrfs"; then +if test "${ROOTFS_TYPE}" = "btrfs"; then # Theoretically btrfs can have multiple devices, but when # we start we will always have exactly one. devpath=$(btrfs device usage /sysroot | grep /dev | cut -f 1 -d ,) @@ -65,11 +66,11 @@ growpart "${parent_device}" "${partition}" || true # Wipe any filesystem signatures from the extended partition that don't # correspond to the FS type we detected earlier. -wipefs -af -t "no${TYPE}" "${src}" +wipefs -af -t "no${ROOTFS_TYPE}" "${src}" # TODO: Add XFS to https://github.com/systemd/systemd/blob/master/src/partition/growfs.c # and use it instead. -case "${TYPE}" in +case "${ROOTFS_TYPE}" in xfs) xfs_growfs "${path}" ;; ext4) resize2fs "${src}" ;; btrfs) btrfs filesystem resize max ${path} ;; From f12a5132ebe169ad643dab5b7fe028889c77a386 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 9 Mar 2021 11:11:46 -0500 Subject: [PATCH 113/489] kola-denylist.yaml: add ext.config.podman.rootless-systemd This test is currently failing on f34+ due to a regression in buildah: https://github.com/containers/buildah/issues/3071 --- kola-denylist.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kola-denylist.yaml b/kola-denylist.yaml index cf3a3d8c88..5c0edff573 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -5,3 +5,8 @@ tracker: https://github.com/coreos/coreos-assembler/pull/1478 - pattern: podman.workflow tracker: https://github.com/coreos/coreos-assembler/pull/1478 +- pattern: ext.config.podman.rootless-systemd + tracker: https://github.com/containers/buildah/issues/3071 + streams: + - branched + - rawhide From 43437b494db35b764c89ff65130f32f505a4f7c9 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 4 Mar 2021 16:46:58 -0500 Subject: [PATCH 114/489] overlay/growfs: fix in-place root reprovisioning detection The semantic we want to capture for auto-growing the rootfs is that we want it to kick in as long as either no rootfs reprovisioning happened, or it was in-place (i.e. reused the same partition). We detected this by checking that the block device (i.e. partition) backing the rootfs and its size didn't change. But this breaks with in-place LUKS reprovisioning because the immediate block device does change (to the LUKS container), even though it's ultimately still backed by the same untouched partition. Fix this by (1) verifying that the rootfs is still ultimately backed by the same partition, and (2) that partition has not been resized. This doesn't actually add support for growing LUKS containers yet, but it's prep for that. --- .../ignition-ostree-growfs.sh | 74 +++++++++++-------- .../ignition-ostree-transposefs.sh | 4 +- 2 files changed, 44 insertions(+), 34 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh index 2a301edf64..64bae7ea26 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh @@ -7,7 +7,7 @@ set -euo pipefail # If root reprovisioning was triggered, this file contains state of the root # partition *before* ignition-disks. -saved_partstate=/run/ignition-ostree-rootfs-partstate.json +saved_partstate=/run/ignition-ostree-rootfs-partstate.sh # We run after the rootfs is mounted at /sysroot, but before ostree-prepare-root # moves it to /sysroot/sysroot. @@ -17,24 +17,37 @@ path=/sysroot # this shouldn't happen for us but we're being conservative. src=$(findmnt -nvr -o SOURCE "$path" | tail -n1) -if [ -f "${saved_partstate}" ]; then - # We're still ironing out our rootfs automatic growpart story, see e.g.: - # https://github.com/coreos/fedora-coreos-tracker/issues/570 - # https://github.com/coreos/fedora-coreos-tracker/issues/586 - # - # In the context of rootfs reprovisioning, for now our rule is the - # following: if the rootfs partition was moved off of the boot disk or it - # was resized, then we don't growpart. - # - # To detect this, we compare the output of `lsblk --paths -o NAME,SIZE` - # before and after `ignition-disks.service`. - partstate=$(lsblk "${src}" --nodeps --paths --json -b -o NAME,SIZE | jq -c .) - if [ "${partstate}" != "$(cat "${saved_partstate}")" ]; then - echo "coreos-growpart: detected rootfs partition changes; not auto-growing" +if [ ! -f "${saved_partstate}" ]; then + partition=$(realpath /dev/disk/by-label/root) +else + # The rootfs was reprovisioned. Our rule in this case is: we only grow if + # the partition backing the rootfs is the same and its size didn't change + # (IOW, it was an in-place reprovisioning; e.g. xfs -> btrfs). + source "${saved_partstate}" + if [ "${TYPE}" != "part" ]; then + # this really should never happen; but play nice + echo "$0: original rootfs blockdev not of type 'part'; not auto-growing" + exit 0 + fi + partition=$(realpath "${NAME}") + if [ "${SIZE}" != "$(lsblk --nodeps -bno SIZE "${partition}")" ]; then + echo "$0: original root partition changed size; not auto-growing" + exit 0 + fi + if ! lsblk -no MOUNTPOINT "${partition}" | grep -q '^/sysroot$'; then + echo "$0: original root partition no longer backing rootfs; not auto-growing" exit 0 fi fi +# Go through each blockdev in the hierarchy and verify we know how to grow them +lsblk -no TYPE "${partition}" | while read dev; do + case "${dev}" in + part) ;; + *) echo "error: Unsupported blockdev type ${dev}" 1>&2; exit 1 ;; + esac +done + # Get the filesystem type before extending the partition. This matters # because the partition, once extended, might include leftover superblocks # from the previous contents of the disk (notably ZFS), causing blkid to @@ -46,23 +59,20 @@ case "${ROOTFS_TYPE}" in *) echo "error: Unsupported filesystem for ${path}: '${ROOTFS_TYPE}'" 1>&2; exit 1 ;; esac -if test "${ROOTFS_TYPE}" = "btrfs"; then - # Theoretically btrfs can have multiple devices, but when - # we start we will always have exactly one. - devpath=$(btrfs device usage /sysroot | grep /dev | cut -f 1 -d ,) - devpath=$(realpath /sys/class/block/${devpath#/dev/}) -else - # Handle traditional disk/partitions - majmin=$(findmnt -nvr -o MAJ:MIN "$path" | tail -n1) - devpath=$(realpath "/sys/dev/block/$majmin") -fi -partition="${partition:-$(cat "$devpath/partition")}" -parent_path=$(dirname "$devpath") -parent_device=/dev/$(basename "${parent_path}") - -# TODO: make this idempotent, and don't error out if -# we can't resize. -growpart "${parent_device}" "${partition}" || true +# Now, go through the hierarchy, growing everything +lsblk --paths --pairs -o NAME,TYPE,PKNAME "${partition}" | while read line; do + eval "${line}" + case "${TYPE}" in + part) + majmin=$(echo $(lsblk -dno MAJ:MIN "${NAME}")) + partnum=$(cat "/sys/dev/block/${majmin}/partition") + # XXX: ideally this'd be idempotent and we wouldn't `|| :` + growpart "${PKNAME}" "${partnum}" || : + ;; + # already checked + *) echo "unreachable" 1>&2; exit 1 ;; + esac +done # Wipe any filesystem signatures from the extended partition that don't # correspond to the FS type we detected earlier. diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh index 42043ad6e8..18224c363c 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh @@ -22,7 +22,7 @@ saved_esp=${saved_data}/esp saved_bios=${saved_data}/bios saved_prep=${saved_data}/prep zram_dev=${saved_data}/zram_dev -partstate_root=/run/ignition-ostree-rootfs-partstate.json +partstate_root=/run/ignition-ostree-rootfs-partstate.sh # Print jq query string for wiped filesystems with label $1 query_fslabel() { @@ -147,7 +147,7 @@ case "${1:-}" in mount_verbose "${root_part}" /sysroot cp -aT /sysroot "${saved_root}" # also store the state of the partition - lsblk "${root_part}" --nodeps --paths --json -b -o NAME,SIZE | jq -c . > "${partstate_root}" + lsblk "${root_part}" --nodeps --pairs -b --paths -o NAME,TYPE,SIZE > "${partstate_root}" fi if [ -d "${saved_boot}" ]; then echo "Moving bootfs to RAM..." From c2d88f0282275f7a9b704d4954f2008ebf423c4f Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 4 Mar 2021 16:49:14 -0500 Subject: [PATCH 115/489] overlay/growfs: support growing LUKS containers We need to support in-place LUKS root reprovisioning. This is pretty straightforward, modulo the terrible clevis hack used to resize the container. We'll want to circle back and clean this up once there's a better interface to do this (but at least until then, we have tests which cover this). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1934174 --- .../40ignition-ostree/ignition-ostree-growfs.sh | 11 +++++++++-- tests/kola/root-reprovision/luks/test.sh | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh index 64bae7ea26..99239c864f 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh @@ -22,7 +22,7 @@ if [ ! -f "${saved_partstate}" ]; then else # The rootfs was reprovisioned. Our rule in this case is: we only grow if # the partition backing the rootfs is the same and its size didn't change - # (IOW, it was an in-place reprovisioning; e.g. xfs -> btrfs). + # (IOW, it was an in-place reprovisioning; e.g. LUKS or xfs -> btrfs). source "${saved_partstate}" if [ "${TYPE}" != "part" ]; then # this really should never happen; but play nice @@ -43,7 +43,7 @@ fi # Go through each blockdev in the hierarchy and verify we know how to grow them lsblk -no TYPE "${partition}" | while read dev; do case "${dev}" in - part) ;; + part|crypt) ;; *) echo "error: Unsupported blockdev type ${dev}" 1>&2; exit 1 ;; esac done @@ -69,6 +69,13 @@ lsblk --paths --pairs -o NAME,TYPE,PKNAME "${partition}" | while read line; do # XXX: ideally this'd be idempotent and we wouldn't `|| :` growpart "${PKNAME}" "${partnum}" || : ;; + crypt) + # XXX: yuck... we need to expose this sanely in clevis + (. /usr/bin/clevis-luks-common-functions + eval $(udevadm info --query=property --export "${NAME}") + clevis_luks_unlock_device "${PKNAME}" | cryptsetup resize -d- "${DM_NAME}" + ) + ;; # already checked *) echo "unreachable" 1>&2; exit 1 ;; esac diff --git a/tests/kola/root-reprovision/luks/test.sh b/tests/kola/root-reprovision/luks/test.sh index 2594f935a1..434b4fbd60 100755 --- a/tests/kola/root-reprovision/luks/test.sh +++ b/tests/kola/root-reprovision/luks/test.sh @@ -14,8 +14,8 @@ fstype=$(findmnt -nvr / -o FSTYPE) case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") # check that ignition-ostree-growfs ran - if [ -e /run/ignition-ostree-growfs.stamp ]; then - echo "ignition-ostree-growfs ran" + if [ ! -e /run/ignition-ostree-growfs.stamp ]; then + echo "ignition-ostree-growfs did not run" exit 1 fi From 48ffc572e5db4ef4a28e2761a6c7a2a5792ede75 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 11 Mar 2021 17:09:04 -0500 Subject: [PATCH 116/489] overrides: pin to kernel-5.10.19-200.fc33 for rootless podman There's a regression in 5.10.20+ which breaks rootless podman: https://github.com/containers/buildah/issues/3071 (This is the same regression which prompted https://github.com/coreos/fedora-coreos-config/pull/883 but for the production streams, let's try to avoid exposing the regression to users for now while it gets sorted out.) --- manifest-lock.overrides.aarch64.yaml | 8 ++++++++ manifest-lock.overrides.ppc64le.yaml | 8 ++++++++ manifest-lock.overrides.s390x.yaml | 8 ++++++++ manifest-lock.overrides.x86_64.yaml | 8 ++++++++ 4 files changed, 32 insertions(+) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index c95c72ed56..4eaafaef8e 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -14,3 +14,11 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.aarch64 + # There's a regression in 5.10.20+ which breaks rootless podman + # https://github.com/containers/buildah/issues/3071 + kernel: + evra: 5.10.19-200.fc33.aarch64 + kernel-core: + evra: 5.10.19-200.fc33.aarch64 + kernel-modules: + evra: 5.10.19-200.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index f979aca40e..ffa467a162 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -14,3 +14,11 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.ppc64le + # There's a regression in 5.10.20+ which breaks rootless podman + # https://github.com/containers/buildah/issues/3071 + kernel: + evra: 5.10.19-200.fc33.ppc64le + kernel-core: + evra: 5.10.19-200.fc33.ppc64le + kernel-modules: + evra: 5.10.19-200.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index c65f06c8b9..35e6144bef 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -14,3 +14,11 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.s390x + # There's a regression in 5.10.20+ which breaks rootless podman + # https://github.com/containers/buildah/issues/3071 + kernel: + evra: 5.10.19-200.fc33.s390x + kernel-core: + evra: 5.10.19-200.fc33.s390x + kernel-modules: + evra: 5.10.19-200.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 8b0c5346d2..9c4de90e2c 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -14,3 +14,11 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evra: 246.7-1.fc33.x86_64 + # There's a regression in 5.10.20+ which breaks rootless podman + # https://github.com/containers/buildah/issues/3071 + kernel: + evra: 5.10.19-200.fc33.x86_64 + kernel-core: + evra: 5.10.19-200.fc33.x86_64 + kernel-modules: + evra: 5.10.19-200.fc33.x86_64 From 1a3b2b4cc86d557521379238ae51b51ee64d50ff Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 14 Mar 2021 21:42:04 +0000 Subject: [PATCH 117/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/161/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 12f23a0ebb..ed2487d35e 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -94,16 +94,16 @@ "evra": "6.11-2.fc33.x86_64" }, "clevis": { - "evra": "15-2.fc33.x86_64" + "evra": "16-1.fc33.x86_64" }, "clevis-dracut": { - "evra": "15-2.fc33.x86_64" + "evra": "16-1.fc33.x86_64" }, "clevis-luks": { - "evra": "15-2.fc33.x86_64" + "evra": "16-1.fc33.x86_64" }, "clevis-systemd": { - "evra": "15-2.fc33.x86_64" + "evra": "16-1.fc33.x86_64" }, "cloud-utils-growpart": { "evra": "0.31-7.fc33.noarch" @@ -127,7 +127,7 @@ "evra": "0.21.1-2.fc33.noarch" }, "container-selinux": { - "evra": "2:2.151.0-1.fc33.noarch" + "evra": "2:2.158.0-1.fc33.noarch" }, "containerd": { "evra": "1.4.3-1.fc33.x86_64" @@ -340,7 +340,7 @@ "evra": "5.1.0-2.fc33.x86_64" }, "gdisk": { - "evra": "1.0.6-1.fc33.x86_64" + "evra": "1.0.7-1.fc33.x86_64" }, "gettext": { "evra": "0.21-3.fc33.x86_64" @@ -349,7 +349,7 @@ "evra": "0.21-3.fc33.x86_64" }, "git-core": { - "evra": "2.29.2-3.fc33.x86_64" + "evra": "2.30.2-1.fc33.x86_64" }, "glib2": { "evra": "2.66.7-1.fc33.x86_64" @@ -820,10 +820,10 @@ "evra": "2.5.1-27.fc33.x86_64" }, "linux-firmware": { - "evra": "20210208-117.fc33.noarch" + "evra": "20210208-118.fc33.noarch" }, "linux-firmware-whence": { - "evra": "20210208-117.fc33.noarch" + "evra": "20210208-118.fc33.noarch" }, "lmdb-libs": { "evra": "0.9.28-1.fc33.x86_64" @@ -894,9 +894,6 @@ "nftables": { "evra": "1:0.9.3-8.fc33.x86_64" }, - "nmap-ncat": { - "evra": "2:7.80-5.fc33.x86_64" - }, "npth": { "evra": "1.6-5.fc33.x86_64" }, @@ -1090,7 +1087,7 @@ "evra": "2.3.2-8.fc33.x86_64" }, "slirp4netns": { - "evra": "1.1.8-1.fc33.x86_64" + "evra": "1.1.9-1.fc33.x86_64" }, "snappy": { "evra": "1.1.8-4.fc33.x86_64" @@ -1177,7 +1174,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2559-1.fc33.x86_64" + "evra": "2:8.2.2576-1.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1211,16 +1208,16 @@ } }, "metadata": { - "generated": "2021-03-07T21:14:47Z", + "generated": "2021-03-14T21:07:43Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-03-06T21:51:24Z" + "generated": "2021-03-07T21:58:31Z" }, "fedora-updates": { - "generated": "2021-03-07T16:28:23Z" + "generated": "2021-03-13T21:29:53Z" } } } From bc6d95a0290d74195ba3279f10bdec48b0688d22 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 11 Mar 2021 14:51:18 -0500 Subject: [PATCH 118/489] image.yaml: bump virtual disk images to 10G Right now, our images are triggering the new 8G warning because the disk size itself is 8G, so the rootfs is less than that. Let's go to 10G so we meet our own standard. --- image.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/image.yaml b/image.yaml index a91ab32025..6e83494bd7 100644 --- a/image.yaml +++ b/image.yaml @@ -1,6 +1,7 @@ -# This replaces image.ks -# size is the target disk size in GB. -size: 8 +# Target disk size in GB. +# Make it at least 10G because we want the rootfs to be at least 8G: +# https://github.com/coreos/fedora-coreos-tracker/issues/586 +size: 10 extra-kargs: # Disable SMT on systems vulnerable to MDS or any similar future issue. From 5ccbbf144e8fa2204d0c78d0e29f82fd1d42636a Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 16 Mar 2021 09:23:53 -0400 Subject: [PATCH 119/489] manifest: use `mkdir -p` for resolved.conf.d/ dir This directory already exists in the latest f34 builds, so we need `mkdir -p` here. --- manifests/fedora-coreos-base.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 55da9e082e..ad07f231c7 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -90,7 +90,7 @@ postprocess: set -xeuo pipefail # Get us back to Fedora 32's nsswitch.conf settings sed -i 's/^hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf - mkdir /usr/lib/systemd/resolved.conf.d/ + mkdir -p /usr/lib/systemd/resolved.conf.d/ cat > /usr/lib/systemd/resolved.conf.d/fedora-coreos-stub-listener.conf <<'EOF' # Fedora CoreOS is electing to not use systemd-resolved's internal # logic for now because of issues with setting hostnames via reverse DNS. From 50cce16f873bda540420ddcb233cdaf56c9c4e52 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 16 Mar 2021 21:52:39 +0000 Subject: [PATCH 120/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/165/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index ed2487d35e..b1e2fbd3df 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -130,7 +130,7 @@ "evra": "2:2.158.0-1.fc33.noarch" }, "containerd": { - "evra": "1.4.3-1.fc33.x86_64" + "evra": "1.4.4-1.fc33.x86_64" }, "containernetworking-plugins": { "evra": "0.9.1-2.fc33.x86_64" @@ -379,22 +379,22 @@ "evra": "3.4-5.fc33.x86_64" }, "grub2-common": { - "evra": "1:2.04-32.fc33.noarch" + "evra": "1:2.04-33.fc33.noarch" }, "grub2-efi-x64": { - "evra": "1:2.04-32.fc33.x86_64" + "evra": "1:2.04-33.fc33.x86_64" }, "grub2-pc": { - "evra": "1:2.04-32.fc33.x86_64" + "evra": "1:2.04-33.fc33.x86_64" }, "grub2-pc-modules": { - "evra": "1:2.04-32.fc33.noarch" + "evra": "1:2.04-33.fc33.noarch" }, "grub2-tools": { - "evra": "1:2.04-32.fc33.x86_64" + "evra": "1:2.04-33.fc33.x86_64" }, "grub2-tools-minimal": { - "evra": "1:2.04-32.fc33.x86_64" + "evra": "1:2.04-33.fc33.x86_64" }, "gzip": { "evra": "1.10-3.fc33.x86_64" @@ -724,7 +724,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "libsmbclient": { - "evra": "2:4.13.4-0.fc33.x86_64" + "evra": "2:4.13.5-0.fc33.x86_64" }, "libsmbios": { "evra": "2.4.3-1.fc33.x86_64" @@ -799,7 +799,7 @@ "evra": "0.3.0-10.fc33.x86_64" }, "libwbclient": { - "evra": "2:4.13.4-0.fc33.x86_64" + "evra": "2:4.13.5-0.fc33.x86_64" }, "libxcrypt": { "evra": "4.4.18-1.fc33.x86_64" @@ -1042,16 +1042,16 @@ "evra": "2:1.0.0-279.dev.gitdedadbf.fc33.x86_64" }, "samba-client-libs": { - "evra": "2:4.13.4-0.fc33.x86_64" + "evra": "2:4.13.5-0.fc33.x86_64" }, "samba-common": { - "evra": "2:4.13.4-0.fc33.noarch" + "evra": "2:4.13.5-0.fc33.noarch" }, "samba-common-libs": { - "evra": "2:4.13.4-0.fc33.x86_64" + "evra": "2:4.13.5-0.fc33.x86_64" }, "samba-libs": { - "evra": "2:4.13.4-0.fc33.x86_64" + "evra": "2:4.13.5-0.fc33.x86_64" }, "sed": { "evra": "4.8-5.fc33.x86_64" @@ -1208,16 +1208,16 @@ } }, "metadata": { - "generated": "2021-03-14T21:07:43Z", + "generated": "2021-03-16T21:09:40Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-03-07T21:58:31Z" + "generated": "2021-03-15T18:59:27Z" }, "fedora-updates": { - "generated": "2021-03-13T21:29:53Z" + "generated": "2021-03-15T20:35:49Z" } } } From 570fb45df744dff0adf213409fe0744ee6baac8f Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Thu, 3 Dec 2020 11:48:16 +0000 Subject: [PATCH 121/489] fedora-coreos-base: add nm-cloud-setup, forward platform variables This adds nm-cloud-setup package to fedora-coreos-base set, and configures the relevant environment variable for AWS, Azure, and GCP. --- manifests/networking-tools.yaml | 3 +++ .../20-aws-nm-cloud-setup.ign | 16 ++++++++++++++++ .../20-azure-nm-cloud-setup.ign | 16 ++++++++++++++++ .../20-gcp-nm-cloud-setup.ign | 16 ++++++++++++++++ .../50ignition-conf-fcos/module-setup.sh | 18 ++++++++++++++++++ 5 files changed, 69 insertions(+) create mode 100644 overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign create mode 100644 overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign create mode 100644 overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign diff --git a/manifests/networking-tools.yaml b/manifests/networking-tools.yaml index 636fca03fc..2221aa7bca 100644 --- a/manifests/networking-tools.yaml +++ b/manifests/networking-tools.yaml @@ -10,6 +10,9 @@ packages: # Teaming https://github.com/coreos/fedora-coreos-config/pull/289 # and http://bugzilla.redhat.com/1758162 - NetworkManager-team teamd + # Support for cloud quirks and dynamic config in real rootfs: + # https://github.com/coreos/fedora-coreos-tracker/issues/320 + - NetworkManager-cloud-setup # Route manipulation and QoS - iproute iproute-tc # Firewall manipulation diff --git a/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign b/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign new file mode 100644 index 0000000000..0d39b1686c --- /dev/null +++ b/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign @@ -0,0 +1,16 @@ +{ + "ignition": { + "version": "3.0.0" + }, + "storage": { + "files": [ + { + "path": "/etc/systemd/system/nm-cloud-setup.service.d/env-aws.conf", + "contents": { + "source": "data:,%5BService%5D%0AEnvironment%3DNM_CLOUD_SETUP_EC2%3Dyes%0A" + }, + "mode": 420 + } + ] + } +} diff --git a/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign b/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign new file mode 100644 index 0000000000..ed2a5c5ac8 --- /dev/null +++ b/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign @@ -0,0 +1,16 @@ +{ + "ignition": { + "version": "3.0.0" + }, + "storage": { + "files": [ + { + "path": "/etc/systemd/system/nm-cloud-setup.service.d/env-azure.conf", + "contents": { + "source": "data:,%5BService%5D%0AEnvironment%3DNM_CLOUD_SETUP_AZURE%3Dyes%0A" + }, + "mode": 420 + } + ] + } +} diff --git a/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign b/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign new file mode 100644 index 0000000000..22966dd36b --- /dev/null +++ b/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign @@ -0,0 +1,16 @@ +{ + "ignition": { + "version": "3.0.0" + }, + "storage": { + "files": [ + { + "path": "/etc/systemd/system/nm-cloud-setup.service.d/env-gcp.conf", + "contents": { + "source": "data:,%5BService%5D%0AEnvironment%3DNM_CLOUD_SETUP_GCP%3Dyes%0A" + }, + "mode": 420 + } + ] + } +} diff --git a/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh b/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh index 88463c4b58..8e9f9d923d 100755 --- a/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh +++ b/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh @@ -8,6 +8,24 @@ depends() { install() { mkdir -p "$initdir/usr/lib/ignition/base.d" + mkdir -p "$initdir/usr/lib/ignition/base.platform.d" + + # Common entries inst "$moddir/30-afterburn-sshkeys-core.ign" \ "/usr/lib/ignition/base.d/30-afterburn-sshkeys-core.ign" + + # Platform specific: aws + mkdir -p "$initdir/usr/lib/ignition/base.platform.d/aws" + inst "$moddir/20-aws-nm-cloud-setup.ign" \ + "/usr/lib/ignition/base.platform.d/aws/20-aws-nm-cloud-setup.ign" + + # Platform specific: azure + mkdir -p "$initdir/usr/lib/ignition/base.platform.d/azure" + inst "$moddir/20-azure-nm-cloud-setup.ign" \ + "/usr/lib/ignition/base.platform.d/azure/20-azure-nm-cloud-setup.ign" + + # Platform specific: gcp + mkdir -p "$initdir/usr/lib/ignition/base.platform.d/gcp" + inst "$moddir/20-gcp-nm-cloud-setup.ign" \ + "/usr/lib/ignition/base.platform.d/gcp/20-gcp-nm-cloud-setup.ign" } From 33cedaf13dc23521bb72be4c0c9c64cd0f84f4ef Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Thu, 3 Dec 2020 12:18:12 +0000 Subject: [PATCH 122/489] lockfile: refresh after manifest changes --- manifest-lock.x86_64.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index b1e2fbd3df..fb5d1ecb0c 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -3,6 +3,9 @@ "NetworkManager": { "evra": "1:1.26.6-1.fc33.x86_64" }, + "NetworkManager-cloud-setup": { + "evra": "1:1.26.6-1.fc33.x86_64" + }, "NetworkManager-libnm": { "evra": "1:1.26.6-1.fc33.x86_64" }, From 10ebedac9628273a738872bdcac730bdb0bf1385 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 17 Mar 2021 22:15:57 +0000 Subject: [PATCH 123/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/166/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index fb5d1ecb0c..fd723bf5a6 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -97,16 +97,16 @@ "evra": "6.11-2.fc33.x86_64" }, "clevis": { - "evra": "16-1.fc33.x86_64" + "evra": "16-2.fc33.x86_64" }, "clevis-dracut": { - "evra": "16-1.fc33.x86_64" + "evra": "16-2.fc33.x86_64" }, "clevis-luks": { - "evra": "16-1.fc33.x86_64" + "evra": "16-2.fc33.x86_64" }, "clevis-systemd": { - "evra": "16-1.fc33.x86_64" + "evra": "16-2.fc33.x86_64" }, "cloud-utils-growpart": { "evra": "0.31-7.fc33.noarch" @@ -136,7 +136,7 @@ "evra": "1.4.4-1.fc33.x86_64" }, "containernetworking-plugins": { - "evra": "0.9.1-2.fc33.x86_64" + "evra": "0.9.1-4.fc33.x86_64" }, "containers-common": { "evra": "4:1-4.fc33.noarch" @@ -1177,7 +1177,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2576-1.fc33.x86_64" + "evra": "2:8.2.2607-1.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1211,7 +1211,7 @@ } }, "metadata": { - "generated": "2021-03-16T21:09:40Z", + "generated": "2021-03-17T21:12:04Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" @@ -1220,7 +1220,7 @@ "generated": "2021-03-15T18:59:27Z" }, "fedora-updates": { - "generated": "2021-03-15T20:35:49Z" + "generated": "2021-03-17T01:37:53Z" } } } From d6ce1565e5ea75f67074bc061bc20a76e24614ff Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Thu, 18 Mar 2021 12:59:20 -0400 Subject: [PATCH 124/489] overrides: fast-track coreos-installer 0.8.0 --- manifest-lock.overrides.aarch64.yaml | 6 ++++++ manifest-lock.overrides.ppc64le.yaml | 6 ++++++ manifest-lock.overrides.s390x.yaml | 6 ++++++ manifest-lock.overrides.x86_64.yaml | 6 ++++++ 4 files changed, 24 insertions(+) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml index 4eaafaef8e..54458f8673 100644 --- a/manifest-lock.overrides.aarch64.yaml +++ b/manifest-lock.overrides.aarch64.yaml @@ -22,3 +22,9 @@ packages: evra: 5.10.19-200.fc33.aarch64 kernel-modules: evra: 5.10.19-200.fc33.aarch64 + # Fast-track coreos-installer release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-7a0ce6189e + coreos-installer: + evra: 0.8.0-1.fc33.aarch64 + coreos-installer-bootinfra: + evra: 0.8.0-1.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml index ffa467a162..df28b9cfcd 100644 --- a/manifest-lock.overrides.ppc64le.yaml +++ b/manifest-lock.overrides.ppc64le.yaml @@ -22,3 +22,9 @@ packages: evra: 5.10.19-200.fc33.ppc64le kernel-modules: evra: 5.10.19-200.fc33.ppc64le + # Fast-track coreos-installer release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-7a0ce6189e + coreos-installer: + evra: 0.8.0-1.fc33.ppc64le + coreos-installer-bootinfra: + evra: 0.8.0-1.fc33.ppc64le diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.s390x.yaml index 35e6144bef..4fcee5c6e7 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.s390x.yaml @@ -22,3 +22,9 @@ packages: evra: 5.10.19-200.fc33.s390x kernel-modules: evra: 5.10.19-200.fc33.s390x + # Fast-track coreos-installer release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-7a0ce6189e + coreos-installer: + evra: 0.8.0-1.fc33.s390x + coreos-installer-bootinfra: + evra: 0.8.0-1.fc33.s390x diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml index 9c4de90e2c..c348026ac0 100644 --- a/manifest-lock.overrides.x86_64.yaml +++ b/manifest-lock.overrides.x86_64.yaml @@ -22,3 +22,9 @@ packages: evra: 5.10.19-200.fc33.x86_64 kernel-modules: evra: 5.10.19-200.fc33.x86_64 + # Fast-track coreos-installer release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-7a0ce6189e + coreos-installer: + evra: 0.8.0-1.fc33.x86_64 + coreos-installer-bootinfra: + evra: 0.8.0-1.fc33.x86_64 From 195ae1fc4b52bc7e52e2bcbbbc2761555cd7d16f Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 18 Mar 2021 13:35:49 -0400 Subject: [PATCH 125/489] overlay: don't restamp rootfs UUID if reprovisioning Since we've created a new filesystem anyway. This implicitly also works around the service racing against the `by-label/root` symlink not being up to date after reprovisioning (which `ignition-ostree-transposefs-restore.service` now intercepts and fixes). --- .../40ignition-ostree/ignition-ostree-uuid-root.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service index 8f3ea1c5f5..45da600af0 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service @@ -7,6 +7,8 @@ ConditionKernelCommandLine=ostree ConditionPathExists=!/run/ostree-live Before=initrd-root-fs.target After=ignition-disks.service +# If we've reprovisioned the rootfs, then there's no need to restamp +ConditionPathExists=!/run/ignition-ostree-transposefs After=dev-disk-by\x2dlabel-root.device # Avoid racing with fsck From 5228316f76186c7e91236c53f7f005ca475ca927 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 18 Mar 2021 13:38:16 -0400 Subject: [PATCH 126/489] overlay/growfs: handle broken lsblk in el8 Sometimes `lsblk` returns devices in the wrong order, so we can't rely on it to iterate over the devices in hierarchical order. Instead, use the `holders/` directory ourselves directly and use `--nodeps` when calling `lsblk`. See: https://bugzilla.redhat.com/show_bug.cgi?id=1934174#c4 See: https://bugzilla.redhat.com/show_bug.cgi?id=1940607 See: https://github.com/coreos/coreos-installer/pull/453 --- .../ignition-ostree-growfs.sh | 26 +++++++++++++++---- .../40ignition-ostree/module-setup.sh | 1 + 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh index 99239c864f..9b629b0194 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh @@ -59,13 +59,16 @@ case "${ROOTFS_TYPE}" in *) echo "error: Unsupported filesystem for ${path}: '${ROOTFS_TYPE}'" 1>&2; exit 1 ;; esac -# Now, go through the hierarchy, growing everything -lsblk --paths --pairs -o NAME,TYPE,PKNAME "${partition}" | while read line; do - eval "${line}" +# Now, go through the hierarchy, growing everything. Note we go one device at a +# time using --nodeps, because ordering is buggy in el8: +# https://bugzilla.redhat.com/show_bug.cgi?id=1940607 +current_blkdev=${partition} +while true; do + eval "$(lsblk --paths --nodeps --pairs -o NAME,TYPE,PKNAME "${current_blkdev}")" + MAJMIN=$(echo $(lsblk -dno MAJ:MIN "${NAME}")) case "${TYPE}" in part) - majmin=$(echo $(lsblk -dno MAJ:MIN "${NAME}")) - partnum=$(cat "/sys/dev/block/${majmin}/partition") + partnum=$(cat "/sys/dev/block/${MAJMIN}/partition") # XXX: ideally this'd be idempotent and we wouldn't `|| :` growpart "${PKNAME}" "${partnum}" || : ;; @@ -73,12 +76,25 @@ lsblk --paths --pairs -o NAME,TYPE,PKNAME "${partition}" | while read line; do # XXX: yuck... we need to expose this sanely in clevis (. /usr/bin/clevis-luks-common-functions eval $(udevadm info --query=property --export "${NAME}") + # lsblk doesn't print PKNAME of crypt devices with --nodeps + PKNAME=/dev/$(ls "/sys/dev/block/${MAJMIN}/slaves") clevis_luks_unlock_device "${PKNAME}" | cryptsetup resize -d- "${DM_NAME}" ) ;; # already checked *) echo "unreachable" 1>&2; exit 1 ;; esac + holders="/sys/dev/block/${MAJMIN}/holders" + [ -d "${holders}" ] || break + nholders="$(ls "${holders}" | wc -l)" + if [ "${nholders}" -eq 0 ]; then + break + elif [ "${nholders}" -gt 1 ]; then + # this shouldn't happen since we've checked the partition types already + echo "error: Unsupported block device with multiple children: ${NAME}" 1>&2 + exit 1 + fi + current_blkdev=/dev/$(ls "${holders}") done # Wipe any filesystem signatures from the extended partition that don't diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh index 94610d3b6c..57239dc966 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh @@ -40,6 +40,7 @@ install() { touch \ xfs_admin \ xfs_growfs \ + wc \ wipefs # growpart deps From b9dca277336fdb88ab565afd0962745eb64f8f09 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 19 Mar 2021 12:17:18 -0400 Subject: [PATCH 127/489] tests/misc-ro: check for prjquota By default, we mount XFS with the `prjquota` option. Verify this. --- tests/kola/misc-ro | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index dc9e706c6b..bf36423e05 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -144,3 +144,9 @@ if [ $(systemctl is-enabled systemd-repart.service) != 'masked' ]; then fatal "systemd-repart.service systemd unit should be masked" fi ok "systemd-repart.service systemd unit is masked" + +rootflags=$(findmnt /sysroot -no OPTIONS) +if ! grep prjquota <<< "${rootflags}"; then + fatal "missing prjquota in root mount flags: ${rootflags}" +fi +ok "root mounted with prjquota" From 1b11322d9e98f37a8efb00dde4efd02ebaaff587 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 19 Mar 2021 12:20:20 -0400 Subject: [PATCH 128/489] tests/root-reprovision: use `ok` and `fatal` helpers We should have those in a shared shell library. --- .../root-reprovision/filesystem-only/test.sh | 16 +++++++++++++--- tests/kola/root-reprovision/luks/test.sh | 16 +++++++++++++--- tests/kola/root-reprovision/raid1/test.sh | 16 +++++++++++++--- 3 files changed, 39 insertions(+), 9 deletions(-) diff --git a/tests/kola/root-reprovision/filesystem-only/test.sh b/tests/kola/root-reprovision/filesystem-only/test.sh index 13e671a9e7..4833ae52ad 100755 --- a/tests/kola/root-reprovision/filesystem-only/test.sh +++ b/tests/kola/root-reprovision/filesystem-only/test.sh @@ -2,15 +2,24 @@ # kola: {"platforms": "qemu", "minMemory": 4096} set -xeuo pipefail +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + fstype=$(findmnt -nvr / -o FSTYPE) [[ $fstype == ext4 ]] +ok "source is ext4" case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") # check that the partition was grown if [ ! -e /run/ignition-ostree-growfs.stamp ]; then - echo "ignition-ostree-growfs did not run" - exit 1 + fatal "ignition-ostree-growfs did not run" fi # reboot once to sanity-check we can find root on second boot @@ -19,6 +28,7 @@ case "${AUTOPKGTEST_REBOOT_MARK:-}" in rebooted) grep root=UUID= /proc/cmdline + ok "found root karg" ;; - *) echo "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}"; exit 1;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; esac diff --git a/tests/kola/root-reprovision/luks/test.sh b/tests/kola/root-reprovision/luks/test.sh index 434b4fbd60..4a2307866a 100755 --- a/tests/kola/root-reprovision/luks/test.sh +++ b/tests/kola/root-reprovision/luks/test.sh @@ -2,6 +2,15 @@ # kola: {"platforms": "qemu", "minMemory": 4096, "architectures": "!s390x"} set -xeuo pipefail +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + srcdev=$(findmnt -nvr / -o SOURCE) [[ ${srcdev} == /dev/mapper/myluksdev ]] @@ -10,13 +19,13 @@ blktype=$(lsblk -o TYPE "${srcdev}" --noheadings) fstype=$(findmnt -nvr / -o FSTYPE) [[ ${fstype} == xfs ]] +ok "source is XFS on LUKS device" case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") # check that ignition-ostree-growfs ran if [ ! -e /run/ignition-ostree-growfs.stamp ]; then - echo "ignition-ostree-growfs did not run" - exit 1 + fatal "ignition-ostree-growfs did not run" fi # reboot once to sanity-check we can find root on second boot @@ -26,6 +35,7 @@ case "${AUTOPKGTEST_REBOOT_MARK:-}" in rebooted) grep root=UUID= /proc/cmdline grep rd.luks.name= /proc/cmdline + ok "found root kargs" ;; - *) echo "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}"; exit 1;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; esac diff --git a/tests/kola/root-reprovision/raid1/test.sh b/tests/kola/root-reprovision/raid1/test.sh index b00c72ed89..f18673e1f9 100755 --- a/tests/kola/root-reprovision/raid1/test.sh +++ b/tests/kola/root-reprovision/raid1/test.sh @@ -2,6 +2,15 @@ # kola: {"platforms": "qemu", "minMemory": 4096, "additionalDisks": ["5G", "5G"]} set -xeuo pipefail +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + srcdev=$(findmnt -nvr / -o SOURCE) [[ ${srcdev} == $(realpath /dev/md/foobar) ]] @@ -10,13 +19,13 @@ blktype=$(lsblk -o TYPE "${srcdev}" --noheadings) fstype=$(findmnt -nvr / -o FSTYPE) [[ ${fstype} == xfs ]] +ok "source is XFS on RAID1 device" case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") # check that ignition-ostree-growfs didn't run if [ -e /run/ignition-ostree-growfs.stamp ]; then - echo "ignition-ostree-growfs ran" - exit 1 + fatal "ignition-ostree-growfs ran" fi # reboot once to sanity-check we can find root on second boot @@ -26,6 +35,7 @@ case "${AUTOPKGTEST_REBOOT_MARK:-}" in rebooted) grep root=UUID= /proc/cmdline grep rd.md.uuid= /proc/cmdline + ok "found root kargs" ;; - *) echo "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}"; exit 1;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; esac From a57a999c4f56f07e7fd9ab037c35d28069731fa8 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 19 Mar 2021 12:21:13 -0400 Subject: [PATCH 129/489] overlay: always use prjquota for XFS rootfs By default, we use `prjquota` for the rootfs for container orchestrators to monitor and set drive space limits. However, with the added support for rootfs reprovisioning, we made this conditional on the rootfs not being reprovisioned, with the assumption that you can just set whatever options you'd like instead. Though actually doing that is really awkward right now, and it requires surfacing prjquota in user documentations (see https://bugzilla.redhat.com/show_bug.cgi?id=1940704#c2). Since AFAICT `prjquota` doesn't actually have any significant overhead, let's just simplify the messaging to: we *always* enable prjquota on XFS root filesystems. Users who want to override this can fallback to `rpm-ostree kargs` (and eventually once we have https://github.com/coreos/fedora-coreos-config/issues/805, to `mountOptions: []`). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1940704 --- .../dracut/modules.d/40ignition-ostree/coreos-rootflags.sh | 7 ------- tests/kola/root-reprovision/luks/test.sh | 6 ++++++ tests/kola/root-reprovision/raid1/test.sh | 6 ++++++ 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh index 332665e4f3..8c25d96118 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh @@ -3,14 +3,7 @@ set -euo pipefail rootpath=/dev/disk/by-label/root -# If the rootfs was reprovisioned, then the user is free to define their own -# rootflags. -if [ -d /run/ignition-ostree-transposefs/root ]; then - exit 0 -fi - eval $(blkid -o export ${rootpath}) -# this really should always be true, but let's be conservative if [ "${TYPE}" == "xfs" ]; then # We use prjquota on XFS by default to aid multi-tenant Kubernetes (and # other container) clusters. See diff --git a/tests/kola/root-reprovision/luks/test.sh b/tests/kola/root-reprovision/luks/test.sh index 4a2307866a..656b6feee6 100755 --- a/tests/kola/root-reprovision/luks/test.sh +++ b/tests/kola/root-reprovision/luks/test.sh @@ -21,6 +21,12 @@ fstype=$(findmnt -nvr / -o FSTYPE) [[ ${fstype} == xfs ]] ok "source is XFS on LUKS device" +rootflags=$(findmnt /sysroot -no OPTIONS) +if ! grep prjquota <<< "${rootflags}"; then + fatal "missing prjquota in root mount flags: ${rootflags}" +fi +ok "root mounted with prjquota" + case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") # check that ignition-ostree-growfs ran diff --git a/tests/kola/root-reprovision/raid1/test.sh b/tests/kola/root-reprovision/raid1/test.sh index f18673e1f9..a1e510cffa 100755 --- a/tests/kola/root-reprovision/raid1/test.sh +++ b/tests/kola/root-reprovision/raid1/test.sh @@ -21,6 +21,12 @@ fstype=$(findmnt -nvr / -o FSTYPE) [[ ${fstype} == xfs ]] ok "source is XFS on RAID1 device" +rootflags=$(findmnt /sysroot -no OPTIONS) +if ! grep prjquota <<< "${rootflags}"; then + fatal "missing prjquota in root mount flags: ${rootflags}" +fi +ok "root mounted with prjquota" + case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") # check that ignition-ostree-growfs didn't run From eaf5777c9dab8a8702a8d090b048655922138493 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 19 Mar 2021 21:50:47 +0000 Subject: [PATCH 130/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/169/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index fd723bf5a6..37aa46859d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -142,10 +142,10 @@ "evra": "4:1-4.fc33.noarch" }, "coreos-installer": { - "evra": "0.7.2-1.fc33.x86_64" + "evra": "0.8.0-1.fc33.x86_64" }, "coreos-installer-bootinfra": { - "evra": "0.7.2-1.fc33.x86_64" + "evra": "0.8.0-1.fc33.x86_64" }, "coreutils": { "evra": "8.32-18.fc33.x86_64" @@ -310,7 +310,7 @@ "evra": "0.8.6-1.fc33.noarch" }, "flatpak-session-helper": { - "evra": "1.10.1-1.fc33.x86_64" + "evra": "1.10.2-1.fc33.x86_64" }, "fstrm": { "evra": "0.6.0-1.fc33.x86_64" @@ -598,7 +598,7 @@ "evra": "0.3.5-1.fc33.x86_64" }, "libibverbs": { - "evra": "33.0-2.fc33.x86_64" + "evra": "34.0-1.fc33.x86_64" }, "libicu": { "evra": "67.1-4.fc33.x86_64" @@ -823,10 +823,10 @@ "evra": "2.5.1-27.fc33.x86_64" }, "linux-firmware": { - "evra": "20210208-118.fc33.noarch" + "evra": "20210315-119.fc33.noarch" }, "linux-firmware-whence": { - "evra": "20210208-118.fc33.noarch" + "evra": "20210315-119.fc33.noarch" }, "lmdb-libs": { "evra": "0.9.28-1.fc33.x86_64" @@ -1015,7 +1015,7 @@ "evra": "4.0.2-6.fc33.x86_64" }, "rdma-core": { - "evra": "33.0-2.fc33.x86_64" + "evra": "34.0-1.fc33.x86_64" }, "readline": { "evra": "8.0-5.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-03-17T21:12:04Z", + "generated": "2021-03-19T21:08:14Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-03-15T18:59:27Z" + "generated": "2021-03-18T19:04:38Z" }, "fedora-updates": { - "generated": "2021-03-17T01:37:53Z" + "generated": "2021-03-19T18:30:23Z" } } } From 02c41e3012911330699626278bde3f2393c87f59 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 9 Mar 2021 16:49:15 -0500 Subject: [PATCH 131/489] overrides: move to an arch-independent lockfile Now that rpm-ostree and cosa support it, move to just using a `manifest-lock.overrides.yaml` which uses `evr` instead of `evra` so that we can avoid all the duplication. The previous filenames are still supported in case we do have arch-specific overrides (e.g. grub) in the future. --- manifest-lock.overrides.aarch64.yaml | 30 ------------------- manifest-lock.overrides.ppc64le.yaml | 30 ------------------- manifest-lock.overrides.x86_64.yaml | 30 ------------------- ...s390x.yaml => manifest-lock.overrides.yaml | 20 ++++++------- 4 files changed, 10 insertions(+), 100 deletions(-) delete mode 100644 manifest-lock.overrides.aarch64.yaml delete mode 100644 manifest-lock.overrides.ppc64le.yaml delete mode 100644 manifest-lock.overrides.x86_64.yaml rename manifest-lock.overrides.s390x.yaml => manifest-lock.overrides.yaml (67%) diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml deleted file mode 100644 index 54458f8673..0000000000 --- a/manifest-lock.overrides.aarch64.yaml +++ /dev/null @@ -1,30 +0,0 @@ -packages: - # Keep this until we move to Fedora 34. - # https://github.com/coreos/fedora-coreos-tracker/issues/649 - # https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 - systemd: - evra: 246.7-1.fc33.aarch64 - systemd-container: - evra: 246.7-1.fc33.aarch64 - systemd-libs: - evra: 246.7-1.fc33.aarch64 - systemd-pam: - evra: 246.7-1.fc33.aarch64 - systemd-rpm-macros: - evra: 246.7-1.fc33.noarch - systemd-udev: - evra: 246.7-1.fc33.aarch64 - # There's a regression in 5.10.20+ which breaks rootless podman - # https://github.com/containers/buildah/issues/3071 - kernel: - evra: 5.10.19-200.fc33.aarch64 - kernel-core: - evra: 5.10.19-200.fc33.aarch64 - kernel-modules: - evra: 5.10.19-200.fc33.aarch64 - # Fast-track coreos-installer release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-7a0ce6189e - coreos-installer: - evra: 0.8.0-1.fc33.aarch64 - coreos-installer-bootinfra: - evra: 0.8.0-1.fc33.aarch64 diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml deleted file mode 100644 index df28b9cfcd..0000000000 --- a/manifest-lock.overrides.ppc64le.yaml +++ /dev/null @@ -1,30 +0,0 @@ -packages: - # Keep this until we move to Fedora 34. - # https://github.com/coreos/fedora-coreos-tracker/issues/649 - # https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 - systemd: - evra: 246.7-1.fc33.ppc64le - systemd-container: - evra: 246.7-1.fc33.ppc64le - systemd-libs: - evra: 246.7-1.fc33.ppc64le - systemd-pam: - evra: 246.7-1.fc33.ppc64le - systemd-rpm-macros: - evra: 246.7-1.fc33.noarch - systemd-udev: - evra: 246.7-1.fc33.ppc64le - # There's a regression in 5.10.20+ which breaks rootless podman - # https://github.com/containers/buildah/issues/3071 - kernel: - evra: 5.10.19-200.fc33.ppc64le - kernel-core: - evra: 5.10.19-200.fc33.ppc64le - kernel-modules: - evra: 5.10.19-200.fc33.ppc64le - # Fast-track coreos-installer release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-7a0ce6189e - coreos-installer: - evra: 0.8.0-1.fc33.ppc64le - coreos-installer-bootinfra: - evra: 0.8.0-1.fc33.ppc64le diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml deleted file mode 100644 index c348026ac0..0000000000 --- a/manifest-lock.overrides.x86_64.yaml +++ /dev/null @@ -1,30 +0,0 @@ -packages: - # Keep this until we move to Fedora 34. - # https://github.com/coreos/fedora-coreos-tracker/issues/649 - # https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 - systemd: - evra: 246.7-1.fc33.x86_64 - systemd-container: - evra: 246.7-1.fc33.x86_64 - systemd-libs: - evra: 246.7-1.fc33.x86_64 - systemd-pam: - evra: 246.7-1.fc33.x86_64 - systemd-rpm-macros: - evra: 246.7-1.fc33.noarch - systemd-udev: - evra: 246.7-1.fc33.x86_64 - # There's a regression in 5.10.20+ which breaks rootless podman - # https://github.com/containers/buildah/issues/3071 - kernel: - evra: 5.10.19-200.fc33.x86_64 - kernel-core: - evra: 5.10.19-200.fc33.x86_64 - kernel-modules: - evra: 5.10.19-200.fc33.x86_64 - # Fast-track coreos-installer release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-7a0ce6189e - coreos-installer: - evra: 0.8.0-1.fc33.x86_64 - coreos-installer-bootinfra: - evra: 0.8.0-1.fc33.x86_64 diff --git a/manifest-lock.overrides.s390x.yaml b/manifest-lock.overrides.yaml similarity index 67% rename from manifest-lock.overrides.s390x.yaml rename to manifest-lock.overrides.yaml index 4fcee5c6e7..db3ea672f2 100644 --- a/manifest-lock.overrides.s390x.yaml +++ b/manifest-lock.overrides.yaml @@ -3,28 +3,28 @@ packages: # https://github.com/coreos/fedora-coreos-tracker/issues/649 # https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 systemd: - evra: 246.7-1.fc33.s390x + evr: 246.7-1.fc33 systemd-container: - evra: 246.7-1.fc33.s390x + evr: 246.7-1.fc33 systemd-libs: - evra: 246.7-1.fc33.s390x + evr: 246.7-1.fc33 systemd-pam: - evra: 246.7-1.fc33.s390x + evr: 246.7-1.fc33 systemd-rpm-macros: evra: 246.7-1.fc33.noarch systemd-udev: - evra: 246.7-1.fc33.s390x + evr: 246.7-1.fc33 # There's a regression in 5.10.20+ which breaks rootless podman # https://github.com/containers/buildah/issues/3071 kernel: - evra: 5.10.19-200.fc33.s390x + evr: 5.10.19-200.fc33 kernel-core: - evra: 5.10.19-200.fc33.s390x + evr: 5.10.19-200.fc33 kernel-modules: - evra: 5.10.19-200.fc33.s390x + evr: 5.10.19-200.fc33 # Fast-track coreos-installer release # https://bodhi.fedoraproject.org/updates/FEDORA-2021-7a0ce6189e coreos-installer: - evra: 0.8.0-1.fc33.s390x + evr: 0.8.0-1.fc33 coreos-installer-bootinfra: - evra: 0.8.0-1.fc33.s390x + evr: 0.8.0-1.fc33 From 7eeb2da7896637e6c2c7f2bf4e54ba57a7a078a9 Mon Sep 17 00:00:00 2001 From: Vadim Rutkovsky Date: Wed, 10 Mar 2021 16:54:55 +0100 Subject: [PATCH 132/489] rootless-systemd: update packages before installing httpd Fedora container may be outdated and in order to install httpd existing packages may require an update --- tests/kola/podman/rootless-systemd | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/kola/podman/rootless-systemd b/tests/kola/podman/rootless-systemd index 13874a5e76..c12cec80a9 100755 --- a/tests/kola/podman/rootless-systemd +++ b/tests/kola/podman/rootless-systemd @@ -26,7 +26,8 @@ set -euxo pipefail cd $(mktemp -d) cat < Containerfile FROM registry.fedoraproject.org/fedora:33 -RUN dnf -y install systemd httpd \ +RUN dnf -y update \ +&& dnf -y install systemd httpd \ && dnf clean all \ && systemctl enable httpd ENTRYPOINT [ "/sbin/init" ] From e5b3bcd52ab047c9b036df0390ec9f878cd2b5e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 23 Feb 2021 15:12:14 +0100 Subject: [PATCH 133/489] tests: Add basic toolbox functional testing This will make sure that builds can at least do the following without errors: - pull the image - create a toolbox - run a basic command inside it - stop and remove the container --- tests/kola/toolbox/test.sh | 46 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100755 tests/kola/toolbox/test.sh diff --git a/tests/kola/toolbox/test.sh b/tests/kola/toolbox/test.sh new file mode 100755 index 0000000000..e9dc2a5ab0 --- /dev/null +++ b/tests/kola/toolbox/test.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Make sure that basic toolbox functionnality is working: +# - Creating a toolbox +# - Running a command in a toolbox +# - Removing all toolbox containers +# +# Important note: Commands are run indirectly via calls to `machinectl shell` +# to re-create the user environment needed for unprivileged podman +# functionality. However, machinectl shell does not propagate the exit +# code/status of the invoked shell process thus we need additionnal checks to +# ensure that previous commands were successful. + +# Only run on QEMU to reduce CI costs as nothing is platform specific here. +# kola: { "tags": "needs-internet", "platforms": "qemu-unpriv" } + +set -xeuo pipefail + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +machinectl shell core@ /bin/toolbox create --assumeyes 1>/dev/null +if [[ $(machinectl shell core@ /bin/toolbox list --containers | grep --count fedora-toolbox-) -ne 1 ]]; then + fatal "Could not create toolbox" +fi +ok toolbox create + +machinectl shell core@ /bin/toolbox run touch ok_toolbox +if [[ ! -f '/home/core/ok_toolbox' ]]; then + fatal "Could not run a simple command inside a toolbox" +fi +ok toolbox run + +toolbox="$(machinectl shell core@ /bin/toolbox list --containers | grep fedora-toolbox- | awk '{print $2}')" +machinectl shell core@ /bin/podman stop "${toolbox}" +machinectl shell core@ /bin/toolbox rm "${toolbox}" +if [[ -n "$(machinectl shell core@ /bin/toolbox list --containers)" ]]; then + fatal "Could not remove the toolbox container" +fi +ok toolbox rm From ef7c4b9055d2d7779d082d81864af529b171b499 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 19 Mar 2021 13:11:34 -0400 Subject: [PATCH 134/489] overlay: propagate rootfs mountOptions to rootflags karg Right now, specifying `mountOptions` for the rootfs in the Ignition config is ignored. To fix that, we simply need to have `coreos-rootflags` inspect the Ignition config if the rootfs was reprovisioned and extract the field. This then takes effect on first boot (via `ignition-ostree-mount-sysroot.sh` calling out to it) and subsequent boots (via `rdcore rootmap` calling out to `coreos-rootflags`). Closes: https://github.com/coreos/fedora-coreos-config/issues/805 --- .../40ignition-ostree/coreos-rootflags.sh | 18 ++++++++++++++++++ .../filesystem-only/config.ign | 5 +++-- .../root-reprovision/filesystem-only/test.sh | 6 ++++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh index 8c25d96118..1a7c0a2996 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh @@ -1,8 +1,26 @@ #!/bin/bash set -euo pipefail +# see related comment block in transposefs.sh re. inspecting the config directly +ignition_cfg=/run/ignition.json rootpath=/dev/disk/by-label/root +query_rootfs() { + local filter=$1 + jq -re ".storage?.filesystems? // [] | + map(select(.label == \"root\" and .wipeFilesystem == true)) | + .[0] | $filter" "${ignition_cfg}" +} + +# If the rootfs was reprovisioned, then the mountOptions from the Ignition +# config has priority. +if [ -d /run/ignition-ostree-transposefs/root ]; then + if query_rootfs 'has("mountOptions")' >/dev/null; then + query_rootfs '.mountOptions | join(",")' + exit 0 + fi +fi + eval $(blkid -o export ${rootpath}) if [ "${TYPE}" == "xfs" ]; then # We use prjquota on XFS by default to aid multi-tenant Kubernetes (and diff --git a/tests/kola/root-reprovision/filesystem-only/config.ign b/tests/kola/root-reprovision/filesystem-only/config.ign index 3784c8cbfe..28d6ca57f5 100644 --- a/tests/kola/root-reprovision/filesystem-only/config.ign +++ b/tests/kola/root-reprovision/filesystem-only/config.ign @@ -1,6 +1,6 @@ { "ignition": { - "version": "3.0.0" + "version": "3.2.0" }, "storage": { "filesystems": [ @@ -8,7 +8,8 @@ "device": "/dev/disk/by-label/root", "wipeFilesystem": true, "format": "ext4", - "label": "root" + "label": "root", + "mountOptions": ["debug"] } ] } diff --git a/tests/kola/root-reprovision/filesystem-only/test.sh b/tests/kola/root-reprovision/filesystem-only/test.sh index 4833ae52ad..1a61befc79 100755 --- a/tests/kola/root-reprovision/filesystem-only/test.sh +++ b/tests/kola/root-reprovision/filesystem-only/test.sh @@ -15,6 +15,12 @@ fstype=$(findmnt -nvr / -o FSTYPE) [[ $fstype == ext4 ]] ok "source is ext4" +rootflags=$(findmnt /sysroot -no OPTIONS) +if ! grep debug <<< "${rootflags}"; then + fatal "missing debug in root mount flags: ${rootflags}" +fi +ok "root mounted with debug" + case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") # check that the partition was grown From 7c73bd7b192a26b3a4d88b82117163c2dffd27b5 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 24 Mar 2021 21:50:00 +0000 Subject: [PATCH 135/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/174/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 37aa46859d..a403242d6b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -172,10 +172,10 @@ "evra": "20200918-1.git85dccc5.fc33.noarch" }, "cryptsetup": { - "evra": "2.3.4-1.fc33.x86_64" + "evra": "2.3.5-2.fc33.x86_64" }, "cryptsetup-libs": { - "evra": "2.3.4-1.fc33.x86_64" + "evra": "2.3.5-2.fc33.x86_64" }, "cups-libs": { "evra": "1:2.3.3op2-1.fc33.x86_64" @@ -355,7 +355,7 @@ "evra": "2.30.2-1.fc33.x86_64" }, "glib2": { - "evra": "2.66.7-1.fc33.x86_64" + "evra": "2.66.8-1.fc33.x86_64" }, "glibc": { "evra": "2.32-4.fc33.x86_64" @@ -661,7 +661,7 @@ "evra": "1.0.1-18.fc33.x86_64" }, "libnfsidmap": { - "evra": "1:2.5.3-0.fc33.x86_64" + "evra": "1:2.5.3-1.fc33.x86_64" }, "libnftnl": { "evra": "1.1.7-3.fc33.x86_64" @@ -871,7 +871,7 @@ "evra": "78.8.0-2.fc33.x86_64" }, "mpfr": { - "evra": "4.1.0-4.fc33.x86_64" + "evra": "4.1.0-5.fc33.x86_64" }, "ncurses": { "evra": "6.2-3.20200222.fc33.x86_64" @@ -892,7 +892,7 @@ "evra": "0.52.21-8.fc33.x86_64" }, "nfs-utils-coreos": { - "evra": "1:2.5.3-0.fc33.x86_64" + "evra": "1:2.5.3-1.fc33.x86_64" }, "nftables": { "evra": "1:0.9.3-8.fc33.x86_64" @@ -1177,13 +1177,13 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2607-1.fc33.x86_64" + "evra": "2:8.2.2637-1.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" }, "wireguard-tools": { - "evra": "1.0.20210223-1.fc33.x86_64" + "evra": "1.0.20210315-1.fc33.x86_64" }, "xfsprogs": { "evra": "5.7.0-1.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-03-19T21:08:14Z", + "generated": "2021-03-24T21:08:29Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-03-18T19:04:38Z" + "generated": "2021-03-23T22:08:13Z" }, "fedora-updates": { - "generated": "2021-03-19T18:30:23Z" + "generated": "2021-03-24T02:28:50Z" } } } From f02095f3194f10ce86c4201f5a0ae68129374ca4 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 18 Nov 2020 16:47:50 -0500 Subject: [PATCH 136/489] Move buildroot image here When using cosa to build OSes, we've been pretty good at shielding ourselves from versioning differences between source and target environments (for example, RHCOS is built by Fedora packages). But when it comes to building things meant to run *in* that OS, we really should match the buildroot of the target. Right now, many of our projects use the buildroot cosa container to build their projects in CI. But this doesn't necessarily match the buildroot of the rest of the OS. Since the buildroot to use is defined here (specifically via the `releasever` key), let's move the concept of a "buildroot image" from cosa to here. Specifically, we want a container image with all the deps to the components we mostly hack on for use by both CI and local developers. This can then be used by CoreOS CI for building upstream projects, as well as by cosa itself for building kolet. See also: https://github.com/coreos/coreos-assembler/issues/1863 --- README.md | 3 ++- ci/buildroot/Dockerfile | 13 ++++++++++ ci/buildroot/buildroot-buildreqs.txt | 9 +++++++ ci/buildroot/buildroot-reqs.txt | 39 ++++++++++++++++++++++++++++ ci/buildroot/buildroot-specs.txt | 3 +++ ci/buildroot/install-buildroot.sh | 23 ++++++++++++++++ 6 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 ci/buildroot/Dockerfile create mode 100644 ci/buildroot/buildroot-buildreqs.txt create mode 100644 ci/buildroot/buildroot-reqs.txt create mode 100644 ci/buildroot/buildroot-specs.txt create mode 100755 ci/buildroot/install-buildroot.sh diff --git a/README.md b/README.md index 23e4f8426d..675862fe18 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,8 @@ Updating this repo: 1. bump `releasever` in `manifest.yaml` 2. update the repos in `manifest.yaml` if needed 3. run `cosa fetch --update-lockfile` -4. PR the result +4. bump the base Fedora version in `ci/buildroot/Dockerfile` +5. PR the result Update server changes: diff --git a/ci/buildroot/Dockerfile b/ci/buildroot/Dockerfile new file mode 100644 index 0000000000..6c52fcdf49 --- /dev/null +++ b/ci/buildroot/Dockerfile @@ -0,0 +1,13 @@ +# This includes the build dependencies for some key packages +# such as ignition, rpm-ostree, libpod, systemd, and kernel. +# If you want another package in this list, submit a PR and +# we can probably add it. +# +# This image is used by CoreOS CI to build software like +# Ignition, rpm-ostree, ostree, coreos-installer, etc... +FROM registry.fedoraproject.org/fedora:33 +USER root +WORKDIR /root/containerbuild +COPY . tmp +RUN ./tmp/install-buildroot.sh && yum clean all && rm tmp -rf +WORKDIR /root diff --git a/ci/buildroot/buildroot-buildreqs.txt b/ci/buildroot/buildroot-buildreqs.txt new file mode 100644 index 0000000000..ce510912d6 --- /dev/null +++ b/ci/buildroot/buildroot-buildreqs.txt @@ -0,0 +1,9 @@ +# This is what the CoreOS developers tend to actively develop/own. +# If you want to extend this, feel free to file a PR. +ignition +ostree +librepo +kernel +systemd +dracut +podman diff --git a/ci/buildroot/buildroot-reqs.txt b/ci/buildroot/buildroot-reqs.txt new file mode 100644 index 0000000000..481a756411 --- /dev/null +++ b/ci/buildroot/buildroot-reqs.txt @@ -0,0 +1,39 @@ +# This is a list of basic buildrequires; it'd be a bit better to +# yum -y install @buildsys-build but unfortunately that hits a bug: +# https://fedoraproject.org/wiki/Common_F30_bugs#Conflicts_between_fedora-release_packages_when_installing_package_groups +# So here we inline it, minus the -release package. +bash +bzip2 +coreutils +cpio +diffutils +findutils +gawk +glibc-minimal-langpack +grep +gzip +info +make +patch +redhat-rpm-config +rpm-build +sed +shadow-utils +tar +unzip +util-linux +which +xz + +# For rust projects like rpm-ostree +rustfmt + +# Used by ostree/rpm-ostree CI +parallel gjs + +# Also, add clang since it's useful at least in CI for C/C++ projects +clang lld +# All C/C++ projects should have CI that uses the sanitizers +libubsan libasan libtsan +# And all C/C++ projects should use clang-analyzer +clang-analyzer diff --git a/ci/buildroot/buildroot-specs.txt b/ci/buildroot/buildroot-specs.txt new file mode 100644 index 0000000000..f164c9d9b4 --- /dev/null +++ b/ci/buildroot/buildroot-specs.txt @@ -0,0 +1,3 @@ +# for projects which have their canonical spec files upstream, use those instead +# since they're more up to date +https://raw.githubusercontent.com/coreos/rpm-ostree/master/packaging/rpm-ostree.spec.in diff --git a/ci/buildroot/install-buildroot.sh b/ci/buildroot/install-buildroot.sh new file mode 100755 index 0000000000..ab13d5c76f --- /dev/null +++ b/ci/buildroot/install-buildroot.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -euo pipefail + +dn=$(dirname "$0") + +# This is invoked by Dockerfile + +echo "Installing base build requirements" +dnf -y install /usr/bin/xargs 'dnf-command(builddep)' +deps=$(grep -v '^#' "${dn}"/buildroot-reqs.txt) +echo "${deps}" | xargs dnf -y install + +echo "Installing build dependencies of primary packages" +brs=$(grep -v '^#' "${dn}"/buildroot-buildreqs.txt) +echo "${brs}" | xargs dnf -y builddep + +echo "Installing build dependencies from canonical spec files" +specs=$(grep -v '^#' "${dn}"/buildroot-specs.txt) +tmpd=$(mktemp -d) && trap 'rm -rf ${tmpd}' EXIT +(cd "${tmpd}" && echo "${specs}" | xargs curl -L --remote-name-all) +(cd "${tmpd}" && find . -type f -print0 | xargs -0 dnf -y builddep --spec) + +echo 'Done!' From a2221a8a1d8f6a24b7f0bf1b22239cefb0ffbc20 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 26 Mar 2021 00:12:22 +0000 Subject: [PATCH 137/489] buildroot: Add jq This is used by rpm-ostree's CI; add it to the buildroot for the same reason we ship it in FCOS. --- ci/buildroot/buildroot-reqs.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/buildroot/buildroot-reqs.txt b/ci/buildroot/buildroot-reqs.txt index 481a756411..9161edb09e 100644 --- a/ci/buildroot/buildroot-reqs.txt +++ b/ci/buildroot/buildroot-reqs.txt @@ -28,6 +28,9 @@ xz # For rust projects like rpm-ostree rustfmt +# A super common tool +jq + # Used by ostree/rpm-ostree CI parallel gjs From bf0e7decbefee00659b70ce212e2046ffef4cda7 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 24 Mar 2021 17:48:10 -0400 Subject: [PATCH 138/489] image.yaml: split out image-base.yaml The `image.yaml` file will be unique to each stream (like `manifest.yaml`), while `image-base.yaml` will be shared by all streams (like `manifests/fedora-coreos-base.yaml`). Prep for dropping the `systemd.unified_cgroup_hierarchy=0` karg on the next stream. --- image-base.yaml | 28 ++++++++++++++++++++++++++++ image.yaml | 32 ++++---------------------------- 2 files changed, 32 insertions(+), 28 deletions(-) create mode 100644 image-base.yaml diff --git a/image-base.yaml b/image-base.yaml new file mode 100644 index 0000000000..6e83494bd7 --- /dev/null +++ b/image-base.yaml @@ -0,0 +1,28 @@ +# Target disk size in GB. +# Make it at least 10G because we want the rootfs to be at least 8G: +# https://github.com/coreos/fedora-coreos-tracker/issues/586 +size: 10 + +extra-kargs: + # Disable SMT on systems vulnerable to MDS or any similar future issue. + - mitigations=auto,nosmt + # https://github.com/coreos/fedora-coreos-tracker/issues/292 + # https://fedoraproject.org/wiki/Changes/CGroupsV2 + - systemd.unified_cgroup_hierarchy=0 + +# Disable networking by default on firstboot. We can drop this once cosa stops +# defaulting to `ip=dhcp,dhcp6 rd.neednet=1` when it doesn't see this key. +ignition-network-kcmdline: [] + +# Optional remote by which to prefix the deployed OSTree ref +ostree-remote: fedora + +# We want read-only /sysroot to protect from unintentional damage. +# https://github.com/ostreedev/ostree/issues/1265 +sysroot-readonly: true + +# After this, we plan to add support for the Ignition +# storage/filesystems sections. (Although one can do +# that on boot as well) + + diff --git a/image.yaml b/image.yaml index 6e83494bd7..1bf800cca2 100644 --- a/image.yaml +++ b/image.yaml @@ -1,28 +1,4 @@ -# Target disk size in GB. -# Make it at least 10G because we want the rootfs to be at least 8G: -# https://github.com/coreos/fedora-coreos-tracker/issues/586 -size: 10 - -extra-kargs: - # Disable SMT on systems vulnerable to MDS or any similar future issue. - - mitigations=auto,nosmt - # https://github.com/coreos/fedora-coreos-tracker/issues/292 - # https://fedoraproject.org/wiki/Changes/CGroupsV2 - - systemd.unified_cgroup_hierarchy=0 - -# Disable networking by default on firstboot. We can drop this once cosa stops -# defaulting to `ip=dhcp,dhcp6 rd.neednet=1` when it doesn't see this key. -ignition-network-kcmdline: [] - -# Optional remote by which to prefix the deployed OSTree ref -ostree-remote: fedora - -# We want read-only /sysroot to protect from unintentional damage. -# https://github.com/ostreedev/ostree/issues/1265 -sysroot-readonly: true - -# After this, we plan to add support for the Ignition -# storage/filesystems sections. (Although one can do -# that on boot as well) - - +# This file can optionally contain configuration specific to the stream, +# similarly to manifest.yaml. Unlike image-base.yaml, which is shared by all +# streams. +include: image-base.yaml From f483cfa7584baba872fd6fea47751f33e47ed2bb Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 26 Mar 2021 18:08:22 +0000 Subject: [PATCH 139/489] buildroot: Add attr ostree's tests depend on this, it's tiny and useful. --- ci/buildroot/buildroot-reqs.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/buildroot/buildroot-reqs.txt b/ci/buildroot/buildroot-reqs.txt index 9161edb09e..946f8eedc0 100644 --- a/ci/buildroot/buildroot-reqs.txt +++ b/ci/buildroot/buildroot-reqs.txt @@ -31,7 +31,8 @@ rustfmt # A super common tool jq -# Used by ostree/rpm-ostree CI +# Used by ostree/rpm-ostree CI (TODO: add to something like TestBuildRequires in spec files) +attr parallel gjs # Also, add clang since it's useful at least in CI for C/C++ projects From cb58430ffdbf05f20339eca7539be7f23b0fb999 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 26 Mar 2021 21:39:57 +0000 Subject: [PATCH 140/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/177/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index a403242d6b..a8eb0c34fd 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1030,10 +1030,10 @@ "evra": "4.16.1.2-1.fc33.x86_64" }, "rpm-ostree": { - "evra": "2021.2-2.fc33.x86_64" + "evra": "2021.3-2.fc33.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.2-2.fc33.x86_64" + "evra": "2021.3-2.fc33.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.2-1.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-03-24T21:08:29Z", + "generated": "2021-03-26T21:08:05Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-03-23T22:08:13Z" + "generated": "2021-03-26T18:55:40Z" }, "fedora-updates": { - "generated": "2021-03-24T02:28:50Z" + "generated": "2021-03-26T01:00:44Z" } } } From b0718b340d0576d06b50443a02c0b59df9c3285f Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 28 Mar 2021 21:45:12 +0000 Subject: [PATCH 141/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/179/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index a8eb0c34fd..2ba3a8dd40 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -139,7 +139,7 @@ "evra": "0.9.1-4.fc33.x86_64" }, "containers-common": { - "evra": "4:1-4.fc33.noarch" + "evra": "4:1-9.fc33.noarch" }, "coreos-installer": { "evra": "0.8.0-1.fc33.x86_64" @@ -178,7 +178,7 @@ "evra": "2.3.5-2.fc33.x86_64" }, "cups-libs": { - "evra": "1:2.3.3op2-1.fc33.x86_64" + "evra": "1:2.3.3op2-3.fc33.x86_64" }, "curl": { "evra": "7.71.1-8.fc33.x86_64" @@ -193,7 +193,7 @@ "evra": "1:1.12.20-2.fc33.x86_64" }, "dbus-broker": { - "evra": "27-2.fc33.x86_64" + "evra": "28-3.fc33.x86_64" }, "dbus-common": { "evra": "1:1.12.20-2.fc33.noarch" @@ -418,16 +418,16 @@ "evra": "5.9.0-1.fc33.x86_64" }, "iptables": { - "evra": "1.8.5-5.fc33.x86_64" + "evra": "1.8.5-6.fc33.x86_64" }, "iptables-libs": { - "evra": "1.8.5-5.fc33.x86_64" + "evra": "1.8.5-6.fc33.x86_64" }, "iptables-nft": { - "evra": "1.8.5-5.fc33.x86_64" + "evra": "1.8.5-6.fc33.x86_64" }, "iptables-services": { - "evra": "1.8.5-5.fc33.x86_64" + "evra": "1.8.5-6.fc33.x86_64" }, "iputils": { "evra": "20200821-1.fc33.x86_64" @@ -595,7 +595,7 @@ "evra": "234-1.fc33.x86_64" }, "libgusb": { - "evra": "0.3.5-1.fc33.x86_64" + "evra": "0.3.6-1.fc33.x86_64" }, "libibverbs": { "evra": "34.0-1.fc33.x86_64" @@ -868,7 +868,7 @@ "evra": "2:0.4.0-2.fc33.x86_64" }, "mozjs78": { - "evra": "78.8.0-2.fc33.x86_64" + "evra": "78.9.0-1.fc33.x86_64" }, "mpfr": { "evra": "4.1.0-5.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-03-26T21:08:05Z", + "generated": "2021-03-28T21:07:35Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-03-26T18:55:40Z" + "generated": "2021-03-27T21:49:39Z" }, "fedora-updates": { - "generated": "2021-03-26T01:00:44Z" + "generated": "2021-03-28T17:15:17Z" } } } From 44463ac4f7cd0c010756c27c312197ee8e5fdadd Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 29 Mar 2021 14:36:22 -0400 Subject: [PATCH 142/489] buildroot: add dumb-init We want this, just like we had for the cosa buildroot image. At least until this becomes built into k8s and we can just request it via the pod manifest. --- ci/buildroot/buildroot-reqs.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/buildroot/buildroot-reqs.txt b/ci/buildroot/buildroot-reqs.txt index 946f8eedc0..266186d9c5 100644 --- a/ci/buildroot/buildroot-reqs.txt +++ b/ci/buildroot/buildroot-reqs.txt @@ -41,3 +41,6 @@ clang lld libubsan libasan libtsan # And all C/C++ projects should use clang-analyzer clang-analyzer + +# We don't want zombies in our pods +dumb-init From e5891e3c4047a550bb3e60ce813f87dc3147ba27 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 29 Mar 2021 22:10:00 +0000 Subject: [PATCH 143/489] buildroot: Also pull in python3-pyyaml Another ostree dep. I think this is really the last one. --- ci/buildroot/buildroot-reqs.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/ci/buildroot/buildroot-reqs.txt b/ci/buildroot/buildroot-reqs.txt index 266186d9c5..9087247d0c 100644 --- a/ci/buildroot/buildroot-reqs.txt +++ b/ci/buildroot/buildroot-reqs.txt @@ -33,6 +33,7 @@ jq # Used by ostree/rpm-ostree CI (TODO: add to something like TestBuildRequires in spec files) attr +python3-pyyaml parallel gjs # Also, add clang since it's useful at least in CI for C/C++ projects From 22b65e33574cb64d4fff22c4e36ccecb2e088501 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 29 Mar 2021 14:56:27 -0400 Subject: [PATCH 144/489] ci/buildroot: default to builder user Let's match cosa's default of using an unprivileged builder user for builds. Projects which really want to can request uid 0 via `runAsUser:`. Add `wheel` access to make it nicer for local development. --- ci/buildroot/Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ci/buildroot/Dockerfile b/ci/buildroot/Dockerfile index 6c52fcdf49..6f5d397c9b 100644 --- a/ci/buildroot/Dockerfile +++ b/ci/buildroot/Dockerfile @@ -11,3 +11,8 @@ WORKDIR /root/containerbuild COPY . tmp RUN ./tmp/install-buildroot.sh && yum clean all && rm tmp -rf WORKDIR /root +# match cosa's unprivileged default +RUN useradd builder --uid 1000 -G wheel && \ + echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/wheel-nopasswd && \ + chmod 600 /etc/sudoers.d/wheel-nopasswd +USER builder From 567b8dcfe6f75674c3f147505fcda6fcb39914dc Mon Sep 17 00:00:00 2001 From: Sinny Kumari Date: Tue, 30 Mar 2021 17:05:57 +0200 Subject: [PATCH 145/489] overrides: drop coreos-installer --- manifest-lock.overrides.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index db3ea672f2..d92e72a4c6 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -22,9 +22,4 @@ packages: evr: 5.10.19-200.fc33 kernel-modules: evr: 5.10.19-200.fc33 - # Fast-track coreos-installer release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-7a0ce6189e - coreos-installer: - evr: 0.8.0-1.fc33 - coreos-installer-bootinfra: - evr: 0.8.0-1.fc33 + From de0c0b62b02c1d8a3f12c7dd6452c05bbfa5ecec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Wed, 10 Mar 2021 19:34:18 +0100 Subject: [PATCH 146/489] manifests: Fix split to enable sharing with RHCOS - Move stalld back to fedora-coreos-base until it is released in RHEL - Keep dnsmasq alongside podman-plugins as explicit dependency --- manifests/fedora-coreos-base.yaml | 5 ++++- manifests/system-configuration.yaml | 3 --- manifests/user-experience.yaml | 2 -- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index ad07f231c7..a90c740d12 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -137,7 +137,7 @@ packages: - fuse-overlayfs slirp4netns # name resolution for podman containers # https://github.com/coreos/fedora-coreos-tracker/issues/519 - - podman-plugins + - podman-plugins dnsmasq # Remote IPC for podman - libvarlink-util # Minimal NFS client @@ -176,6 +176,9 @@ packages: # zram-generator (but not zram-generator-defaults) for F33 change # https://github.com/coreos/fedora-coreos-tracker/issues/509 - zram-generator + # Boost starving threads + # https://github.com/coreos/fedora-coreos-tracker/issues/753 + - stalld # This thing is crying out to be pulled into systemd, but that hasn't happened # yet. Also we may want to add to rpm-ostree something like arch negation; diff --git a/manifests/system-configuration.yaml b/manifests/system-configuration.yaml index e5a0c3c7d5..f87be6b19d 100644 --- a/manifests/system-configuration.yaml +++ b/manifests/system-configuration.yaml @@ -32,6 +32,3 @@ packages: # /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't # have it then people's disks will slowly fill up with logs. - logrotate - # Boost starving threads - # https://github.com/coreos/fedora-coreos-tracker/issues/753 - - stalld diff --git a/manifests/user-experience.yaml b/manifests/user-experience.yaml index 60ce67d593..3f1f7c2d59 100644 --- a/manifests/user-experience.yaml +++ b/manifests/user-experience.yaml @@ -22,8 +22,6 @@ packages: # Improved MOTD experience - console-login-helper-messages-issuegen - console-login-helper-messages-profile - # DNS/DHCP server - - dnsmasq # kdump support # https://github.com/coreos/fedora-coreos-tracker/issues/622 - kexec-tools From bd54cff005810ee18e09c47c131ba4c780ba030b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Wed, 10 Mar 2021 19:34:55 +0100 Subject: [PATCH 147/489] manifests: Cosmetic changes --- manifests/fedora-coreos-base.yaml | 5 ++++- manifests/system-configuration.yaml | 11 ++++++----- manifests/user-experience.yaml | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index a90c740d12..375435286d 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -125,6 +125,9 @@ postprocess: echo 'MOTD_FILE=/usr/share/misc/motd:/run/motd:/run/motd.d:/etc/motd:/etc/motd.d' >> /etc/login.defs fi +# Packages listed here should be specific to Fedore CoreOS (as in not yet +# available in RHCOS or not desired in RHCOS). All other packages should go +# into one of the sub-manifests listed at the top. packages: # Security - polkit @@ -167,7 +170,7 @@ packages: # file-transfer: note fuse-sshfs is not in RHEL # so we can't put it in file-transfer.yaml - fuse-sshfs - # User experience + # Improved MOTD experience - console-login-helper-messages-motdgen # i18n - kbd diff --git a/manifests/system-configuration.yaml b/manifests/system-configuration.yaml index f87be6b19d..0bf2e014b3 100644 --- a/manifests/system-configuration.yaml +++ b/manifests/system-configuration.yaml @@ -10,9 +10,10 @@ packages: # Installing CoreOS itself - coreos-installer coreos-installer-bootinfra # Storage configuration/management + ## cloud-utils-growpart - For growing root partition - cifs-utils - cloud-utils-growpart - - cryptsetup + - cryptsetup - device-mapper-multipath - e2fsprogs - iscsi-initiator-utils @@ -25,10 +26,10 @@ packages: - shadow-utils # SELinux policy - selinux-policy-targeted - # There are things that write outside of the journal still (such as the - # classic wtmp, etc.) - #(auditd also writes outside the journal but it has its own log rotation.) + # There are things that write outside of the journal still (such as the + # classic wtmp, etc.). auditd also writes outside the journal but it has its + # own log rotation. # Anything package layered will also tend to expect files dropped in - # /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't + # /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't # have it then people's disks will slowly fill up with logs. - logrotate diff --git a/manifests/user-experience.yaml b/manifests/user-experience.yaml index 3f1f7c2d59..1874669071 100644 --- a/manifests/user-experience.yaml +++ b/manifests/user-experience.yaml @@ -13,7 +13,7 @@ packages: - sudo - vim-minimal # File compression/decompression - ## (bsdtar - dependency of 35coreos-live dracut module) + ## bsdtar - dependency of 35coreos-live dracut module - bsdtar - bzip2 - gzip From 724df209e27231ec1d43958a0819a9b2fcbac8d5 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 30 Mar 2021 17:59:46 +0000 Subject: [PATCH 148/489] buildroot: Add rsync It's a convenient way to *merge* local filesystem trees, see https://github.com/ostreedev/ostree/blob/47bf29fed3b99d72c153d3c1581bf9a19c7a9b6d/.cci.jenkinsfile#L73 (Tempting to have this functionality in ostree too but) --- ci/buildroot/buildroot-reqs.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/ci/buildroot/buildroot-reqs.txt b/ci/buildroot/buildroot-reqs.txt index 9087247d0c..daff6950a5 100644 --- a/ci/buildroot/buildroot-reqs.txt +++ b/ci/buildroot/buildroot-reqs.txt @@ -33,6 +33,7 @@ jq # Used by ostree/rpm-ostree CI (TODO: add to something like TestBuildRequires in spec files) attr +rsync python3-pyyaml parallel gjs From bc86b32b1c7040ab92f8d40d5517874ad3ef0af4 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 30 Mar 2021 21:04:13 -0400 Subject: [PATCH 149/489] ci/buildroot: set WORKDIR to /home/builder The `builder` user doesn't have permissions to access `/root`. Should've been part of #917. --- ci/buildroot/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/buildroot/Dockerfile b/ci/buildroot/Dockerfile index 6f5d397c9b..c7c1e81e2f 100644 --- a/ci/buildroot/Dockerfile +++ b/ci/buildroot/Dockerfile @@ -10,9 +10,9 @@ USER root WORKDIR /root/containerbuild COPY . tmp RUN ./tmp/install-buildroot.sh && yum clean all && rm tmp -rf -WORKDIR /root # match cosa's unprivileged default RUN useradd builder --uid 1000 -G wheel && \ echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/wheel-nopasswd && \ chmod 600 /etc/sudoers.d/wheel-nopasswd USER builder +WORKDIR /home/builder From d709e4f5fc3970fb6b938dc7bcfdb8d602d2db94 Mon Sep 17 00:00:00 2001 From: Kelvin Fan Date: Tue, 30 Mar 2021 17:28:07 -0400 Subject: [PATCH 150/489] overrides: Fast-track console-login-helper-messages-0.21.2.fc33 --- manifest-lock.overrides.yaml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index d92e72a4c6..b14844a892 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -22,4 +22,17 @@ packages: evr: 5.10.19-200.fc33 kernel-modules: evr: 5.10.19-200.fc33 - + # Fast-track console-login-helper-messages release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-cf005d6480 + # New updates in console-login-helper-messages v0.21.2 fixes + # the console prompt being left solid white after displaying + # the OS release MOTD. + # https://github.com/coreos/fedora-coreos-tracker/issues/750 + console-login-helper-messages: + evra: 0.21.2-1.fc33.noarch + console-login-helper-messages-issuegen: + evra: 0.21.2-1.fc33.noarch + console-login-helper-messages-motdgen: + evra: 0.21.2-1.fc33.noarch + console-login-helper-messages-profile: + evra: 0.21.2-1.fc33.noarch From 5863ecfa6f2532eadedc369b0c88ee5b6f41ea33 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 3 Apr 2021 21:40:07 +0000 Subject: [PATCH 151/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/185/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2ba3a8dd40..79c050eb01 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -118,16 +118,16 @@ "evra": "2:2.0.26-1.fc33.x86_64" }, "console-login-helper-messages": { - "evra": "0.21.1-2.fc33.noarch" + "evra": "0.21.2-1.fc33.noarch" }, "console-login-helper-messages-issuegen": { - "evra": "0.21.1-2.fc33.noarch" + "evra": "0.21.2-1.fc33.noarch" }, "console-login-helper-messages-motdgen": { - "evra": "0.21.1-2.fc33.noarch" + "evra": "0.21.2-1.fc33.noarch" }, "console-login-helper-messages-profile": { - "evra": "0.21.1-2.fc33.noarch" + "evra": "0.21.2-1.fc33.noarch" }, "container-selinux": { "evra": "2:2.158.0-1.fc33.noarch" @@ -166,7 +166,7 @@ "evra": "3.15-1.fc33.x86_64" }, "crun": { - "evra": "0.18-1.fc33.x86_64" + "evra": "0.18-4.fc33.x86_64" }, "crypto-policies": { "evra": "20200918-1.git85dccc5.fc33.noarch" @@ -337,7 +337,7 @@ "evra": "3.9.4-1.fc33.x86_64" }, "fwupd": { - "evra": "1.5.7-1.fc33.x86_64" + "evra": "1.5.8-1.fc33.x86_64" }, "gawk": { "evra": "5.1.0-2.fc33.x86_64" @@ -634,7 +634,7 @@ "evra": "9-8.fc33.x86_64" }, "libmaxminddb": { - "evra": "1.5.0-1.fc33.x86_64" + "evra": "1.5.2-1.fc33.x86_64" }, "libmetalink": { "evra": "0.1.3-13.fc33.x86_64" @@ -925,19 +925,19 @@ "evra": "8.4p1-5.fc33.x86_64" }, "openssl": { - "evra": "1:1.1.1j-1.fc33.x86_64" + "evra": "1:1.1.1k-1.fc33.x86_64" }, "openssl-libs": { - "evra": "1:1.1.1j-1.fc33.x86_64" + "evra": "1:1.1.1k-1.fc33.x86_64" }, "os-prober": { "evra": "1.77-6.fc33.x86_64" }, "ostree": { - "evra": "2020.8-1.fc33.x86_64" + "evra": "2021.1-2.fc33.x86_64" }, "ostree-libs": { - "evra": "2020.8-1.fc33.x86_64" + "evra": "2021.1-2.fc33.x86_64" }, "p11-kit": { "evra": "0.23.22-2.fc33.x86_64" @@ -1024,10 +1024,10 @@ "evra": "1.2.5-5.rc1.fc33.3.x86_64" }, "rpm": { - "evra": "4.16.1.2-1.fc33.x86_64" + "evra": "4.16.1.3-1.fc33.x86_64" }, "rpm-libs": { - "evra": "4.16.1.2-1.fc33.x86_64" + "evra": "4.16.1.3-1.fc33.x86_64" }, "rpm-ostree": { "evra": "2021.3-2.fc33.x86_64" @@ -1036,7 +1036,7 @@ "evra": "2021.3-2.fc33.x86_64" }, "rpm-plugin-selinux": { - "evra": "4.16.1.2-1.fc33.x86_64" + "evra": "4.16.1.3-1.fc33.x86_64" }, "rsync": { "evra": "3.2.3-3.fc33.x86_64" @@ -1060,10 +1060,10 @@ "evra": "4.8-5.fc33.x86_64" }, "selinux-policy": { - "evra": "3.14.6-35.fc33.noarch" + "evra": "3.14.6-36.fc33.noarch" }, "selinux-policy-targeted": { - "evra": "3.14.6-35.fc33.noarch" + "evra": "3.14.6-36.fc33.noarch" }, "setup": { "evra": "2.13.7-2.fc33.noarch" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-03-28T21:07:35Z", + "generated": "2021-04-03T21:11:01Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-03-27T21:49:39Z" + "generated": "2021-03-31T13:33:09Z" }, "fedora-updates": { - "generated": "2021-03-28T17:15:17Z" + "generated": "2021-04-03T00:40:02Z" } } } From 0f4f3a395935f6cb226ad90dd1419bb3c34f2119 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 4 Apr 2021 21:37:31 +0000 Subject: [PATCH 152/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/186/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 79c050eb01..42a5ee241f 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -181,7 +181,7 @@ "evra": "1:2.3.3op2-3.fc33.x86_64" }, "curl": { - "evra": "7.71.1-8.fc33.x86_64" + "evra": "7.71.1-9.fc33.x86_64" }, "cyrus-sasl-gssapi": { "evra": "2.1.27-6.fc33.x86_64" @@ -547,7 +547,7 @@ "evra": "1.45.6-4.fc33.x86_64" }, "libcurl": { - "evra": "7.71.1-8.fc33.x86_64" + "evra": "7.71.1-9.fc33.x86_64" }, "libdaemon": { "evra": "0.14-20.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-03T21:11:01Z", + "generated": "2021-04-04T21:07:47Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-03-31T13:33:09Z" + "generated": "2021-04-03T21:51:55Z" }, "fedora-updates": { - "generated": "2021-04-03T00:40:02Z" + "generated": "2021-04-04T00:56:39Z" } } } From d8e5bb29f8b04d06cd2ec6f10ceb4c5c6fd61b93 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 3 Dec 2020 16:06:05 -0500 Subject: [PATCH 153/489] tests/manual: docsnettest: enhance dhcp server instructions Make it easier to use a different interface name and also add in the missing EOF. --- tests/manual/coreos-docs-net-testing.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/manual/coreos-docs-net-testing.sh b/tests/manual/coreos-docs-net-testing.sh index 5e0482a53a..6d471ce866 100755 --- a/tests/manual/coreos-docs-net-testing.sh +++ b/tests/manual/coreos-docs-net-testing.sh @@ -20,13 +20,15 @@ set -eu -o pipefail # I test this way I usually stand up a separate VM on the same bridge # and run dnsmasq on a tagged network like: # +# interface=eth1 # cat < /etc/dnsmasq.d/vlandhcp -# interface=eth1.100 +# interface=${interface}.100 # bind-interfaces # dhcp-range=192.168.200.150,192.168.200.160,12h -# ip link add link eth0 name eth0.100 type vlan id 100 -# ip addr add 192.168.200.1/24 dev eth0.100 -# ip link set eth0.100 up +# EOF +# ip link add link $interface name "${interface}.100" type vlan id 100 +# ip addr add 192.168.200.1/24 dev "${interface}.100" +# ip link set "${interface}.100" up # systemctl enable dnsmasq --now # # - Dusty Mabe - dusty@dustymabe.com From b623e02983c53a6ffe1905c40bf22e9bafd3879d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 3 Dec 2020 16:07:00 -0500 Subject: [PATCH 154/489] tests/manual: docsnettest: align the dhcpvlan test This didn't match with the docs. Let's fix it. --- tests/manual/coreos-docs-net-testing.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/manual/coreos-docs-net-testing.sh b/tests/manual/coreos-docs-net-testing.sh index 6d471ce866..03e71b8be9 100755 --- a/tests/manual/coreos-docs-net-testing.sh +++ b/tests/manual/coreos-docs-net-testing.sh @@ -283,6 +283,8 @@ fcct_dhcpvlanbond=' mode=active-backup [ipv4] method=disabled + [ipv6] + method=disabled - path: /etc/NetworkManager/system-connections/${bondname}-slave-${subnic1}.nmconnection mode: 0600 contents: From 4ec23e2078c01719ced198e085f2f0e0b47994df Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 3 Dec 2020 16:56:59 -0500 Subject: [PATCH 155/489] tests/manual: remove bug workarounds from net tests The NM bugs we were working around [1], [2], [3] are fixed upstream now so let's remove the workarounds from the code. [1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/509 [2] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/539 [3] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/581 --- tests/manual/coreos-docs-net-testing.sh | 10 ++-------- tests/manual/coreos-network-testing.sh | 4 +--- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/tests/manual/coreos-docs-net-testing.sh b/tests/manual/coreos-docs-net-testing.sh index 03e71b8be9..ffd4d9db7e 100755 --- a/tests/manual/coreos-docs-net-testing.sh +++ b/tests/manual/coreos-docs-net-testing.sh @@ -437,10 +437,6 @@ EOF common_args+=' ignition.firstboot' # manually set ignition.firstboot #common_args+=' rd.break=pre-mount' - # Have to add ipv6.disable=1 for Fedora 33+ because of - # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/539 - common_args+=' ipv6.disable=1' - # export these values so we can substitute the values # in using the envsubst command export ip gateway netmask prefix interface nameserver bondname teamname bridgename subnic1 subnic2 vlanid @@ -484,7 +480,6 @@ EOF export hostname="staticvlan" x="${common_args} rd.neednet=1" x+=" ip=${ip}::${gateway}:${netmask}:${hostname}:${interface}.${vlanid}:none:${nameserver}" - x+=" ip=${interface}:off" x+=" vlan=${interface}.${vlanid}:${interface}" x+=" ip=${subnic2}:off" initramfs_staticvlan=$x @@ -493,10 +488,9 @@ EOF export hostname="dhcpvlanbond" x="${common_args} rd.neednet=1" - x+=" ip=vlan${vlanid}:dhcp" - x+=" ip=${bondname}:off" + x+=" ip=${bondname}.${vlanid}:dhcp" x+=" bond=${bondname}:${subnic1},${subnic2}:mode=active-backup,miimon=100" - x+=" vlan=vlan${vlanid}:${bondname}" + x+=" vlan=${bondname}.${vlanid}:${bondname}" initramfs_dhcpvlanbond=$x fcct_initramfs_dhcpvlanbond=$(echo "${fcct_common}${fcct_hostname}" | envsubst) fcct_dhcpvlanbond=$(echo "${fcct_common}${fcct_hostname}${fcct_dhcpvlanbond}" | envsubst) diff --git a/tests/manual/coreos-network-testing.sh b/tests/manual/coreos-network-testing.sh index 505a543a0f..2ebbdd5fea 100755 --- a/tests/manual/coreos-network-testing.sh +++ b/tests/manual/coreos-network-testing.sh @@ -546,10 +546,8 @@ EOF x="${common_args} rd.neednet=1 ip=${nic0}:dhcp ip=${nic1}:dhcp" initramfs_dhcp_nic0nic1=$x - # Have to add ipv6.disable=1 for Fedora 33+ because of - # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/539 devname=$nic0 - x="${common_args} rd.neednet=1 ip=${nic1}:off ipv6.disable=1" + x="${common_args} rd.neednet=1 ip=${nic1}:off" x+=" ip=${ip}::${gateway}:${netmask}:${initramfshostname}:${devname}:none:${nameserverstatic}" initramfs_static_nic0=$x From f67ac16bd600a0a867a9c4cbed26f2689ad5cdb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 6 Apr 2021 16:29:43 +0200 Subject: [PATCH 156/489] manifests: Move stalld to shared 'system-configuration' manifest This manifest is shared with RHCOS which will have stalld with the move to 8.4 content. --- manifests/fedora-coreos-base.yaml | 3 --- manifests/system-configuration.yaml | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 375435286d..c5462782e4 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -179,9 +179,6 @@ packages: # zram-generator (but not zram-generator-defaults) for F33 change # https://github.com/coreos/fedora-coreos-tracker/issues/509 - zram-generator - # Boost starving threads - # https://github.com/coreos/fedora-coreos-tracker/issues/753 - - stalld # This thing is crying out to be pulled into systemd, but that hasn't happened # yet. Also we may want to add to rpm-ostree something like arch negation; diff --git a/manifests/system-configuration.yaml b/manifests/system-configuration.yaml index 0bf2e014b3..5b4bb68795 100644 --- a/manifests/system-configuration.yaml +++ b/manifests/system-configuration.yaml @@ -33,3 +33,6 @@ packages: # /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't # have it then people's disks will slowly fill up with logs. - logrotate + # Boost starving threads + # https://github.com/coreos/fedora-coreos-tracker/issues/753 + - stalld From b5a7b3ab1f929addaa1646abcd478aef995d6393 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 18 Mar 2021 15:19:03 -0400 Subject: [PATCH 157/489] ci: use --parent-build This is prep for more easily re-diff'ing the previous and new build via rpm-ostree. But also it more closely matches what production builds do. --- .cci.jenkinsfile | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index 82d958b285..62ccef4f10 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -14,7 +14,18 @@ cosaPod { cosa buildprep https://builds.coreos.fedoraproject.org/prod/streams/${env.CHANGE_TARGET}/builds """) - fcosBuild(skipInit: true, extraFetchArgs: '--with-cosa-overrides') + // use a --parent-build arg so we can diff later and it matches prod + def parent_arg = "" + def parent_commit = "" + if (shwrapRc("test -e /srv/fcos/builds/latest/x86_64/meta.json") == 0) { + shwrap("cp /srv/fcos/builds/latest/x86_64/meta.json .") // readJSON wants it in the WORKSPACE + def meta = readJSON file: "meta.json" + def version = meta["buildid"] + parent_arg = "--parent-build ${version}" + parent_commit = meta["ostree-commit"] + } + + fcosBuild(skipInit: true, extraFetchArgs: '--with-cosa-overrides', extraArgs: parent_arg) parallel metal: { shwrap("cd /srv/fcos && cosa buildextend-metal") From 793a0d0250c235fee3835420848981751c9a2cb6 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 12 Mar 2021 16:27:23 -0500 Subject: [PATCH 158/489] ci: print human-readable RPM diff The `.pkgdiff` element from the build metadata isn't very useful to humans. Let's just re-invoke `rpm-ostree db diff` to get a nice legible diff. --- .cci.jenkinsfile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index 62ccef4f10..c76c0147b8 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -44,7 +44,13 @@ cosaPod { } // also print the pkgdiff as a separate stage to make it more visible - stage("RPM Diff") { - shwrap("jq .pkgdiff /srv/fcos/builds/latest/x86_64/meta.json") + if (parent_arg != "") { + stage("RPM Diff") { + shwrap(""" + cd /srv/fcos + new_commit=\$(jq -r '.["ostree-commit"]' builds/latest/x86_64/meta.json) + rpm-ostree db diff --repo tmp/repo ${parent_commit} \${new_commit} | tee tmp/diff.txt + """) + } } } From 09c392dadbc93bb6c131fc6e3bc8e03744f730cb Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 12 Mar 2021 16:28:27 -0500 Subject: [PATCH 159/489] ci: error out if downgrade detected In the majority of cases, we don't expect new builds to downgrade RPMs. Let's default to erroring out and contributors can consciously override CI if was really expected. --- .cci.jenkinsfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index c76c0147b8..bf62662eaf 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -50,6 +50,10 @@ cosaPod { cd /srv/fcos new_commit=\$(jq -r '.["ostree-commit"]' builds/latest/x86_64/meta.json) rpm-ostree db diff --repo tmp/repo ${parent_commit} \${new_commit} | tee tmp/diff.txt + if grep -q Downgraded tmp/diff.txt; then + echo "Downgrade detected. This is likely unintentional. If not, you may safely ignore this error." + exit 1 + fi """) } } From f63d8b832794e5e4fe8f42e98317bdbc8dece5d9 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 29 Mar 2021 15:05:46 -0400 Subject: [PATCH 160/489] ci: use `cosa basearch` instead of hardcoding x86_64 This doesn't matter right now, but just on principle. --- .cci.jenkinsfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index bf62662eaf..07553f4633 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -3,6 +3,8 @@ cosaPod { checkoutToDir(scm, 'config') + def basearch = shwrapCapture("cosa basearch") + shwrap("cd config && ci/validate") shwrap(""" @@ -17,8 +19,8 @@ cosaPod { // use a --parent-build arg so we can diff later and it matches prod def parent_arg = "" def parent_commit = "" - if (shwrapRc("test -e /srv/fcos/builds/latest/x86_64/meta.json") == 0) { - shwrap("cp /srv/fcos/builds/latest/x86_64/meta.json .") // readJSON wants it in the WORKSPACE + if (shwrapRc("test -e /srv/fcos/builds/latest/${basearch}/meta.json") == 0) { + shwrap("cp /srv/fcos/builds/latest/${basearch}/meta.json .") // readJSON wants it in the WORKSPACE def meta = readJSON file: "meta.json" def version = meta["buildid"] parent_arg = "--parent-build ${version}" @@ -48,7 +50,7 @@ cosaPod { stage("RPM Diff") { shwrap(""" cd /srv/fcos - new_commit=\$(jq -r '.["ostree-commit"]' builds/latest/x86_64/meta.json) + new_commit=\$(jq -r '.["ostree-commit"]' builds/latest/${basearch}/meta.json) rpm-ostree db diff --repo tmp/repo ${parent_commit} \${new_commit} | tee tmp/diff.txt if grep -q Downgraded tmp/diff.txt; then echo "Downgrade detected. This is likely unintentional. If not, you may safely ignore this error." From b4a65864ef3b7d05b1452ee92384266c875196df Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 6 Apr 2021 11:11:55 -0400 Subject: [PATCH 161/489] 35coreos-live/coreos-livepxe-rootfs: add in connectivity check before downloading This should help us get around some race conditions on startup where we've seen curl exit with "No route to host" errors. This most likely happens because the Networking in the kernel is still being brought up (seen more in complex networking scenarios) and curl hits that error the first time it tries. Since "No route to host" isn't considered retryable, curl exits. Instead let's just verify we can get to the remote at all in an initial `curl --head` call. In this one we'll use --retry-all-errors so that we will retry all errors. Once the connectivity to the remote is verified then it should be safe to start downloading. --- .../35coreos-live/coreos-livepxe-rootfs.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh index 05824f3f24..0bc4e893bc 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh @@ -30,11 +30,24 @@ elif [[ -n "${rootfs_url}" ]]; then echo "Please fix your PXE configuration." >&2 exit 1 fi + + # First, reach out to the server to verify connectivity before + # trying to download and pipe content through other programs. + # Doing this allows us to retry all errors (including transient + # "no route to host" errors during startup), without using the + # --retry-all-errors, which is problematic (see curl man page) + # when piping the output. + curl_common_args="--silent --show-error --insecure --location --retry 5" + if ! curl --head --retry-all-errors $curl_common_args "${rootfs_url}" >/dev/null; then + echo "Couldn't establish connectivity with the server specified by coreos.live.rootfs_url=" >&2 + echo "Check that the URL is correct and can be reached." >&2 + exit 1 + fi # We don't need to verify TLS certificates because we're checking the # image hash. # bsdtar can read cpio archives and we already depend on it for # coreos-liveiso-persist-osmet.service, so use it instead of cpio. - if ! curl --silent --show-error --insecure --location --retry 5 "${rootfs_url}" | \ + if ! curl $curl_common_args "${rootfs_url}" | \ rdcore stream-hash /etc/coreos-live-want-rootfs | \ bsdtar -xf - -C / ; then echo "Couldn't fetch, verify, and unpack image specified by coreos.live.rootfs_url=" >&2 From 829dae04337b924c59ca1d8646f2904a58481215 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Thu, 1 Apr 2021 16:25:42 +0200 Subject: [PATCH 162/489] overrides: Fast-track podman 3.1.0-2 From https://bodhi.fedoraproject.org/updates/FEDORA-2021-e70b450680 --- manifest-lock.overrides.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index b14844a892..aa47ac3d54 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -36,3 +36,10 @@ packages: evra: 0.21.2-1.fc33.noarch console-login-helper-messages-profile: evra: 0.21.2-1.fc33.noarch + # Fast-track new podman release to fix podman cp: + # https://github.com/coreos/fedora-coreos-tracker/issues/771 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-e70b450680 + podman: + evr: 2:3.1.0-2.fc33 + podman-plugins: + evr: 2:3.1.0-2.fc33 From 168cdf7f9b1afd1f476fe48eeb40a03bf070a3a7 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 6 Apr 2021 17:05:52 +0000 Subject: [PATCH 163/489] buildroot: Blow out quay.io cache This is going to be problematic for the buildroot in general. Not finding docs on a mechanism to avoid this on quay. --- ci/buildroot/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/buildroot/Dockerfile b/ci/buildroot/Dockerfile index c7c1e81e2f..b9ffcaa2e5 100644 --- a/ci/buildroot/Dockerfile +++ b/ci/buildroot/Dockerfile @@ -9,7 +9,7 @@ FROM registry.fedoraproject.org/fedora:33 USER root WORKDIR /root/containerbuild COPY . tmp -RUN ./tmp/install-buildroot.sh && yum clean all && rm tmp -rf +RUN ./tmp/install-buildroot.sh && yum clean all && rm tmp -rf # nocache 20210406 # match cosa's unprivileged default RUN useradd builder --uid 1000 -G wheel && \ echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/wheel-nopasswd && \ From b3715fa61d5d000bfdcf8eb5a8ffa2b5856bc887 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 7 Apr 2021 00:39:33 +0000 Subject: [PATCH 164/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/193/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 42a5ee241f..295018bd86 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -166,7 +166,7 @@ "evra": "3.15-1.fc33.x86_64" }, "crun": { - "evra": "0.18-4.fc33.x86_64" + "evra": "0.18-5.fc33.x86_64" }, "crypto-policies": { "evra": "20200918-1.git85dccc5.fc33.noarch" @@ -979,10 +979,10 @@ "evra": "1.7.3-5.fc33.x86_64" }, "podman": { - "evra": "2:3.0.1-1.fc33.x86_64" + "evra": "2:3.1.0-2.fc33.x86_64" }, "podman-plugins": { - "evra": "2:3.0.1-1.fc33.x86_64" + "evra": "2:3.1.0-2.fc33.x86_64" }, "policycoreutils": { "evra": "3.1-4.fc33.x86_64" @@ -1042,7 +1042,7 @@ "evra": "3.2.3-3.fc33.x86_64" }, "runc": { - "evra": "2:1.0.0-279.dev.gitdedadbf.fc33.x86_64" + "evra": "2:1.0.0-375.dev.git12644e6.fc33.x86_64" }, "samba-client-libs": { "evra": "2:4.13.5-0.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-04T21:07:47Z", + "generated": "2021-04-07T00:03:40Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-03T21:51:55Z" + "generated": "2021-04-06T22:33:54Z" }, "fedora-updates": { - "generated": "2021-04-04T00:56:39Z" + "generated": "2021-04-06T00:55:53Z" } } } From b7e4622ed68a76e8cf4d11f67290c249a40c9b0b Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 26 Mar 2021 11:12:58 -0400 Subject: [PATCH 165/489] Move next-devel to cgroupsv2 for new nodes All we need to do is to make the associated karg be specific to `testing-devel` by uplisting it to `image.yaml`. Then `next-devel` will naturally shed it when `image-base.yaml` gets synced over. See: https://github.com/coreos/fedora-coreos-tracker/issues/292 --- image-base.yaml | 6 +++--- image.yaml | 5 +++++ tests/kola/misc-ro | 23 +++++++++++++++++++++++ 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/image-base.yaml b/image-base.yaml index 6e83494bd7..1aabf6ace6 100644 --- a/image-base.yaml +++ b/image-base.yaml @@ -1,3 +1,6 @@ +# This file is shared by all streams. For a stream-specific change, use +# image.yaml instead. + # Target disk size in GB. # Make it at least 10G because we want the rootfs to be at least 8G: # https://github.com/coreos/fedora-coreos-tracker/issues/586 @@ -6,9 +9,6 @@ size: 10 extra-kargs: # Disable SMT on systems vulnerable to MDS or any similar future issue. - mitigations=auto,nosmt - # https://github.com/coreos/fedora-coreos-tracker/issues/292 - # https://fedoraproject.org/wiki/Changes/CGroupsV2 - - systemd.unified_cgroup_hierarchy=0 # Disable networking by default on firstboot. We can drop this once cosa stops # defaulting to `ip=dhcp,dhcp6 rd.neednet=1` when it doesn't see this key. diff --git a/image.yaml b/image.yaml index 1bf800cca2..8f79a3abde 100644 --- a/image.yaml +++ b/image.yaml @@ -2,3 +2,8 @@ # similarly to manifest.yaml. Unlike image-base.yaml, which is shared by all # streams. include: image-base.yaml + +extra-kargs: + # https://github.com/coreos/fedora-coreos-tracker/issues/292 + # https://fedoraproject.org/wiki/Changes/CGroupsV2 + - systemd.unified_cgroup_hierarchy=0 diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index bf36423e05..c79c88c2fb 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -150,3 +150,26 @@ if ! grep prjquota <<< "${rootflags}"; then fatal "missing prjquota in root mount flags: ${rootflags}" fi ok "root mounted with prjquota" + +has_cgroup_karg=1 +grep -q systemd.unified_cgroup_hierarchy /proc/cmdline || has_cgroup_karg=0 +sys_fs_cgroup_source=$(findmnt -no SOURCE /sys/fs/cgroup) +stream=$(rpm-ostree status -b --json | jq -r '.deployments[0]["base-commit-meta"]["fedora-coreos.stream"]') +case "$stream" in + "testing-devel" | "testing" | "stable") + if [ $has_cgroup_karg == 0 ]; then + fatal "missing systemd.unified_cgroup_hierarchy=0" + fi + if [[ $sys_fs_cgroup_source != tmpfs ]]; then + fatal "/sys/fs/cgroup is not tmpfs" + fi + ;; + *) + if [ $has_cgroup_karg == 1 ]; then + fatal "found systemd.unified_cgroup_hierarchy=0" + fi + if [[ $sys_fs_cgroup_source != cgroup2 ]]; then + fatal "/sys/fs/cgroup is not cgroup2" + fi + ;; +esac From 01c6d01cca73c87688529c3db81aadb81e830a51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 16 Mar 2021 17:42:04 +0100 Subject: [PATCH 166/489] tests: Add basic test for rpm-ostree countme Test that: - The timer is started when rpm-ostreed started - Manual startup of the count me service is sucessful - Output matches the number of expected successful requests --- tests/kola/rpm-ostree-countme/config.fcc | 7 +++++ tests/kola/rpm-ostree-countme/test.sh | 36 ++++++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 tests/kola/rpm-ostree-countme/config.fcc create mode 100755 tests/kola/rpm-ostree-countme/test.sh diff --git a/tests/kola/rpm-ostree-countme/config.fcc b/tests/kola/rpm-ostree-countme/config.fcc new file mode 100644 index 0000000000..002cc59a7a --- /dev/null +++ b/tests/kola/rpm-ostree-countme/config.fcc @@ -0,0 +1,7 @@ +variant: fcos +version: 1.3.0 +systemd: + units: + - name: rpm-ostree-countme.timer + mask: false + enabled: true diff --git a/tests/kola/rpm-ostree-countme/test.sh b/tests/kola/rpm-ostree-countme/test.sh new file mode 100755 index 0000000000..598fd8c50f --- /dev/null +++ b/tests/kola/rpm-ostree-countme/test.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -xeuo pipefail + +# No need to run an other platforms than QEMU. +# kola: { "tags": "needs-internet", "platforms": "qemu-unpriv" } + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +# Check that the timer got pulled when rpm-ostreed got started +if [[ $(systemctl show -p ActiveState rpm-ostree-countme.timer) != "ActiveState=active" ]] \ + && [[ $(systemctl show -p SubState rpm-ostree-countme.timer) != "SubState=waiting" ]]; then + fatal "rpm-ostree-countme timer has not been started" +fi + +# Check that running the service manually is successful +systemctl start rpm-ostree-countme.service +if [[ $(systemctl show -p ActiveState rpm-ostree-countme.service) != "ActiveState=inactive" ]] \ + && [[ $(systemctl show -p SubState rpm-ostree-countme.service) != "SubState=dead" ]] \ + && [[ $(systemctl show -p Result rpm-ostree-countme.service) != "Result=success" ]] \ + && [[ $(systemctl show -p ExecMainStatus rpm-ostree-countme.service) != "ExecMainStatus=0" ]]; then + fatal "rpm-ostree-countme exited with an error" +fi + +# Check rpm-ostree count me output +if [[ $(journalctl --output=json --boot --unit=rpm-ostree-countme.service --grep "Successful requests:" | jq --raw-output '.MESSAGE') != "Successful requests: 2/2" ]]; then + fatal "rpm-ostree-countme service ouput does not match expected sucess output" +fi + +ok countme From 330d0ab12c322e312fe31d01fedfb7d3deee84a2 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 6 Apr 2021 23:09:02 +0000 Subject: [PATCH 167/489] buildroot: Drop USER creation, add createrepo_c+ostree The USER bit breaks the ability to use this in Github actions. Further, it's not useful for OpenShift because the platform allocates a dynamic UID today (Eventually Kube user namespaces will augment this). We added this for the Jenkins/CCI, but previously we were running the buildroot as uid 0 (i.e. Docker default) anyways. If we want to enhance the flow to run as non-root, I think the right thing is to do it in the platform and not the container. --- ci/buildroot/Dockerfile | 12 ++---------- ci/buildroot/buildroot-reqs.txt | 4 ++++ 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/ci/buildroot/Dockerfile b/ci/buildroot/Dockerfile index b9ffcaa2e5..a3dc9a67be 100644 --- a/ci/buildroot/Dockerfile +++ b/ci/buildroot/Dockerfile @@ -6,13 +6,5 @@ # This image is used by CoreOS CI to build software like # Ignition, rpm-ostree, ostree, coreos-installer, etc... FROM registry.fedoraproject.org/fedora:33 -USER root -WORKDIR /root/containerbuild -COPY . tmp -RUN ./tmp/install-buildroot.sh && yum clean all && rm tmp -rf # nocache 20210406 -# match cosa's unprivileged default -RUN useradd builder --uid 1000 -G wheel && \ - echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/wheel-nopasswd && \ - chmod 600 /etc/sudoers.d/wheel-nopasswd -USER builder -WORKDIR /home/builder +COPY . /src +RUN ./src/install-buildroot.sh && yum clean all && rm /src -rf # nocache 20210406 diff --git a/ci/buildroot/buildroot-reqs.txt b/ci/buildroot/buildroot-reqs.txt index daff6950a5..9fa769516c 100644 --- a/ci/buildroot/buildroot-reqs.txt +++ b/ci/buildroot/buildroot-reqs.txt @@ -28,6 +28,9 @@ xz # For rust projects like rpm-ostree rustfmt +# For unit tests at least. +ostree + # A super common tool jq @@ -36,6 +39,7 @@ attr rsync python3-pyyaml parallel gjs +createrepo_c # Also, add clang since it's useful at least in CI for C/C++ projects clang lld From 0f8eeaf26c839d12e77ca1767cc0ca04695bc5f7 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 7 Apr 2021 17:19:16 -0400 Subject: [PATCH 168/489] tests/kola: handle possible rootless-systemd flake The sleep 5 might not be long enough if CI is loaded. Let's make curl itself do the retry, which contains logic for exponential backoff. --- tests/kola/podman/rootless-systemd | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/kola/podman/rootless-systemd b/tests/kola/podman/rootless-systemd index c12cec80a9..87936bacec 100755 --- a/tests/kola/podman/rootless-systemd +++ b/tests/kola/podman/rootless-systemd @@ -53,10 +53,8 @@ main() { chmod +x /tmp/runascoreuserscript runascoreuser /tmp/runascoreuserscript - # Let it come up - sleep 5 - - if ! curl http://localhost:8080 1>/dev/null; then + # Try to grab the web page. Retry as it might not be up fully yet. + if ! curl --silent --show-error --retry 4 --retry-all-errors http://localhost:8080 >/dev/null; then echo TEST FAILED 1>&2 runascoreuser podman logs httpd return 1 From 67f5a40785fab863d8f9b6dd8f37fd13ad7d86a8 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 7 Apr 2021 15:23:26 -0400 Subject: [PATCH 169/489] 35coreos-network: enable initrd networking on azurestack Just like on Azure, Afterburn needs networking for hostname fetching and boot check-in. Ideally, Afterburn would request it itself but this is where that logic lives for now (see [1]). [1] https://github.com/coreos/fedora-coreos-tracker/blob/master/internals/README-initramfs.md#networking --- .../modules.d/35coreos-network/coreos-enable-network.service | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service index 9f9cc92e4b..e7ba08d153 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service @@ -7,10 +7,11 @@ After=basic.target # Triggering conditions for cases where we need network: # * when Ignition signals that it is required for provisioning. # * on live systems fetching the remote rootfs in initramfs. -# * on Azure, for hostname fetching (metadata endpoint) and boot check-in (wireserver). +# * on Azure and Azure Stack Hub, for hostname fetching (metadata endpoint) and boot check-in (wireserver). ConditionPathExists=|/run/ignition/neednet ConditionKernelCommandLine=|coreos.live.rootfs_url ConditionKernelCommandLine=|ignition.platform.id=azure +ConditionKernelCommandLine=|ignition.platform.id=azurestack # Creates /run/ignition/neednet After=ignition-fetch-offline.service From 3167d834e18ab5bbf106cef91d5eaf1e155a4786 Mon Sep 17 00:00:00 2001 From: Kelvin Fan Date: Wed, 7 Apr 2021 17:03:42 -0400 Subject: [PATCH 170/489] 12kdump: Remount /boot rw before `kdump.service` Right now, `kdump` fails to generate its initramfs because it cannot place it next to our default initramfs in `/boot/ostree`, which is read-only. This is a workaround to get `kdump` working again until it gains the ability to place its generated initramfs in a different location (e.g. `/var/lib/kdump`). xref: https://bugzilla.redhat.com/show_bug.cgi?id=1918493 --- .../lib/systemd/system/kdump.service.d/remount-boot.conf | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf diff --git a/overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf b/overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf new file mode 100644 index 0000000000..2b4d940847 --- /dev/null +++ b/overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf @@ -0,0 +1,9 @@ +# https://bugzilla.redhat.com/show_bug.cgi?id=1918493 +# `/boot` is read-only, but `kdump.service` wants to +# places its generated initramfs alongside the default +# initramfs under `/boot/ostree`. +# Until `kdump` gains the ability to place its initramfs +# elsewhere, temporarily remount `/boot` read-write before +# the `kdump` initramfs is generated. +[Service] +ExecStartPre=/usr/bin/mount -o remount,rw /boot From fb53c99f6a3a90786cf4fc0d8cd57f1a0d771f8b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 8 Apr 2021 21:50:49 +0000 Subject: [PATCH 171/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/196/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 295018bd86..1e2981166d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -130,7 +130,7 @@ "evra": "0.21.2-1.fc33.noarch" }, "container-selinux": { - "evra": "2:2.158.0-1.fc33.noarch" + "evra": "2:2.160.0-1.fc33.noarch" }, "containerd": { "evra": "1.4.4-1.fc33.x86_64" @@ -310,7 +310,7 @@ "evra": "0.8.6-1.fc33.noarch" }, "flatpak-session-helper": { - "evra": "1.10.2-1.fc33.x86_64" + "evra": "1.10.2-2.fc33.x86_64" }, "fstrm": { "evra": "0.6.0-1.fc33.x86_64" @@ -325,7 +325,7 @@ "evra": "2.9.9-10.fc33.x86_64" }, "fuse-overlayfs": { - "evra": "1.4.0-1.fc33.x86_64" + "evra": "1.5.0-1.fc33.x86_64" }, "fuse-sshfs": { "evra": "3.7.1-1.fc33.x86_64" @@ -406,7 +406,7 @@ "evra": "3.23-3.fc33.x86_64" }, "hwdata": { - "evra": "0.345-1.fc33.noarch" + "evra": "0.346-1.fc33.noarch" }, "ignition": { "evra": "2.9.0-4.fc33.x86_64" @@ -628,7 +628,7 @@ "evra": "1.3.5-13.fc33.x86_64" }, "libldb": { - "evra": "2.2.0-4.fc33.x86_64" + "evra": "2.2.1-1.fc33.x86_64" }, "libluksmeta": { "evra": "9-8.fc33.x86_64" @@ -727,7 +727,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "libsmbclient": { - "evra": "2:4.13.5-0.fc33.x86_64" + "evra": "2:4.13.7-0.fc33.x86_64" }, "libsmbios": { "evra": "2.4.3-1.fc33.x86_64" @@ -802,7 +802,7 @@ "evra": "0.3.0-10.fc33.x86_64" }, "libwbclient": { - "evra": "2:4.13.5-0.fc33.x86_64" + "evra": "2:4.13.7-0.fc33.x86_64" }, "libxcrypt": { "evra": "4.4.18-1.fc33.x86_64" @@ -1045,16 +1045,16 @@ "evra": "2:1.0.0-375.dev.git12644e6.fc33.x86_64" }, "samba-client-libs": { - "evra": "2:4.13.5-0.fc33.x86_64" + "evra": "2:4.13.7-0.fc33.x86_64" }, "samba-common": { - "evra": "2:4.13.5-0.fc33.noarch" + "evra": "2:4.13.7-0.fc33.noarch" }, "samba-common-libs": { - "evra": "2:4.13.5-0.fc33.x86_64" + "evra": "2:4.13.7-0.fc33.x86_64" }, "samba-libs": { - "evra": "2:4.13.5-0.fc33.x86_64" + "evra": "2:4.13.7-0.fc33.x86_64" }, "sed": { "evra": "4.8-5.fc33.x86_64" @@ -1201,7 +1201,7 @@ "evra": "1.1.9-1.fc33.x86_64" }, "zincati": { - "evra": "0.0.18-1.fc33.x86_64" + "evra": "0.0.19-1.fc33.x86_64" }, "zlib": { "evra": "1.2.11-23.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-07T00:03:40Z", + "generated": "2021-04-08T21:12:06Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-06T22:33:54Z" + "generated": "2021-04-07T00:50:58Z" }, "fedora-updates": { - "generated": "2021-04-06T00:55:53Z" + "generated": "2021-04-08T20:32:21Z" } } } From 24c126f4f67c5691684216870a3b3b1c7c54ed86 Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Fri, 9 Apr 2021 06:07:29 -0400 Subject: [PATCH 172/489] overrides: fast-track coreos-installer 0.9.0 --- manifest-lock.overrides.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index aa47ac3d54..05b9e28e0f 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -43,3 +43,9 @@ packages: evr: 2:3.1.0-2.fc33 podman-plugins: evr: 2:3.1.0-2.fc33 + # Fast-track new coreos-installer release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-c67cfeca62 + coreos-installer: + evr: 0.9.0-2.fc33 + coreos-installer-bootinfra: + evr: 0.9.0-2.fc33 From 9af03f7b2c97442591b7857fd9b16b6246050934 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 12 Apr 2021 13:51:59 +0000 Subject: [PATCH 173/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/201/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 1e2981166d..132482cbad 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -142,10 +142,10 @@ "evra": "4:1-9.fc33.noarch" }, "coreos-installer": { - "evra": "0.8.0-1.fc33.x86_64" + "evra": "0.9.0-2.fc33.x86_64" }, "coreos-installer-bootinfra": { - "evra": "0.8.0-1.fc33.x86_64" + "evra": "0.9.0-2.fc33.x86_64" }, "coreutils": { "evra": "8.32-18.fc33.x86_64" @@ -271,7 +271,7 @@ "evra": "0.0.4-7.fc33.x86_64" }, "fedora-gpg-keys": { - "evra": "33-3.noarch" + "evra": "33-4.noarch" }, "fedora-release-common": { "evra": "33-3.noarch" @@ -283,16 +283,16 @@ "evra": "33-3.noarch" }, "fedora-repos": { - "evra": "33-3.noarch" + "evra": "33-4.noarch" }, "fedora-repos-archive": { - "evra": "33-3.noarch" + "evra": "33-4.noarch" }, "fedora-repos-modular": { - "evra": "33-3.noarch" + "evra": "33-4.noarch" }, "fedora-repos-ostree": { - "evra": "33-3.noarch" + "evra": "33-4.noarch" }, "file": { "evra": "5.39-3.fc33.x86_64" @@ -382,22 +382,22 @@ "evra": "3.4-5.fc33.x86_64" }, "grub2-common": { - "evra": "1:2.04-33.fc33.noarch" + "evra": "1:2.06~rc1-1.fc33.noarch" }, "grub2-efi-x64": { - "evra": "1:2.04-33.fc33.x86_64" + "evra": "1:2.06~rc1-1.fc33.x86_64" }, "grub2-pc": { - "evra": "1:2.04-33.fc33.x86_64" + "evra": "1:2.06~rc1-1.fc33.x86_64" }, "grub2-pc-modules": { - "evra": "1:2.04-33.fc33.noarch" + "evra": "1:2.06~rc1-1.fc33.noarch" }, "grub2-tools": { - "evra": "1:2.04-33.fc33.x86_64" + "evra": "1:2.06~rc1-1.fc33.x86_64" }, "grub2-tools-minimal": { - "evra": "1:2.04-33.fc33.x86_64" + "evra": "1:2.06~rc1-1.fc33.x86_64" }, "gzip": { "evra": "1.10-3.fc33.x86_64" @@ -1177,7 +1177,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2637-1.fc33.x86_64" + "evra": "2:8.2.2735-1.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-08T21:12:06Z", + "generated": "2021-04-12T13:15:09Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-07T00:50:58Z" + "generated": "2021-04-09T13:35:48Z" }, "fedora-updates": { - "generated": "2021-04-08T20:32:21Z" + "generated": "2021-04-11T14:37:20Z" } } } From 2ffd8269736790752c1404173cc0a12c32b61dc5 Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Sat, 10 Apr 2021 01:23:31 -0400 Subject: [PATCH 174/489] overrides: fast-track afterburn release --- manifest-lock.overrides.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 05b9e28e0f..f13b91b222 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -49,3 +49,9 @@ packages: evr: 0.9.0-2.fc33 coreos-installer-bootinfra: evr: 0.9.0-2.fc33 + # Fast-track new afterburn release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-fb2a204001 + afterburn: + evr: 5.0.0-1.fc33 + afterburn-dracut: + evr: 5.0.0-1.fc33 From af0c23d0dcca4bba440260091a0ecccb13c9b81b Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 9 Apr 2021 16:36:56 -0400 Subject: [PATCH 175/489] tests/kola/var-mount: convert to Butane config It's just way less verbose and is closer to what users actually actually do. --- tests/kola/var-mount/config.fcc | 15 ++++++++++++++ tests/kola/var-mount/config.ign | 36 --------------------------------- 2 files changed, 15 insertions(+), 36 deletions(-) create mode 100644 tests/kola/var-mount/config.fcc delete mode 100644 tests/kola/var-mount/config.ign diff --git a/tests/kola/var-mount/config.fcc b/tests/kola/var-mount/config.fcc new file mode 100644 index 0000000000..66613f18be --- /dev/null +++ b/tests/kola/var-mount/config.fcc @@ -0,0 +1,15 @@ +variant: fcos +version: 1.3.0 +storage: + disks: + - device: /dev/vda + partitions: + - label: var + size_mib: 0 + start_mib: 5000 + wipe_table: false + filesystems: + - device: /dev/disk/by-partlabel/var + format: xfs + path: /var + with_mount_unit: true diff --git a/tests/kola/var-mount/config.ign b/tests/kola/var-mount/config.ign deleted file mode 100644 index 3408b0cc43..0000000000 --- a/tests/kola/var-mount/config.ign +++ /dev/null @@ -1,36 +0,0 @@ -{ - "ignition": { - "version": "3.0.0" - }, - "storage": { - "disks": [ - { - "device": "/dev/vda", - "partitions": [ - { - "label": "var", - "sizeMiB": 0, - "startMiB": 5000 - } - ], - "wipeTable": false - } - ], - "filesystems": [ - { - "device": "/dev/disk/by-partlabel/var", - "format": "xfs", - "path": "/var" - } - ] - }, - "systemd": { - "units": [ - { - "contents": "[Unit]\nBefore=local-fs.target\nRequires=systemd-fsck@/dev/disk/by-partlabel/var\nAfter=systemd-fsck@/dev/disk/by-partlabel/var\n\n[Mount]\nWhere=/var\nWhat=/dev/disk/by-partlabel/var\nType=xfs\n\n[Install]\nRequiredBy=local-fs.target", - "enabled": true, - "name": "var.mount" - } - ] - } -} From 7ea4a30228348cf2433fd9f3d0dba1808ff992d5 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 9 Apr 2021 16:42:19 -0400 Subject: [PATCH 176/489] tests/kola/var-mount: test mounting on reboot The first boot is special. And although we try to make it like any other boot wrt non-root filesystems, let's verify that. --- tests/kola/var-mount/test.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/kola/var-mount/test.sh b/tests/kola/var-mount/test.sh index ec5bd84c68..d268abb5fa 100755 --- a/tests/kola/var-mount/test.sh +++ b/tests/kola/var-mount/test.sh @@ -4,8 +4,31 @@ set -xeuo pipefail # restrict to qemu for now because the primary disk path is platform-dependent # kola: {"platforms": "qemu"} +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + src=$(findmnt -nvr /var -o SOURCE) [[ $(realpath "$src") == $(realpath /dev/disk/by-partlabel/var) ]] fstype=$(findmnt -nvr /var -o FSTYPE) [[ $fstype == xfs ]] + +case "${AUTOPKGTEST_REBOOT_MARK:-}" in + "") + ok "mounted on first boot" + + # reboot once to sanity-check we can mount on second boot + /tmp/autopkgtest-reboot rebooted + ;; + + rebooted) + ok "mounted on reboot" + ;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; +esac From 66d0a8d672d1f5752584a340d96a328ea89b711c Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 9 Apr 2021 16:55:42 -0400 Subject: [PATCH 177/489] presets: enable clevis-luks-askpass.path This is required for *non-root* Clevis LUKS devices to be unlocked successfully on subsequent boots. We could enable it at runtime when we detect Clevis being used, but path units are normally lightweight, and having it enabled by default matches the configuration in the initrd. Closes: https://github.com/coreos/fedora-coreos-tracker/issues/687 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1947490 --- .../usr/lib/systemd/system-preset/40-coreos.preset | 1 + tests/kola/var-mount/config.fcc | 12 +++++++++++- tests/kola/var-mount/test.sh | 13 +++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset index 9299d17f89..871d19565e 100644 --- a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset +++ b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset @@ -22,3 +22,4 @@ enable bootupd.socket # The event for the attached device comes as a diag event. # Ideally it should have been added as part of base Fedora - but since it was arch specific, it was not added: https://bugzilla.redhat.com/show_bug.cgi?id=1433859 enable rtas_errd.service +enable clevis-luks-askpass.path diff --git a/tests/kola/var-mount/config.fcc b/tests/kola/var-mount/config.fcc index 66613f18be..294426e29c 100644 --- a/tests/kola/var-mount/config.fcc +++ b/tests/kola/var-mount/config.fcc @@ -5,11 +5,21 @@ storage: - device: /dev/vda partitions: - label: var - size_mib: 0 + size_mib: 1000 start_mib: 5000 + - label: varlog wipe_table: false + luks: + - name: varlog + device: /dev/disk/by-partlabel/varlog + clevis: + tpm2: true filesystems: - device: /dev/disk/by-partlabel/var format: xfs path: /var with_mount_unit: true + - device: /dev/mapper/varlog + format: ext4 + path: /var/log + with_mount_unit: true diff --git a/tests/kola/var-mount/test.sh b/tests/kola/var-mount/test.sh index d268abb5fa..ba6565e80b 100755 --- a/tests/kola/var-mount/test.sh +++ b/tests/kola/var-mount/test.sh @@ -13,12 +13,25 @@ fatal() { exit 1 } +# /var + src=$(findmnt -nvr /var -o SOURCE) [[ $(realpath "$src") == $(realpath /dev/disk/by-partlabel/var) ]] fstype=$(findmnt -nvr /var -o FSTYPE) [[ $fstype == xfs ]] +# /var/log + +src=$(findmnt -nvr /var/log -o SOURCE) +[[ $(realpath "$src") == $(realpath /dev/mapper/varlog) ]] + +blktype=$(lsblk -o TYPE "${src}" --noheadings) +[[ ${blktype} == crypt ]] + +fstype=$(findmnt -nvr /var/log -o FSTYPE) +[[ $fstype == ext4 ]] + case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") ok "mounted on first boot" From c7ff431c9538b2e99320bc179c84253cd790750b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Mon, 12 Apr 2021 17:14:07 +0200 Subject: [PATCH 178/489] tests/kola/rpm-ostree-countme: Update for pre-release repo count In production, we allow counting to silently fail when partially reporting count me status to avoid unnecessary unit failures as this not critical. In CI however, we want to make sure this test is properly working so we need to manually validate the output. FCOS versions based on pre-release Fedora (branched/beta/rc) will have an additionnal repo enabled, so this updates the check to take that into account. For: https://github.com/coreos/fedora-coreos-tracker/issues/790 --- tests/kola/rpm-ostree-countme/test.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/kola/rpm-ostree-countme/test.sh b/tests/kola/rpm-ostree-countme/test.sh index 598fd8c50f..c4dd7ebda2 100755 --- a/tests/kola/rpm-ostree-countme/test.sh +++ b/tests/kola/rpm-ostree-countme/test.sh @@ -29,7 +29,8 @@ if [[ $(systemctl show -p ActiveState rpm-ostree-countme.service) != "ActiveStat fi # Check rpm-ostree count me output -if [[ $(journalctl --output=json --boot --unit=rpm-ostree-countme.service --grep "Successful requests:" | jq --raw-output '.MESSAGE') != "Successful requests: 2/2" ]]; then +output="$(journalctl --output=json --boot --unit=rpm-ostree-countme.service --grep "Successful requests:" | jq --raw-output '.MESSAGE')" +if [[ "${output}" != "Successful requests: 2/2" ]] && [[ "${output}" != "Successful requests: 3/3" ]]; then fatal "rpm-ostree-countme service ouput does not match expected sucess output" fi From dc0c3fcf646c69818e9bd4572bbc4fc6b349fa5d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 9 Apr 2021 15:56:34 -0400 Subject: [PATCH 179/489] manifests: f34: Delete coreos-reset-stub-resolv-selinux-context.{path,service}. Not needed in Fedora 34 since https://github.com/systemd/systemd/pull/17976 has landed. --- manifests/fedora-coreos-base.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index c5462782e4..2dc6e9a45a 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -99,6 +99,18 @@ postprocess: DNSStubListener=no EOF + # Disable and delete the coreos-reset-stub-resolv-selinux-context.{path,service}. + # Not needed in Fedora 34 since https://github.com/systemd/systemd/pull/17976 has landed. + # Can remove this and the files in the overlay once we've migrated everything to F34. + - | + #!/usr/bin/env bash + set -xeuo pipefail + source /etc/os-release + if [ ${VERSION_ID} -ge 34 ]; then + rm -fv /etc/systemd/system/multi-user.target.wants/coreos-reset-stub-resolv-selinux-context.{path,service} \ + /usr/lib/systemd/system/coreos-reset-stub-resolv-selinux-context.{path,service} + fi + # Set the fallback hostname to `localhost`. This piggybacks on the # postprocess script above which neuters systemd-resolved, because # currently, a fallback hostname of `localhost` + systemd-resolved breaks From 72eed4c14e3fbecd44350d14e230653c6e760d08 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 12 Apr 2021 10:02:42 -0400 Subject: [PATCH 180/489] tests/kola/rootless-systemd: add back sleep Let's both sleep upfront and have `curl` do its exponential retry. Follow-up to #937 since I saw this test failing still in #946. --- tests/kola/podman/rootless-systemd | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/kola/podman/rootless-systemd b/tests/kola/podman/rootless-systemd index 87936bacec..e41df869c0 100755 --- a/tests/kola/podman/rootless-systemd +++ b/tests/kola/podman/rootless-systemd @@ -53,8 +53,10 @@ main() { chmod +x /tmp/runascoreuserscript runascoreuser /tmp/runascoreuserscript + sleep 5 + # Try to grab the web page. Retry as it might not be up fully yet. - if ! curl --silent --show-error --retry 4 --retry-all-errors http://localhost:8080 >/dev/null; then + if ! curl --silent --show-error --retry 5 --retry-all-errors http://localhost:8080 >/dev/null; then echo TEST FAILED 1>&2 runascoreuser podman logs httpd return 1 From 2c5f2e309b9c3cde83fc855f55c53354aefea12d Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 12 Apr 2021 17:44:19 -0400 Subject: [PATCH 181/489] overrides: fast-track rpm-ostree-2021.4 For CVE-2021-3445 (https://bugzilla.redhat.com/show_bug.cgi?id=1932079). --- manifest-lock.overrides.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index f13b91b222..91ebc1e8bd 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -55,3 +55,9 @@ packages: evr: 5.0.0-1.fc33 afterburn-dracut: evr: 5.0.0-1.fc33 + # Fast-track rpm-ostree for CVE-2021-3445 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-eadfc56b95 + rpm-ostree: + evr: 2021.4-1.fc33 + rpm-ostree-libs: + evr: 2021.4-1.fc33 From 1c4ee025493fc8ab17dc6a2cf1f8e2aba8c68a53 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 13 Apr 2021 18:23:58 +0200 Subject: [PATCH 182/489] overlay.d/20platform-chrony: Fix misconfiguration with leap-smearing servers NTP servers provided by AWS and GCP implement a "leap smear" to hide leap seconds from clients. When chronyd is configured with leap-smearing servers, the leapsectz directive must be disabled to avoid the kernel making a wrong correction of the clock at the time of the leap second. Disable any leapsectz directives coming from the default configuration and enable it only in the Azure case (the PTP clock doesn't provide information about leap seconds). --- .../usr/lib/systemd/system-generators/coreos-platform-chrony | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony b/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony index 71f030d6f1..958c6e1732 100755 --- a/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony +++ b/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony @@ -54,7 +54,7 @@ EOF fi (echo "# Generated by $self - do not edit directly" - sed -e s,'^makestep,#makestep,' -e s,'^pool,#pool,' < /etc/chrony.conf + sed -e s,'^makestep,#makestep,' -e s,'^pool,#pool,' -e s,'^leapsectz,#leapsectz,' < /etc/chrony.conf cat <> "${confpath}" ;; aws) (echo '# See also https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html' From 53e0634f366fcf69f79427b4afdce7e3476fd788 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 13 Apr 2021 20:12:12 +0200 Subject: [PATCH 183/489] tests/kola/toolbox: Retry 'toolbox create' to avoid infra flakes Retry to create the toolbox container five times to avoid failing on Fedora registry infra flakes. Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/788 --- tests/kola/toolbox/test.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/kola/toolbox/test.sh b/tests/kola/toolbox/test.sh index e9dc2a5ab0..db5bc1f4b5 100755 --- a/tests/kola/toolbox/test.sh +++ b/tests/kola/toolbox/test.sh @@ -25,7 +25,16 @@ fatal() { exit 1 } -machinectl shell core@ /bin/toolbox create --assumeyes 1>/dev/null +# Try five times to create the toolbox to avoid Fedora registry infra flakes +for i in $(seq 1 5); do + machinectl shell core@ /bin/toolbox create --assumeyes 1>/dev/null + if [[ $(machinectl shell core@ /bin/toolbox list --containers | grep --count fedora-toolbox-) -ne 1 ]]; then + echo "Could not create toolbox on try: $i" + sleep 10 + else + break + fi +done if [[ $(machinectl shell core@ /bin/toolbox list --containers | grep --count fedora-toolbox-) -ne 1 ]]; then fatal "Could not create toolbox" fi From d31a4db41fe46c3c9bd160c53e8d14514e7afb8a Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Wed, 14 Apr 2021 17:12:19 +0000 Subject: [PATCH 184/489] manifest-lock: drop graduated overrides Promoted to stable: https://bodhi.fedoraproject.org/updates/FEDORA-2021-cf005d6480 --- manifest-lock.overrides.yaml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 91ebc1e8bd..fa0fc5b5bf 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -22,20 +22,6 @@ packages: evr: 5.10.19-200.fc33 kernel-modules: evr: 5.10.19-200.fc33 - # Fast-track console-login-helper-messages release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-cf005d6480 - # New updates in console-login-helper-messages v0.21.2 fixes - # the console prompt being left solid white after displaying - # the OS release MOTD. - # https://github.com/coreos/fedora-coreos-tracker/issues/750 - console-login-helper-messages: - evra: 0.21.2-1.fc33.noarch - console-login-helper-messages-issuegen: - evra: 0.21.2-1.fc33.noarch - console-login-helper-messages-motdgen: - evra: 0.21.2-1.fc33.noarch - console-login-helper-messages-profile: - evra: 0.21.2-1.fc33.noarch # Fast-track new podman release to fix podman cp: # https://github.com/coreos/fedora-coreos-tracker/issues/771 # https://bodhi.fedoraproject.org/updates/FEDORA-2021-e70b450680 From d29a62f3357ce5ea5a038978ce276b0bf4a9bb72 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 14 Apr 2021 21:10:09 +0000 Subject: [PATCH 185/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/207/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 132482cbad..e11733d633 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -25,10 +25,10 @@ "evra": "0.9.0-4.fc33.x86_64" }, "afterburn": { - "evra": "4.6.0-2.fc33.x86_64" + "evra": "5.0.0-1.fc33.x86_64" }, "afterburn-dracut": { - "evra": "4.6.0-2.fc33.x86_64" + "evra": "5.0.0-1.fc33.x86_64" }, "alternatives": { "evra": "1.14-3.fc33.x86_64" @@ -166,7 +166,7 @@ "evra": "3.15-1.fc33.x86_64" }, "crun": { - "evra": "0.18-5.fc33.x86_64" + "evra": "0.19-1.fc33.x86_64" }, "crypto-policies": { "evra": "20200918-1.git85dccc5.fc33.noarch" @@ -382,22 +382,22 @@ "evra": "3.4-5.fc33.x86_64" }, "grub2-common": { - "evra": "1:2.06~rc1-1.fc33.noarch" + "evra": "1:2.06~rc1-2.fc33.noarch" }, "grub2-efi-x64": { - "evra": "1:2.06~rc1-1.fc33.x86_64" + "evra": "1:2.06~rc1-2.fc33.x86_64" }, "grub2-pc": { - "evra": "1:2.06~rc1-1.fc33.x86_64" + "evra": "1:2.06~rc1-2.fc33.x86_64" }, "grub2-pc-modules": { - "evra": "1:2.06~rc1-1.fc33.noarch" + "evra": "1:2.06~rc1-2.fc33.noarch" }, "grub2-tools": { - "evra": "1:2.06~rc1-1.fc33.x86_64" + "evra": "1:2.06~rc1-2.fc33.x86_64" }, "grub2-tools-minimal": { - "evra": "1:2.06~rc1-1.fc33.x86_64" + "evra": "1:2.06~rc1-2.fc33.x86_64" }, "gzip": { "evra": "1.10-3.fc33.x86_64" @@ -619,10 +619,10 @@ "evra": "10-8.fc33.x86_64" }, "libkcapi": { - "evra": "1.2.0-3.fc33.x86_64" + "evra": "1.2.1-1.fc33.x86_64" }, "libkcapi-hmaccalc": { - "evra": "1.2.0-3.fc33.x86_64" + "evra": "1.2.1-1.fc33.x86_64" }, "libksba": { "evra": "1.3.5-13.fc33.x86_64" @@ -631,7 +631,7 @@ "evra": "2.2.1-1.fc33.x86_64" }, "libluksmeta": { - "evra": "9-8.fc33.x86_64" + "evra": "9-9.fc33.x86_64" }, "libmaxminddb": { "evra": "1.5.2-1.fc33.x86_64" @@ -805,7 +805,7 @@ "evra": "2:4.13.7-0.fc33.x86_64" }, "libxcrypt": { - "evra": "4.4.18-1.fc33.x86_64" + "evra": "4.4.19-1.fc33.x86_64" }, "libxml2": { "evra": "2.9.10-8.fc33.x86_64" @@ -841,7 +841,7 @@ "evra": "5.4.2-1.fc33.x86_64" }, "luksmeta": { - "evra": "9-8.fc33.x86_64" + "evra": "9-9.fc33.x86_64" }, "lvm2": { "evra": "2.03.10-1.fc33.x86_64" @@ -1030,10 +1030,10 @@ "evra": "4.16.1.3-1.fc33.x86_64" }, "rpm-ostree": { - "evra": "2021.3-2.fc33.x86_64" + "evra": "2021.4-1.fc33.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.3-2.fc33.x86_64" + "evra": "2021.4-1.fc33.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.3-1.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-12T13:15:09Z", + "generated": "2021-04-14T20:38:37Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-09T13:35:48Z" + "generated": "2021-04-13T21:55:21Z" }, "fedora-updates": { - "generated": "2021-04-11T14:37:20Z" + "generated": "2021-04-14T14:34:43Z" } } } From 17a9691e2b9f08b5565b4cc8c7554070bff8063b Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 14 Apr 2021 14:19:52 -0400 Subject: [PATCH 186/489] overrides: drop kernel 5.10.19 freeze The linked issue is resolved in kernel 5.11. --- manifest-lock.overrides.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index fa0fc5b5bf..a069a111c9 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -14,14 +14,6 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evr: 246.7-1.fc33 - # There's a regression in 5.10.20+ which breaks rootless podman - # https://github.com/containers/buildah/issues/3071 - kernel: - evr: 5.10.19-200.fc33 - kernel-core: - evr: 5.10.19-200.fc33 - kernel-modules: - evr: 5.10.19-200.fc33 # Fast-track new podman release to fix podman cp: # https://github.com/coreos/fedora-coreos-tracker/issues/771 # https://bodhi.fedoraproject.org/updates/FEDORA-2021-e70b450680 From 8a640a6113c0716240550511cf83adf4e4964d07 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 14 Apr 2021 15:01:36 -0400 Subject: [PATCH 187/489] overrides: drop graduated podman override This actually got replaced in the updated with podman-3.1.0-3, but that has now made it to stable so we can just drop the override altogether. --- manifest-lock.overrides.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index a069a111c9..ff0c7c7b92 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -14,13 +14,6 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evr: 246.7-1.fc33 - # Fast-track new podman release to fix podman cp: - # https://github.com/coreos/fedora-coreos-tracker/issues/771 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-e70b450680 - podman: - evr: 2:3.1.0-2.fc33 - podman-plugins: - evr: 2:3.1.0-2.fc33 # Fast-track new coreos-installer release # https://bodhi.fedoraproject.org/updates/FEDORA-2021-c67cfeca62 coreos-installer: From 843255067e4a0f300c6380dd810c5aabd32edf12 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 13 Apr 2021 14:03:00 -0400 Subject: [PATCH 188/489] overlay.d/35coreos-network: handle new nm-run.service in initramfs In dracut 053+ dracut starting running NetworkManager from a systemd unit if systemd was used to start the system [1]. Let's adapt for that by ordering our units before `nm-run.service`. We'll also keep the ordering on dracut-initqueue.service for now for backwards compatibility and it's harmless to keep around. [1] https://github.com/dracutdevs/dracut/commit/c17c5b7 --- .../coreos-livepxe-rootfs.service | 3 ++- .../coreos-copy-firstboot-network.service | 22 +++++++++---------- .../coreos-enable-network.service | 3 ++- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service index 337b55bcd0..a09e67c469 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service @@ -7,7 +7,8 @@ ConditionKernelCommandLine=!coreos.liveiso After=basic.target # Network is enabled here -After=dracut-initqueue.service +After=nm-run.service +After=dracut-initqueue.service # compat: remove when everyone is on dracut 053+ # If we fail, the boot will fail. Be explicit about it. OnFailure=emergency.target diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service index 200032c4c5..3e6c385291 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service @@ -8,30 +8,30 @@ # - i.e. after /dev/disk/by-label/boot is available # - and after the ignition-dracut GPT generator (see below) # - Need to run before networking is brought up. -# - This is done in nm-run.sh [1] that runs as part of dracut-initqueue [2] -# - i.e. Before=dracut-initqueue.service +# - This is done in nm-run.service [1] +# - i.e. Before=nm-run.service # - Need to make sure karg networking configuration isn't applied # - There are two ways to do this. -# - One is to run *before* the nm-config.sh [3] that runs as part of -# dracut-cmdline [4] and `ln -sf /bin/true /usr/libexec/nm-initrd-generator`. +# - One is to run *before* the nm-config.sh [2] that runs as part of +# dracut-cmdline [3] and `ln -sf /bin/true /usr/libexec/nm-initrd-generator`. # - i.e. Before=dracut-cmdline.service -# - Another is to run *after* nm-config.sh [3] in dracut-cmdline [4] +# - Another is to run *after* nm-config.sh [2] in dracut-cmdline [3] # and just delete all the files created by nm-initrd-generator. -# - i.e. After=dracut-cmdline.service, but Before=dracut-initqueue.service +# - i.e. After=dracut-cmdline.service, but Before=nm-run.service # - We'll go with the second option here because the need for the /boot # device (mentioned above) means we can't start before dracut-cmdline.service # -# [1] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-run.sh -# [2] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/module-setup.sh#L37 -# [3] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-config.sh -# [4] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/module-setup.sh#L36 +# [1] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-run.service +# [2] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-config.sh +# [3] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/module-setup.sh#L34 # [Unit] Description=Copy CoreOS Firstboot Networking Config ConditionPathExists=/usr/lib/initrd-release DefaultDependencies=false Before=ignition-diskful.target -Before=dracut-initqueue.service +Before=nm-run.service +Before=dracut-initqueue.service # compat: remove when everyone is on dracut 053+ After=dracut-cmdline.service # Any services looking at mounts need to order after this # because it causes device re-probing. diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service index e7ba08d153..3dc96c4a3c 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service @@ -20,7 +20,8 @@ Before=ignition-fetch.service # See hack in coreos-enable-network, as well as coreos-copy-firstboot-network.service. After=dracut-cmdline.service -Before=dracut-initqueue.service +Before=nm-run.service +Before=dracut-initqueue.service # compat: remove when everyone is on dracut 053+ [Service] Type=oneshot From 2747e11aa0798a5b04e3230c2ba2f7014698391b Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 13 Apr 2021 16:44:42 -0400 Subject: [PATCH 189/489] overlay.d/35coreos-network: don't bring up NM if not needed In dracut 053+ dracut starting running NetworkManager from a systemd unit if systemd was used to start the system [1]. That systemd unit will always get started if there is any NM configuration. Let's make it only get started if we actually need the network. This is a simplified version of the more complicated proposed fix upstream [2]. [1] https://github.com/dracutdevs/dracut/commit/c17c5b7 [2] https://github.com/dracutdevs/dracut/pull/1347 Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/782 --- .../50-nm-run-only-if-neednet.conf | 7 +++++++ .../modules.d/35coreos-network/module-setup.sh | 4 ++++ tests/kola/misc-ro | 17 +++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-nm-run-only-if-neednet.conf diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-nm-run-only-if-neednet.conf b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-nm-run-only-if-neednet.conf new file mode 100644 index 0000000000..c56c45d612 --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-nm-run-only-if-neednet.conf @@ -0,0 +1,7 @@ +[Unit] +# Workaround https://github.com/dracutdevs/dracut/pull/1347 until it lands. +# Only run if network is needed. Right now we can detect this by seeing +# if the /usr/lib/dracut/hooks/initqueue/finished/nm.sh file exists (written +# out by nm_generate_connections() [1], which is called in the cmdline hook). +# [1] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-lib.sh#L16. +ConditionPathExists=/usr/lib/dracut/hooks/initqueue/finished/nm.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh index 7c910b1b74..dd409b4a67 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh @@ -25,4 +25,8 @@ install() { inst_simple "$moddir/50-afterburn-network-kargs-default.conf" \ "/usr/lib/systemd/system/afterburn-network-kargs.service.d/50-afterburn-network-kargs-default.conf" + # Workaround for https://github.com/dracutdevs/dracut/pull/1347 until it lands. + # Dropin to make NetworkManager systemd service only start if network is needed. + inst_simple "$moddir/50-nm-run-only-if-neednet.conf" \ + "/usr/lib/systemd/system/nm-run.service.d/50-nm-run-only-if-neednet.conf" } diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index c79c88c2fb..39f0058a10 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -91,6 +91,23 @@ elif [[ $nm_ts -gt $switchroot_ts ]] && on_platform aws; then fi ok conditional initrd networking +# In F34 network-manager in dracut started executing NM in +# oneshot mode via a systemd unit. That needed some fixups. +# https://github.com/dracutdevs/dracut/pull/1347 +# We're waiting on those changes to flow downstream. +# When we get them we'll need to adjust some things so let's +# complain when we detect they've come in. +source /etc/os-release +if [ "$VERSION_ID" -gt "33" ]; then + if [ ! -f /usr/lib/dracut/modules.d/35network-manager/nm-run.service ]; then + fatal "Did not find expected nm-run.service in dracut" + fi + if grep -q neednet /usr/lib/dracut/modules.d/35network-manager/nm-run.service; then + fatal "Upstream dracut fix landed. Please adjust the workaround." + fi +fi +ok dracut-networkmanager + if ! test -f /usr/share/licenses/fedora-coreos-config/LICENSE; then fatal missing LICENSE fi From d2776ed618d7d72fc0b226b7f08e45d3182406e7 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 15 Apr 2021 13:34:13 -0400 Subject: [PATCH 190/489] 35coreos-live/coreos-livepxe-rootfs: retry fetching rootfs forever We don't know how long it will take for networking to come up, so let's match Ignition's semantic of retrying to fetch remote resources forever. `curl` doesn't natively have support for this, so wrap it in a `while` loop. This also works around the fact that el8's `curl` doesn't support `--retry-all-errors`. This was previously added in #929. --- .../35coreos-live/coreos-livepxe-rootfs.sh | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh index 0bc4e893bc..483587efa5 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh @@ -34,20 +34,24 @@ elif [[ -n "${rootfs_url}" ]]; then # First, reach out to the server to verify connectivity before # trying to download and pipe content through other programs. # Doing this allows us to retry all errors (including transient - # "no route to host" errors during startup), without using the - # --retry-all-errors, which is problematic (see curl man page) - # when piping the output. - curl_common_args="--silent --show-error --insecure --location --retry 5" - if ! curl --head --retry-all-errors $curl_common_args "${rootfs_url}" >/dev/null; then + # "no route to host" errors during startup). Note we can't use + # curl's --retry-all-errors here because it's not in el8's curl yet. + # We retry forever, matching Ignition's semantics. + curl_common_args="--silent --show-error --insecure --location" + while ! curl --head $curl_common_args "${rootfs_url}" >/dev/null; do echo "Couldn't establish connectivity with the server specified by coreos.live.rootfs_url=" >&2 - echo "Check that the URL is correct and can be reached." >&2 - exit 1 - fi + echo "Retrying in 5s..." >&2 + sleep 5 + done + # We don't need to verify TLS certificates because we're checking the # image hash. # bsdtar can read cpio archives and we already depend on it for # coreos-liveiso-persist-osmet.service, so use it instead of cpio. - if ! curl $curl_common_args "${rootfs_url}" | \ + # We shouldn't need a --retry here since we've just successfully HEADed the + # file, but let's add one just to be safe (e.g. if the connection just went + # online and flickers or something). + if ! curl $curl_common_args --retry 5 "${rootfs_url}" | \ rdcore stream-hash /etc/coreos-live-want-rootfs | \ bsdtar -xf - -C / ; then echo "Couldn't fetch, verify, and unpack image specified by coreos.live.rootfs_url=" >&2 From 28856f30b4af04c4e862f11520aff453ddd795cc Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 16 Apr 2021 18:57:26 +0000 Subject: [PATCH 191/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/210/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index e11733d633..a1833a870d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -115,7 +115,7 @@ "evra": "5.2-37.fc33.x86_64" }, "conmon": { - "evra": "2:2.0.26-1.fc33.x86_64" + "evra": "2:2.0.27-2.fc33.x86_64" }, "console-login-helper-messages": { "evra": "0.21.2-1.fc33.noarch" @@ -139,7 +139,7 @@ "evra": "0.9.1-4.fc33.x86_64" }, "containers-common": { - "evra": "4:1-9.fc33.noarch" + "evra": "4:1-10.fc33.noarch" }, "coreos-installer": { "evra": "0.9.0-2.fc33.x86_64" @@ -178,7 +178,7 @@ "evra": "2.3.5-2.fc33.x86_64" }, "cups-libs": { - "evra": "1:2.3.3op2-3.fc33.x86_64" + "evra": "1:2.3.3op2-4.fc33.x86_64" }, "curl": { "evra": "7.71.1-9.fc33.x86_64" @@ -310,7 +310,7 @@ "evra": "0.8.6-1.fc33.noarch" }, "flatpak-session-helper": { - "evra": "1.10.2-2.fc33.x86_64" + "evra": "1.10.2-3.fc33.x86_64" }, "fstrm": { "evra": "0.6.0-1.fc33.x86_64" @@ -469,13 +469,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.10.19-200.fc33.x86_64" + "evra": "5.11.14-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.10.19-200.fc33.x86_64" + "evra": "5.11.14-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.10.19-200.fc33.x86_64" + "evra": "5.11.14-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.21-4.fc33.x86_64" @@ -727,7 +727,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "libsmbclient": { - "evra": "2:4.13.7-0.fc33.x86_64" + "evra": "2:4.13.7-1.fc33.x86_64" }, "libsmbios": { "evra": "2.4.3-1.fc33.x86_64" @@ -802,7 +802,7 @@ "evra": "0.3.0-10.fc33.x86_64" }, "libwbclient": { - "evra": "2:4.13.7-0.fc33.x86_64" + "evra": "2:4.13.7-1.fc33.x86_64" }, "libxcrypt": { "evra": "4.4.19-1.fc33.x86_64" @@ -979,10 +979,10 @@ "evra": "1.7.3-5.fc33.x86_64" }, "podman": { - "evra": "2:3.1.0-2.fc33.x86_64" + "evra": "2:3.1.0-3.fc33.x86_64" }, "podman-plugins": { - "evra": "2:3.1.0-2.fc33.x86_64" + "evra": "2:3.1.0-3.fc33.x86_64" }, "policycoreutils": { "evra": "3.1-4.fc33.x86_64" @@ -1045,16 +1045,16 @@ "evra": "2:1.0.0-375.dev.git12644e6.fc33.x86_64" }, "samba-client-libs": { - "evra": "2:4.13.7-0.fc33.x86_64" + "evra": "2:4.13.7-1.fc33.x86_64" }, "samba-common": { - "evra": "2:4.13.7-0.fc33.noarch" + "evra": "2:4.13.7-1.fc33.noarch" }, "samba-common-libs": { - "evra": "2:4.13.7-0.fc33.x86_64" + "evra": "2:4.13.7-1.fc33.x86_64" }, "samba-libs": { - "evra": "2:4.13.7-0.fc33.x86_64" + "evra": "2:4.13.7-1.fc33.x86_64" }, "sed": { "evra": "4.8-5.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-14T20:38:37Z", + "generated": "2021-04-16T18:12:14Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-13T21:55:21Z" + "generated": "2021-04-16T17:35:19Z" }, "fedora-updates": { - "generated": "2021-04-14T14:34:43Z" + "generated": "2021-04-16T14:22:28Z" } } } From 2fa5061f4b417fd347250819866b35d09d8e5007 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 19 Apr 2021 21:40:31 +0000 Subject: [PATCH 192/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/214/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index a1833a870d..9b8f39f513 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -313,7 +313,7 @@ "evra": "1.10.2-3.fc33.x86_64" }, "fstrm": { - "evra": "0.6.0-1.fc33.x86_64" + "evra": "0.6.1-2.fc33.x86_64" }, "fuse": { "evra": "2.9.9-10.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-16T18:12:14Z", + "generated": "2021-04-19T21:08:32Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-16T17:35:19Z" + "generated": "2021-04-18T21:45:40Z" }, "fedora-updates": { - "generated": "2021-04-16T14:22:28Z" + "generated": "2021-04-19T17:35:22Z" } } } From 3969ff90249375c6974c5a81b27159eb1089d0df Mon Sep 17 00:00:00 2001 From: Andy McCrae Date: Thu, 22 Apr 2021 13:45:42 +0100 Subject: [PATCH 193/489] Move comments in systemd services to own line Comments in systemd services at the end of lines cause unnecessary warning messges: Failed to add dependency on on, ignoring: Invalid argument Failed to add dependency on dracut, ignoring: Invalid argument Failed to add dependency on 053+, ignoring: Invalid argument The services would still start so this is a cosmetic change only. --- .../modules.d/35coreos-live/coreos-livepxe-rootfs.service | 3 ++- .../35coreos-network/coreos-copy-firstboot-network.service | 3 ++- .../modules.d/35coreos-network/coreos-enable-network.service | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service index a09e67c469..ed935ba162 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service @@ -8,7 +8,8 @@ ConditionKernelCommandLine=!coreos.liveiso After=basic.target # Network is enabled here After=nm-run.service -After=dracut-initqueue.service # compat: remove when everyone is on dracut 053+ +# compat: remove when everyone is on dracut 053+ +After=dracut-initqueue.service # If we fail, the boot will fail. Be explicit about it. OnFailure=emergency.target diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service index 3e6c385291..0a78add956 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service @@ -31,7 +31,8 @@ ConditionPathExists=/usr/lib/initrd-release DefaultDependencies=false Before=ignition-diskful.target Before=nm-run.service -Before=dracut-initqueue.service # compat: remove when everyone is on dracut 053+ +# compat: remove when everyone is on dracut 053+ +Before=dracut-initqueue.service After=dracut-cmdline.service # Any services looking at mounts need to order after this # because it causes device re-probing. diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service index 3dc96c4a3c..42273e5fa6 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service @@ -21,7 +21,8 @@ Before=ignition-fetch.service # See hack in coreos-enable-network, as well as coreos-copy-firstboot-network.service. After=dracut-cmdline.service Before=nm-run.service -Before=dracut-initqueue.service # compat: remove when everyone is on dracut 053+ +# compat: remove when everyone is on dracut 053+ +Before=dracut-initqueue.service [Service] Type=oneshot From f799123fb8741ea828d9ba6b737cb0261582dc15 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 22 Apr 2021 13:33:03 -0400 Subject: [PATCH 194/489] Revert "overlay.d/35coreos-network: don't bring up NM if not needed" This reverts commit 2747e11aa0798a5b04e3230c2ba2f7014698391b. Now that we have a dracut build in f34 with the fixes, we don't need these workarounds any longer. --- .../50-nm-run-only-if-neednet.conf | 7 ------- .../modules.d/35coreos-network/module-setup.sh | 4 ---- tests/kola/misc-ro | 17 ----------------- 3 files changed, 28 deletions(-) delete mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-nm-run-only-if-neednet.conf diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-nm-run-only-if-neednet.conf b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-nm-run-only-if-neednet.conf deleted file mode 100644 index c56c45d612..0000000000 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-nm-run-only-if-neednet.conf +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -# Workaround https://github.com/dracutdevs/dracut/pull/1347 until it lands. -# Only run if network is needed. Right now we can detect this by seeing -# if the /usr/lib/dracut/hooks/initqueue/finished/nm.sh file exists (written -# out by nm_generate_connections() [1], which is called in the cmdline hook). -# [1] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-lib.sh#L16. -ConditionPathExists=/usr/lib/dracut/hooks/initqueue/finished/nm.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh index dd409b4a67..7c910b1b74 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh @@ -25,8 +25,4 @@ install() { inst_simple "$moddir/50-afterburn-network-kargs-default.conf" \ "/usr/lib/systemd/system/afterburn-network-kargs.service.d/50-afterburn-network-kargs-default.conf" - # Workaround for https://github.com/dracutdevs/dracut/pull/1347 until it lands. - # Dropin to make NetworkManager systemd service only start if network is needed. - inst_simple "$moddir/50-nm-run-only-if-neednet.conf" \ - "/usr/lib/systemd/system/nm-run.service.d/50-nm-run-only-if-neednet.conf" } diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 39f0058a10..c79c88c2fb 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -91,23 +91,6 @@ elif [[ $nm_ts -gt $switchroot_ts ]] && on_platform aws; then fi ok conditional initrd networking -# In F34 network-manager in dracut started executing NM in -# oneshot mode via a systemd unit. That needed some fixups. -# https://github.com/dracutdevs/dracut/pull/1347 -# We're waiting on those changes to flow downstream. -# When we get them we'll need to adjust some things so let's -# complain when we detect they've come in. -source /etc/os-release -if [ "$VERSION_ID" -gt "33" ]; then - if [ ! -f /usr/lib/dracut/modules.d/35network-manager/nm-run.service ]; then - fatal "Did not find expected nm-run.service in dracut" - fi - if grep -q neednet /usr/lib/dracut/modules.d/35network-manager/nm-run.service; then - fatal "Upstream dracut fix landed. Please adjust the workaround." - fi -fi -ok dracut-networkmanager - if ! test -f /usr/share/licenses/fedora-coreos-config/LICENSE; then fatal missing LICENSE fi From 1fe0d1a41f35a42e4f99377ea38f34a9f26db890 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 23 Apr 2021 02:49:11 +0000 Subject: [PATCH 195/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/218/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 9b8f39f513..3814d0c7ad 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1,19 +1,19 @@ { "packages": { "NetworkManager": { - "evra": "1:1.26.6-1.fc33.x86_64" + "evra": "1:1.26.8-1.fc33.x86_64" }, "NetworkManager-cloud-setup": { - "evra": "1:1.26.6-1.fc33.x86_64" + "evra": "1:1.26.8-1.fc33.x86_64" }, "NetworkManager-libnm": { - "evra": "1:1.26.6-1.fc33.x86_64" + "evra": "1:1.26.8-1.fc33.x86_64" }, "NetworkManager-team": { - "evra": "1:1.26.6-1.fc33.x86_64" + "evra": "1:1.26.8-1.fc33.x86_64" }, "NetworkManager-tui": { - "evra": "1:1.26.6-1.fc33.x86_64" + "evra": "1:1.26.8-1.fc33.x86_64" }, "WALinuxAgent-udev": { "evra": "2.2.52-1.fc33.noarch" @@ -274,13 +274,13 @@ "evra": "33-4.noarch" }, "fedora-release-common": { - "evra": "33-3.noarch" + "evra": "33-4.noarch" }, "fedora-release-coreos": { - "evra": "33-3.noarch" + "evra": "33-4.noarch" }, "fedora-release-identity-coreos": { - "evra": "33-3.noarch" + "evra": "33-4.noarch" }, "fedora-repos": { "evra": "33-4.noarch" @@ -337,7 +337,7 @@ "evra": "3.9.4-1.fc33.x86_64" }, "fwupd": { - "evra": "1.5.8-1.fc33.x86_64" + "evra": "1.5.9-1.fc33.x86_64" }, "gawk": { "evra": "5.1.0-2.fc33.x86_64" @@ -469,13 +469,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.11.14-200.fc33.x86_64" + "evra": "5.11.15-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.11.14-200.fc33.x86_64" + "evra": "5.11.15-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.11.14-200.fc33.x86_64" + "evra": "5.11.15-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.21-4.fc33.x86_64" @@ -1177,7 +1177,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2735-1.fc33.x86_64" + "evra": "2:8.2.2787-1.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-19T21:08:32Z", + "generated": "2021-04-23T02:10:19Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-18T21:45:40Z" + "generated": "2021-04-21T12:15:27Z" }, "fedora-updates": { - "generated": "2021-04-19T17:35:22Z" + "generated": "2021-04-21T21:28:49Z" } } } From e916080b9db657b8fd9b4ded1e97e31d58f88005 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 23 Apr 2021 21:45:56 +0000 Subject: [PATCH 196/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/220/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 3814d0c7ad..40aa62c18b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -226,7 +226,7 @@ "evra": "3.7-7.fc33.x86_64" }, "dnsmasq": { - "evra": "2.84-1.fc33.x86_64" + "evra": "2.85-1.fc33.x86_64" }, "dosfstools": { "evra": "4.1-12.fc33.x86_64" @@ -778,7 +778,7 @@ "evra": "0.21-3.fc33.x86_64" }, "libtirpc": { - "evra": "1.2.6-2.rc4.fc33.x86_64" + "evra": "1.2.6-3.rc4.fc33.x86_64" }, "libunistring": { "evra": "0.9.10-9.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-23T02:10:19Z", + "generated": "2021-04-23T21:09:24Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-21T12:15:27Z" + "generated": "2021-04-23T02:57:56Z" }, "fedora-updates": { - "generated": "2021-04-21T21:28:49Z" + "generated": "2021-04-23T14:41:11Z" } } } From 45b01675f9139aacf306830e5fda0a1c5d454b65 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 26 Apr 2021 11:07:30 -0400 Subject: [PATCH 197/489] manifests: require crun Recently runc started providing `oci-runtime` as well, which caused crun to fall out of the required dependencies. Let's explicitly require crun as well so we get crun too. --- manifests/user-experience.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/user-experience.yaml b/manifests/user-experience.yaml index 1874669071..93d961dc83 100644 --- a/manifests/user-experience.yaml +++ b/manifests/user-experience.yaml @@ -28,6 +28,7 @@ packages: # Remote Access - openssh-clients openssh-server # Container tooling + - crun - podman - runc - skopeo From 2dd8c8fe21ff48675515cd7e27f4ed911cc3c7bb Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 26 Apr 2021 17:31:27 +0000 Subject: [PATCH 198/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/230/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 40aa62c18b..8ed09eb380 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -97,16 +97,16 @@ "evra": "6.11-2.fc33.x86_64" }, "clevis": { - "evra": "16-2.fc33.x86_64" + "evra": "18-1.fc33.x86_64" }, "clevis-dracut": { - "evra": "16-2.fc33.x86_64" + "evra": "18-1.fc33.x86_64" }, "clevis-luks": { - "evra": "16-2.fc33.x86_64" + "evra": "18-1.fc33.x86_64" }, "clevis-systemd": { - "evra": "16-2.fc33.x86_64" + "evra": "18-1.fc33.x86_64" }, "cloud-utils-growpart": { "evra": "0.31-7.fc33.noarch" @@ -139,7 +139,7 @@ "evra": "0.9.1-4.fc33.x86_64" }, "containers-common": { - "evra": "4:1-10.fc33.noarch" + "evra": "4:1-15.fc33.noarch" }, "coreos-installer": { "evra": "0.9.0-2.fc33.x86_64" @@ -166,7 +166,7 @@ "evra": "3.15-1.fc33.x86_64" }, "crun": { - "evra": "0.19-1.fc33.x86_64" + "evra": "0.19.1-2.fc33.x86_64" }, "crypto-policies": { "evra": "20200918-1.git85dccc5.fc33.noarch" @@ -337,7 +337,7 @@ "evra": "3.9.4-1.fc33.x86_64" }, "fwupd": { - "evra": "1.5.9-1.fc33.x86_64" + "evra": "1.5.9-2.fc33.x86_64" }, "gawk": { "evra": "5.1.0-2.fc33.x86_64" @@ -979,10 +979,10 @@ "evra": "1.7.3-5.fc33.x86_64" }, "podman": { - "evra": "2:3.1.0-3.fc33.x86_64" + "evra": "2:3.1.2-1.fc33.x86_64" }, "podman-plugins": { - "evra": "2:3.1.0-3.fc33.x86_64" + "evra": "2:3.1.2-1.fc33.x86_64" }, "policycoreutils": { "evra": "3.1-4.fc33.x86_64" @@ -1042,7 +1042,7 @@ "evra": "3.2.3-3.fc33.x86_64" }, "runc": { - "evra": "2:1.0.0-375.dev.git12644e6.fc33.x86_64" + "evra": "2:1.0.0-377.rc93.fc33.x86_64" }, "samba-client-libs": { "evra": "2:4.13.7-1.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-23T21:09:24Z", + "generated": "2021-04-26T16:58:45Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-23T02:57:56Z" + "generated": "2021-04-24T21:45:29Z" }, "fedora-updates": { - "generated": "2021-04-23T14:41:11Z" + "generated": "2021-04-26T01:12:26Z" } } } From e70a7606602bef07aaee268eeb75ac2e930691d7 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 26 Apr 2021 14:16:30 -0400 Subject: [PATCH 199/489] overrides: drop graduated overrides --- manifest-lock.overrides.yaml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index ff0c7c7b92..3b88693e34 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -14,21 +14,3 @@ packages: evra: 246.7-1.fc33.noarch systemd-udev: evr: 246.7-1.fc33 - # Fast-track new coreos-installer release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-c67cfeca62 - coreos-installer: - evr: 0.9.0-2.fc33 - coreos-installer-bootinfra: - evr: 0.9.0-2.fc33 - # Fast-track new afterburn release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-fb2a204001 - afterburn: - evr: 5.0.0-1.fc33 - afterburn-dracut: - evr: 5.0.0-1.fc33 - # Fast-track rpm-ostree for CVE-2021-3445 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-eadfc56b95 - rpm-ostree: - evr: 2021.4-1.fc33 - rpm-ostree-libs: - evr: 2021.4-1.fc33 From 33048b3778863968507d77d486f33f7c50fd2eca Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 26 Apr 2021 10:25:12 -0400 Subject: [PATCH 200/489] buildroot: Blow quay.io cache So we get the updated ostree. This is getting a bit tiring; we need to either find a way to regularly expire the quay.io caching automatically, or use something other than quay to do builds. --- ci/buildroot/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/buildroot/Dockerfile b/ci/buildroot/Dockerfile index a3dc9a67be..cbbb314c6a 100644 --- a/ci/buildroot/Dockerfile +++ b/ci/buildroot/Dockerfile @@ -7,4 +7,4 @@ # Ignition, rpm-ostree, ostree, coreos-installer, etc... FROM registry.fedoraproject.org/fedora:33 COPY . /src -RUN ./src/install-buildroot.sh && yum clean all && rm /src -rf # nocache 20210406 +RUN ./src/install-buildroot.sh && yum clean all && rm /src -rf # nocache 20210426 From 2763cb1662e304aef0aae6156aafe8b5ed43973a Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 27 Apr 2021 11:46:52 -0400 Subject: [PATCH 201/489] manifests: explicitly add fwupd This was pulled in transitively when we moved to f33, and we knowingly allowed it because we wanted it. But in f34, it looks like it gets dropped out again, so explicitly list it now to make sure we keep shipping it. --- manifests/bootable-rpm-ostree.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/bootable-rpm-ostree.yaml b/manifests/bootable-rpm-ostree.yaml index 809cc77af6..862a01e58b 100644 --- a/manifests/bootable-rpm-ostree.yaml +++ b/manifests/bootable-rpm-ostree.yaml @@ -10,6 +10,8 @@ packages: - kernel kernel-core kernel-modules systemd # rpm-ostree - rpm-ostree nss-altfiles + # firmware updates + - fwupd # bootloader packages-aarch64: From da55a2e50c2dddc96dfb9e3743ebfd374627133a Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 28 Apr 2021 21:34:21 +0000 Subject: [PATCH 202/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/237/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 8ed09eb380..3d24bcd6ab 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -469,13 +469,13 @@ "evra": "2.3.0-2.fc33.noarch" }, "kernel": { - "evra": "5.11.15-200.fc33.x86_64" + "evra": "5.11.16-200.fc33.x86_64" }, "kernel-core": { - "evra": "5.11.15-200.fc33.x86_64" + "evra": "5.11.16-200.fc33.x86_64" }, "kernel-modules": { - "evra": "5.11.15-200.fc33.x86_64" + "evra": "5.11.16-200.fc33.x86_64" }, "kexec-tools": { "evra": "2.0.21-4.fc33.x86_64" @@ -580,13 +580,13 @@ "evra": "1.4-3.fc33.x86_64" }, "libgcc": { - "evra": "10.2.1-9.fc33.x86_64" + "evra": "10.3.1-1.fc33.x86_64" }, "libgcrypt": { "evra": "1.8.7-1.fc33.x86_64" }, "libgomp": { - "evra": "10.2.1-9.fc33.x86_64" + "evra": "10.3.1-1.fc33.x86_64" }, "libgpg-error": { "evra": "1.41-1.fc33.x86_64" @@ -757,7 +757,7 @@ "evra": "2.4.2-2.fc33.x86_64" }, "libstdc++": { - "evra": "10.2.1-9.fc33.x86_64" + "evra": "10.3.1-1.fc33.x86_64" }, "libtalloc": { "evra": "2.3.1-5.fc33.x86_64" @@ -868,7 +868,7 @@ "evra": "2:0.4.0-2.fc33.x86_64" }, "mozjs78": { - "evra": "78.9.0-1.fc33.x86_64" + "evra": "78.10.0-1.fc33.x86_64" }, "mpfr": { "evra": "4.1.0-5.fc33.x86_64" @@ -934,10 +934,10 @@ "evra": "1.77-6.fc33.x86_64" }, "ostree": { - "evra": "2021.1-2.fc33.x86_64" + "evra": "2021.2-2.fc33.x86_64" }, "ostree-libs": { - "evra": "2021.1-2.fc33.x86_64" + "evra": "2021.2-2.fc33.x86_64" }, "p11-kit": { "evra": "0.23.22-2.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-26T16:58:45Z", + "generated": "2021-04-28T20:55:01Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-24T21:45:29Z" + "generated": "2021-04-27T21:49:40Z" }, "fedora-updates": { - "generated": "2021-04-26T01:12:26Z" + "generated": "2021-04-28T02:39:37Z" } } } From c8628a4fb684d32a35b115832d44ebedd219a821 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 29 Apr 2021 01:37:53 -0400 Subject: [PATCH 203/489] README: move rebase instructions to a tracker checklist https://github.com/coreos/fedora-coreos-tracker/pull/806 --- README.md | 61 +------------------------------------------------------ 1 file changed, 1 insertion(+), 60 deletions(-) diff --git a/README.md b/README.md index 675862fe18..8b98fcaadf 100644 --- a/README.md +++ b/README.md @@ -90,66 +90,7 @@ one easy way to do this is for now: ## Moving to a new major version (N) of Fedora -Updating this repo: - -1. bump `releasever` in `manifest.yaml` -2. update the repos in `manifest.yaml` if needed -3. run `cosa fetch --update-lockfile` -4. bump the base Fedora version in `ci/buildroot/Dockerfile` -5. PR the result - -Update server changes: - -1. Set a new update barrier for N-2 on all streams. - In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). - See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). - -CoreOS Installer changes: - -1. Update CoreOS Installer to know about the signing key used for the - future new major version of Fedora (N+1). Note that the signing - keys for N+1 won't get created until releng branches and rawhide - becomes N+1. - -Release engineering changes: - -1. Verify that a few tags have been created. These should have been created - by releng scripts on branching: - -- `f${releasever}-coreos-signing-pending` -- `f${releasever}-coreos-continuous` - -2. The tag info for the coreos-pool tag has the new release (N) and - next release (N+1) signing keys (just to stay ahead of the curve) - and removes the old release (N-2) signing key. The following commands - view the current settings and then update the list to 32/33/34 keys. - You'll most likely have to get someone from releng to run the second - command (`edit-tag`). - -- `koji taginfo coreos-pool` -- `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39"` - - -3. `koji untag` N-2 packages from the pool (at some point we'll have GC - in place to do this for us, but for now we must remember to do this - manually or otherwise distRepo will fail once the signed packages are - GC'ed). For example the following snippet finds all RPMs signed by the - Fedora 31 key and untags them. - -``` -f31key=3c3359c4 -key=$f31key -untaglist='' -for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do - if koji buildinfo $build | grep $key 1>/dev/null; then - untaglist+="${build} " - echo "Adding $build to untag list" - fi -done - -# After verifying the list looks good: -# - koji untag-build coreos-pool $untaglist -``` +[Create a rebase checklist](https://github.com/coreos/fedora-coreos-tracker/issues/new?labels=kind/enhancement&template=rebase.md&title=Rebase+onto+Fedora+N) in fedora-coreos-tracker. ## CoreOS CI From af44cb3673a15472ff71673e26213c14530a4bb0 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 29 Apr 2021 09:53:08 -0400 Subject: [PATCH 204/489] Add temporary workaround for `agetty --reload` SELinux denial In f34+, we're hitting an SELinux denial from c-l-h-m trying to do `agetty --reload` and causing `/run/agetty.reload` to be created with the wrong label. This then prevents agetty from adding an inotify watch to know when to reload the prompt to display new information. For more details, see: https://github.com/coreos/fedora-coreos-config/pull/859#issuecomment-783713383 This is tracked at https://bugzilla.redhat.com/show_bug.cgi?id=1932053. With this workaround, we create the file up front in the initrd so that it gets relabeled by systemd on switchroot and thus will already exists with the right label well before c-l-h-m or anything else tries to `agetty --reload`. --- .../coreos-touch-run-agetty.service | 12 +++++++++++ .../module-setup.sh | 21 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service create mode 100755 overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service b/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service new file mode 100644 index 0000000000..743670ea0b --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service @@ -0,0 +1,12 @@ +# Temporary hack to work around agetty SELinux denials. +# https://github.com/coreos/fedora-coreos-config/pull/859#issuecomment-783713383 +# https://bugzilla.redhat.com/show_bug.cgi?id=1932053 +[Unit] +Description=CoreOS: Touch /run/agetty.reload +Documentation=https://bugzilla.redhat.com/show_bug.cgi?id=1932053 +DefaultDependencies=false + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/touch /run/agetty.reload diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh new file mode 100755 index 0000000000..a796f5b593 --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +# Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1932053. + +install_unit() { + local unit=$1; shift + inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" + # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 + systemctl -q --root="$initdir" add-requires initrd.target "$unit" || exit 1 +} + +install() { + inst_multiple \ + touch + + # TODO f34: check if we can drop this whole module + install_unit coreos-touch-run-agetty.service +} From b70d19c2d674403c4b970f6df657bc0abc866f0a Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 29 Apr 2021 21:36:51 +0000 Subject: [PATCH 205/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/240/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 3d24bcd6ab..d4b3573206 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -871,7 +871,7 @@ "evra": "78.10.0-1.fc33.x86_64" }, "mpfr": { - "evra": "4.1.0-5.fc33.x86_64" + "evra": "4.1.0-6.fc33.x86_64" }, "ncurses": { "evra": "6.2-3.20200222.fc33.x86_64" @@ -1177,7 +1177,7 @@ "evra": "2.36.1-1.fc33.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2787-1.fc33.x86_64" + "evra": "2:8.2.2811-1.fc33.x86_64" }, "which": { "evra": "2.21-20.fc33.x86_64" @@ -1211,16 +1211,16 @@ } }, "metadata": { - "generated": "2021-04-28T20:55:01Z", + "generated": "2021-04-29T20:55:15Z", "rpmmd_repos": { "fedora": { "generated": "2020-10-19T23:27:19Z" }, "fedora-coreos-pool": { - "generated": "2021-04-27T21:49:40Z" + "generated": "2021-04-29T04:39:55Z" }, "fedora-updates": { - "generated": "2021-04-28T02:39:37Z" + "generated": "2021-04-29T18:47:17Z" } } } From 15c266af05c25049eb1abb958b6ab161be5f94c3 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 29 Apr 2021 17:15:10 -0400 Subject: [PATCH 206/489] Move to Fedora 34! --- manifest-lock.overrides.yaml | 21 +- manifest-lock.x86_64.json | 829 +++++++++++++++++------------------ manifest.yaml | 2 +- 3 files changed, 414 insertions(+), 438 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 3b88693e34..b60cbc3ecc 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -1,16 +1,7 @@ packages: - # Keep this until we move to Fedora 34. - # https://github.com/coreos/fedora-coreos-tracker/issues/649 - # https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 - systemd: - evr: 246.7-1.fc33 - systemd-container: - evr: 246.7-1.fc33 - systemd-libs: - evr: 246.7-1.fc33 - systemd-pam: - evr: 246.7-1.fc33 - systemd-rpm-macros: - evra: 246.7-1.fc33.noarch - systemd-udev: - evr: 246.7-1.fc33 + ############################################# + # updates to prevent downgrades from f33->f34 + ############################################# + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-39df52b880 + fstrm: + evr: 0.6.1-2.fc34 diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index d4b3573206..eae162edc4 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1,1226 +1,1211 @@ { "packages": { "NetworkManager": { - "evra": "1:1.26.8-1.fc33.x86_64" + "evra": "1:1.30.4-1.fc34.x86_64" }, "NetworkManager-cloud-setup": { - "evra": "1:1.26.8-1.fc33.x86_64" + "evra": "1:1.30.4-1.fc34.x86_64" }, "NetworkManager-libnm": { - "evra": "1:1.26.8-1.fc33.x86_64" + "evra": "1:1.30.4-1.fc34.x86_64" }, "NetworkManager-team": { - "evra": "1:1.26.8-1.fc33.x86_64" + "evra": "1:1.30.4-1.fc34.x86_64" }, "NetworkManager-tui": { - "evra": "1:1.26.8-1.fc33.x86_64" + "evra": "1:1.30.4-1.fc34.x86_64" }, "WALinuxAgent-udev": { - "evra": "2.2.52-1.fc33.noarch" + "evra": "2.2.52-5.fc34.noarch" }, "acl": { - "evra": "2.2.53-9.fc33.x86_64" + "evra": "2.3.1-1.fc34.x86_64" }, "adcli": { - "evra": "0.9.0-4.fc33.x86_64" + "evra": "0.9.1-3.fc34.x86_64" }, "afterburn": { - "evra": "5.0.0-1.fc33.x86_64" + "evra": "5.0.0-1.fc34.x86_64" }, "afterburn-dracut": { - "evra": "5.0.0-1.fc33.x86_64" + "evra": "5.0.0-1.fc34.x86_64" }, "alternatives": { - "evra": "1.14-3.fc33.x86_64" + "evra": "1.15-2.fc34.x86_64" }, "attr": { - "evra": "2.4.48-10.fc33.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "audit-libs": { - "evra": "3.0.1-2.fc33.x86_64" + "evra": "3.0.1-2.fc34.x86_64" }, "avahi-libs": { - "evra": "0.8-7.fc33.x86_64" + "evra": "0.8-9.fc34.x86_64" }, "basesystem": { - "evra": "11-10.fc33.noarch" + "evra": "11-11.fc34.noarch" }, "bash": { - "evra": "5.0.17-2.fc33.x86_64" + "evra": "5.1.0-2.fc34.x86_64" }, "bash-completion": { - "evra": "1:2.8-9.fc33.noarch" + "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.11.28-1.fc33.x86_64" + "evra": "32:9.16.11-5.fc34.x86_64" }, "bind-libs-lite": { - "evra": "32:9.11.28-1.fc33.x86_64" + "evra": "32:9.16.11-5.fc34.x86_64" }, "bind-license": { - "evra": "32:9.11.28-1.fc33.noarch" + "evra": "32:9.16.11-5.fc34.noarch" }, "bind-utils": { - "evra": "32:9.11.28-1.fc33.x86_64" + "evra": "32:9.16.11-5.fc34.x86_64" }, "bootupd": { - "evra": "0.2.4-2.fc33.x86_64" + "evra": "0.2.5-3.fc34.x86_64" }, "bsdtar": { - "evra": "3.5.1-1.fc33.x86_64" + "evra": "3.5.1-2.fc34.x86_64" }, "btrfs-progs": { - "evra": "5.10-1.fc33.x86_64" + "evra": "5.11.1-1.fc34.x86_64" }, "bubblewrap": { - "evra": "0.4.1-2.fc33.x86_64" + "evra": "0.4.1-3.fc34.x86_64" }, "bzip2": { - "evra": "1.0.8-4.fc33.x86_64" + "evra": "1.0.8-6.fc34.x86_64" }, "bzip2-libs": { - "evra": "1.0.8-4.fc33.x86_64" + "evra": "1.0.8-6.fc34.x86_64" }, "c-ares": { - "evra": "1.17.0-1.fc33.x86_64" + "evra": "1.17.1-2.fc34.x86_64" }, "ca-certificates": { - "evra": "2020.2.41-4.fc33.noarch" + "evra": "2020.2.41-7.fc34.noarch" }, "catatonit": { - "evra": "0.1.5-3.fc33.x86_64" + "evra": "0.1.5-4.fc34.x86_64" }, "chrony": { - "evra": "4.0-1.fc33.x86_64" + "evra": "4.0-3.fc34.x86_64" }, "cifs-utils": { - "evra": "6.11-2.fc33.x86_64" + "evra": "6.11-3.fc34.x86_64" }, "clevis": { - "evra": "18-1.fc33.x86_64" + "evra": "18-1.fc34.x86_64" }, "clevis-dracut": { - "evra": "18-1.fc33.x86_64" + "evra": "18-1.fc34.x86_64" }, "clevis-luks": { - "evra": "18-1.fc33.x86_64" + "evra": "18-1.fc34.x86_64" }, "clevis-systemd": { - "evra": "18-1.fc33.x86_64" + "evra": "18-1.fc34.x86_64" }, "cloud-utils-growpart": { - "evra": "0.31-7.fc33.noarch" + "evra": "0.31-8.fc34.noarch" }, "compat-readline5": { - "evra": "5.2-37.fc33.x86_64" + "evra": "5.2-39.fc34.x86_64" }, "conmon": { - "evra": "2:2.0.27-2.fc33.x86_64" + "evra": "2:2.0.27-2.fc34.x86_64" }, "console-login-helper-messages": { - "evra": "0.21.2-1.fc33.noarch" + "evra": "0.21.2-1.fc34.noarch" }, "console-login-helper-messages-issuegen": { - "evra": "0.21.2-1.fc33.noarch" + "evra": "0.21.2-1.fc34.noarch" }, "console-login-helper-messages-motdgen": { - "evra": "0.21.2-1.fc33.noarch" + "evra": "0.21.2-1.fc34.noarch" }, "console-login-helper-messages-profile": { - "evra": "0.21.2-1.fc33.noarch" + "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.160.0-1.fc33.noarch" + "evra": "2:2.160.0-2.fc34.noarch" }, "containerd": { - "evra": "1.4.4-1.fc33.x86_64" + "evra": "1.5.0~rc.1-1.fc34.x86_64" }, "containernetworking-plugins": { - "evra": "0.9.1-4.fc33.x86_64" + "evra": "0.9.1-4.fc34.x86_64" }, "containers-common": { - "evra": "4:1-15.fc33.noarch" + "evra": "4:1-15.fc34.noarch" }, "coreos-installer": { - "evra": "0.9.0-2.fc33.x86_64" + "evra": "0.9.0-2.fc34.x86_64" }, "coreos-installer-bootinfra": { - "evra": "0.9.0-2.fc33.x86_64" + "evra": "0.9.0-2.fc34.x86_64" }, "coreutils": { - "evra": "8.32-18.fc33.x86_64" + "evra": "8.32-23.fc34.x86_64" }, "coreutils-common": { - "evra": "8.32-18.fc33.x86_64" + "evra": "8.32-23.fc34.x86_64" }, "cpio": { - "evra": "2.13-8.fc33.x86_64" + "evra": "2.13-10.fc34.x86_64" }, "cracklib": { - "evra": "2.9.6-24.fc33.x86_64" + "evra": "2.9.6-25.fc34.x86_64" }, "criu": { - "evra": "3.15-1.fc33.x86_64" + "evra": "3.15-3.fc34.x86_64" }, "criu-libs": { - "evra": "3.15-1.fc33.x86_64" + "evra": "3.15-3.fc34.x86_64" }, "crun": { - "evra": "0.19.1-2.fc33.x86_64" + "evra": "0.19.1-2.fc34.x86_64" }, "crypto-policies": { - "evra": "20200918-1.git85dccc5.fc33.noarch" + "evra": "20210213-1.git5c710c0.fc34.noarch" }, "cryptsetup": { - "evra": "2.3.5-2.fc33.x86_64" + "evra": "2.3.5-2.fc34.x86_64" }, "cryptsetup-libs": { - "evra": "2.3.5-2.fc33.x86_64" + "evra": "2.3.5-2.fc34.x86_64" }, "cups-libs": { - "evra": "1:2.3.3op2-4.fc33.x86_64" + "evra": "1:2.3.3op2-4.fc34.x86_64" }, "curl": { - "evra": "7.71.1-9.fc33.x86_64" + "evra": "7.76.1-1.fc34.x86_64" }, "cyrus-sasl-gssapi": { - "evra": "2.1.27-6.fc33.x86_64" + "evra": "2.1.27-8.fc34.x86_64" }, "cyrus-sasl-lib": { - "evra": "2.1.27-6.fc33.x86_64" + "evra": "2.1.27-8.fc34.x86_64" }, "dbus": { - "evra": "1:1.12.20-2.fc33.x86_64" + "evra": "1:1.12.20-3.fc34.x86_64" }, "dbus-broker": { - "evra": "28-3.fc33.x86_64" + "evra": "28-3.fc34.x86_64" }, "dbus-common": { - "evra": "1:1.12.20-2.fc33.noarch" + "evra": "1:1.12.20-3.fc34.noarch" }, "dbus-libs": { - "evra": "1:1.12.20-2.fc33.x86_64" + "evra": "1:1.12.20-3.fc34.x86_64" }, "device-mapper": { - "evra": "1.02.173-1.fc33.x86_64" + "evra": "1.02.175-1.fc34.x86_64" }, "device-mapper-event": { - "evra": "1.02.173-1.fc33.x86_64" + "evra": "1.02.175-1.fc34.x86_64" }, "device-mapper-event-libs": { - "evra": "1.02.173-1.fc33.x86_64" + "evra": "1.02.175-1.fc34.x86_64" }, "device-mapper-libs": { - "evra": "1.02.173-1.fc33.x86_64" + "evra": "1.02.175-1.fc34.x86_64" }, "device-mapper-multipath": { - "evra": "0.8.4-7.fc33.x86_64" + "evra": "0.8.5-4.fc34.x86_64" }, "device-mapper-multipath-libs": { - "evra": "0.8.4-7.fc33.x86_64" + "evra": "0.8.5-4.fc34.x86_64" }, "device-mapper-persistent-data": { - "evra": "0.8.5-4.fc33.x86_64" + "evra": "0.9.0-3.fc34.x86_64" }, "diffutils": { - "evra": "3.7-7.fc33.x86_64" + "evra": "3.7-8.fc34.x86_64" }, "dnsmasq": { - "evra": "2.85-1.fc33.x86_64" + "evra": "2.85-1.fc34.x86_64" }, "dosfstools": { - "evra": "4.1-12.fc33.x86_64" + "evra": "4.2-1.fc34.x86_64" }, "dracut": { - "evra": "050-64.git20200529.fc33.x86_64" + "evra": "053-5.fc34.x86_64" }, "dracut-network": { - "evra": "050-64.git20200529.fc33.x86_64" + "evra": "053-5.fc34.x86_64" }, "e2fsprogs": { - "evra": "1.45.6-4.fc33.x86_64" + "evra": "1.45.6-5.fc34.x86_64" }, "e2fsprogs-libs": { - "evra": "1.45.6-4.fc33.x86_64" + "evra": "1.45.6-5.fc34.x86_64" }, "efi-filesystem": { - "evra": "4-5.fc33.noarch" + "evra": "5-2.fc34.noarch" }, "efibootmgr": { - "evra": "16-9.fc33.x86_64" + "evra": "16-10.fc34.x86_64" }, "efivar-libs": { - "evra": "37-14.fc33.x86_64" + "evra": "37-15.fc34.x86_64" }, "elfutils-default-yama-scope": { - "evra": "0.183-1.fc33.noarch" + "evra": "0.183-1.fc34.noarch" }, "elfutils-libelf": { - "evra": "0.183-1.fc33.x86_64" + "evra": "0.183-1.fc34.x86_64" }, "elfutils-libs": { - "evra": "0.183-1.fc33.x86_64" + "evra": "0.183-1.fc34.x86_64" }, "ethtool": { - "evra": "2:5.10-1.fc33.x86_64" + "evra": "2:5.10-2.fc34.x86_64" }, "expat": { - "evra": "2.2.8-3.fc33.x86_64" + "evra": "2.2.10-2.fc34.x86_64" }, "fedora-coreos-pinger": { - "evra": "0.0.4-7.fc33.x86_64" + "evra": "0.0.4-9.fc34.x86_64" }, "fedora-gpg-keys": { - "evra": "33-4.noarch" + "evra": "34-1.noarch" }, "fedora-release-common": { - "evra": "33-4.noarch" + "evra": "34-1.noarch" }, "fedora-release-coreos": { - "evra": "33-4.noarch" + "evra": "34-1.noarch" }, "fedora-release-identity-coreos": { - "evra": "33-4.noarch" + "evra": "34-1.noarch" }, "fedora-repos": { - "evra": "33-4.noarch" + "evra": "34-1.noarch" }, "fedora-repos-archive": { - "evra": "33-4.noarch" + "evra": "34-1.noarch" }, "fedora-repos-modular": { - "evra": "33-4.noarch" + "evra": "34-1.noarch" }, "fedora-repos-ostree": { - "evra": "33-4.noarch" + "evra": "34-1.noarch" }, "file": { - "evra": "5.39-3.fc33.x86_64" + "evra": "5.39-5.fc34.x86_64" }, "file-libs": { - "evra": "5.39-3.fc33.x86_64" + "evra": "5.39-5.fc34.x86_64" }, "filesystem": { - "evra": "3.14-3.fc33.x86_64" + "evra": "3.14-5.fc34.x86_64" }, "findutils": { - "evra": "1:4.7.0-7.fc33.x86_64" + "evra": "1:4.8.0-2.fc34.x86_64" }, "firewalld-filesystem": { - "evra": "0.8.6-1.fc33.noarch" + "evra": "0.9.3-2.fc34.noarch" }, "flatpak-session-helper": { - "evra": "1.10.2-3.fc33.x86_64" + "evra": "1.10.2-3.fc34.x86_64" }, "fstrm": { - "evra": "0.6.1-2.fc33.x86_64" + "evra": "0.6.1-2.fc34.x86_64" }, "fuse": { - "evra": "2.9.9-10.fc33.x86_64" + "evra": "2.9.9-11.fc34.x86_64" }, "fuse-common": { - "evra": "3.9.4-1.fc33.x86_64" + "evra": "3.10.2-1.fc34.x86_64" }, "fuse-libs": { - "evra": "2.9.9-10.fc33.x86_64" + "evra": "2.9.9-11.fc34.x86_64" }, "fuse-overlayfs": { - "evra": "1.5.0-1.fc33.x86_64" + "evra": "1.5.0-1.fc34.x86_64" }, "fuse-sshfs": { - "evra": "3.7.1-1.fc33.x86_64" + "evra": "3.7.1-2.fc34.x86_64" }, "fuse3": { - "evra": "3.9.4-1.fc33.x86_64" + "evra": "3.10.2-1.fc34.x86_64" }, "fuse3-libs": { - "evra": "3.9.4-1.fc33.x86_64" + "evra": "3.10.2-1.fc34.x86_64" }, "fwupd": { - "evra": "1.5.9-2.fc33.x86_64" + "evra": "1.5.9-2.fc34.x86_64" }, "gawk": { - "evra": "5.1.0-2.fc33.x86_64" + "evra": "5.1.0-3.fc34.x86_64" }, "gdisk": { - "evra": "1.0.7-1.fc33.x86_64" + "evra": "1.0.7-1.fc34.x86_64" }, "gettext": { - "evra": "0.21-3.fc33.x86_64" + "evra": "0.21-4.fc34.x86_64" }, "gettext-libs": { - "evra": "0.21-3.fc33.x86_64" + "evra": "0.21-4.fc34.x86_64" }, "git-core": { - "evra": "2.30.2-1.fc33.x86_64" + "evra": "2.31.1-1.fc34.x86_64" }, "glib2": { - "evra": "2.66.8-1.fc33.x86_64" + "evra": "2.68.1-1.fc34.x86_64" }, "glibc": { - "evra": "2.32-4.fc33.x86_64" - }, - "glibc-all-langpacks": { - "evra": "2.32-4.fc33.x86_64" + "evra": "2.33-5.fc34.x86_64" }, "glibc-common": { - "evra": "2.32-4.fc33.x86_64" + "evra": "2.33-5.fc34.x86_64" + }, + "glibc-minimal-langpack": { + "evra": "2.33-5.fc34.x86_64" }, "gmp": { - "evra": "1:6.2.0-5.fc33.x86_64" + "evra": "1:6.2.0-6.fc34.x86_64" }, "gnupg2": { - "evra": "2.2.25-2.fc33.x86_64" + "evra": "2.2.27-4.fc34.x86_64" }, "gnutls": { - "evra": "3.6.15-1.fc33.x86_64" + "evra": "3.7.1-2.fc34.x86_64" }, "gpgme": { - "evra": "1.14.0-2.fc33.x86_64" + "evra": "1.15.1-2.fc34.x86_64" }, "grep": { - "evra": "3.4-5.fc33.x86_64" + "evra": "3.6-2.fc34.x86_64" }, "grub2-common": { - "evra": "1:2.06~rc1-2.fc33.noarch" + "evra": "1:2.06~rc1-4.fc34.noarch" }, "grub2-efi-x64": { - "evra": "1:2.06~rc1-2.fc33.x86_64" + "evra": "1:2.06~rc1-4.fc34.x86_64" }, "grub2-pc": { - "evra": "1:2.06~rc1-2.fc33.x86_64" + "evra": "1:2.06~rc1-4.fc34.x86_64" }, "grub2-pc-modules": { - "evra": "1:2.06~rc1-2.fc33.noarch" + "evra": "1:2.06~rc1-4.fc34.noarch" }, "grub2-tools": { - "evra": "1:2.06~rc1-2.fc33.x86_64" + "evra": "1:2.06~rc1-4.fc34.x86_64" }, "grub2-tools-minimal": { - "evra": "1:2.06~rc1-2.fc33.x86_64" + "evra": "1:2.06~rc1-4.fc34.x86_64" }, "gzip": { - "evra": "1.10-3.fc33.x86_64" + "evra": "1.10-4.fc34.x86_64" }, "hostname": { - "evra": "3.23-3.fc33.x86_64" - }, - "hwdata": { - "evra": "0.346-1.fc33.noarch" + "evra": "3.23-4.fc34.x86_64" }, "ignition": { - "evra": "2.9.0-4.fc33.x86_64" + "evra": "2.9.0-4.fc34.x86_64" + }, + "inih": { + "evra": "49-3.fc34.x86_64" }, "iproute": { - "evra": "5.9.0-1.fc33.x86_64" + "evra": "5.10.0-2.fc34.x86_64" }, "iproute-tc": { - "evra": "5.9.0-1.fc33.x86_64" + "evra": "5.10.0-2.fc34.x86_64" }, "iptables": { - "evra": "1.8.5-6.fc33.x86_64" + "evra": "1.8.7-3.fc34.x86_64" }, "iptables-libs": { - "evra": "1.8.5-6.fc33.x86_64" + "evra": "1.8.7-3.fc34.x86_64" }, "iptables-nft": { - "evra": "1.8.5-6.fc33.x86_64" + "evra": "1.8.7-3.fc34.x86_64" }, "iptables-services": { - "evra": "1.8.5-6.fc33.x86_64" + "evra": "1.8.7-6.fc34.x86_64" }, "iputils": { - "evra": "20200821-1.fc33.x86_64" + "evra": "20210202-2.fc34.x86_64" }, "irqbalance": { - "evra": "2:1.7.0-4.fc33.x86_64" + "evra": "2:1.7.0-5.fc34.x86_64" }, "iscsi-initiator-utils": { - "evra": "6.2.1.1-0.gitac87641.fc33.2.x86_64" + "evra": "6.2.1.2-5.gita8fcb37.fc34.x86_64" }, "iscsi-initiator-utils-iscsiuio": { - "evra": "6.2.1.1-0.gitac87641.fc33.2.x86_64" + "evra": "6.2.1.2-5.gita8fcb37.fc34.x86_64" }, "isns-utils-libs": { - "evra": "0.97-11.fc33.x86_64" + "evra": "0.100-1.fc34.x86_64" }, "jansson": { - "evra": "2.13.1-1.fc33.x86_64" + "evra": "2.13.1-2.fc34.x86_64" }, "jose": { - "evra": "10-8.fc33.x86_64" + "evra": "10-9.fc34.x86_64" }, "jq": { - "evra": "1.6-5.fc33.x86_64" + "evra": "1.6-7.fc34.x86_64" }, "json-c": { - "evra": "0.14-7.fc33.x86_64" + "evra": "0.14-8.fc34.x86_64" }, "json-glib": { - "evra": "1.6.2-1.fc33.x86_64" + "evra": "1.6.2-1.fc34.x86_64" }, "kbd": { - "evra": "2.3.0-2.fc33.x86_64" - }, - "kbd-legacy": { - "evra": "2.3.0-2.fc33.noarch" + "evra": "2.4.0-2.fc34.x86_64" }, "kbd-misc": { - "evra": "2.3.0-2.fc33.noarch" + "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.11.16-200.fc33.x86_64" + "evra": "5.11.16-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.11.16-200.fc33.x86_64" + "evra": "5.11.16-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.11.16-200.fc33.x86_64" + "evra": "5.11.16-300.fc34.x86_64" }, "kexec-tools": { - "evra": "2.0.21-4.fc33.x86_64" + "evra": "2.0.21-5.fc34.x86_64" }, "keyutils": { - "evra": "1.6.1-1.fc33.x86_64" + "evra": "1.6.1-2.fc34.x86_64" }, "keyutils-libs": { - "evra": "1.6.1-1.fc33.x86_64" + "evra": "1.6.1-2.fc34.x86_64" }, "kmod": { - "evra": "27-3.fc33.x86_64" + "evra": "28-2.fc34.x86_64" }, "kmod-libs": { - "evra": "27-3.fc33.x86_64" + "evra": "28-2.fc34.x86_64" }, "kpartx": { - "evra": "0.8.4-7.fc33.x86_64" + "evra": "0.8.5-4.fc34.x86_64" }, "krb5-libs": { - "evra": "1.18.2-29.fc33.x86_64" + "evra": "1.19.1-3.fc34.x86_64" }, "less": { - "evra": "551-4.fc33.x86_64" + "evra": "575-2.fc34.x86_64" }, "libacl": { - "evra": "2.2.53-9.fc33.x86_64" + "evra": "2.3.1-1.fc34.x86_64" }, "libaio": { - "evra": "0.3.111-10.fc33.x86_64" + "evra": "0.3.111-11.fc34.x86_64" }, "libarchive": { - "evra": "3.5.1-1.fc33.x86_64" + "evra": "3.5.1-2.fc34.x86_64" }, "libargon2": { - "evra": "20171227-5.fc33.x86_64" + "evra": "20171227-6.fc34.x86_64" }, "libassuan": { - "evra": "2.5.3-4.fc33.x86_64" + "evra": "2.5.5-1.fc34.x86_64" }, "libattr": { - "evra": "2.4.48-10.fc33.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "libbasicobjects": { - "evra": "0.1.1-46.fc33.x86_64" + "evra": "0.1.1-47.fc34.x86_64" }, "libblkid": { - "evra": "2.36.1-1.fc33.x86_64" + "evra": "2.36.2-1.fc34.x86_64" }, "libbrotli": { - "evra": "1.0.9-3.fc33.x86_64" + "evra": "1.0.9-4.fc34.x86_64" }, "libbsd": { - "evra": "0.10.0-4.fc33.x86_64" + "evra": "0.10.0-7.fc34.x86_64" }, "libcap": { - "evra": "2.48-2.fc33.x86_64" + "evra": "2.48-2.fc34.x86_64" }, "libcap-ng": { - "evra": "0.8-1.fc33.x86_64" + "evra": "0.8.2-4.fc34.x86_64" }, "libcbor": { - "evra": "0.5.0-7.fc33.x86_64" + "evra": "0.7.0-3.fc34.x86_64" }, "libcollection": { - "evra": "0.7.0-46.fc33.x86_64" + "evra": "0.7.0-47.fc34.x86_64" }, "libcom_err": { - "evra": "1.45.6-4.fc33.x86_64" + "evra": "1.45.6-5.fc34.x86_64" }, "libcurl": { - "evra": "7.71.1-9.fc33.x86_64" + "evra": "7.76.1-1.fc34.x86_64" }, "libdaemon": { - "evra": "0.14-20.fc33.x86_64" + "evra": "0.14-21.fc34.x86_64" }, "libdb": { - "evra": "5.3.28-45.fc33.x86_64" + "evra": "5.3.28-46.fc34.x86_64" }, "libdhash": { - "evra": "0.5.0-46.fc33.x86_64" + "evra": "0.5.0-47.fc34.x86_64" }, "libeconf": { - "evra": "0.3.8-4.fc33.x86_64" + "evra": "0.3.8-5.fc34.x86_64" }, "libedit": { - "evra": "3.1-33.20191231cvs.fc33.x86_64" + "evra": "3.1-36.20210419cvs.fc34.x86_64" }, "libevent": { - "evra": "2.1.8-10.fc33.x86_64" + "evra": "2.1.12-3.fc34.x86_64" }, "libfdisk": { - "evra": "2.36.1-1.fc33.x86_64" + "evra": "2.36.2-1.fc34.x86_64" }, "libffi": { - "evra": "3.1-26.fc33.x86_64" + "evra": "3.1-28.fc34.x86_64" }, "libfido2": { - "evra": "1.4.0-3.fc33.x86_64" + "evra": "1.6.0-2.fc34.x86_64" }, "libgcab1": { - "evra": "1.4-3.fc33.x86_64" + "evra": "1.4-4.fc34.x86_64" }, "libgcc": { - "evra": "10.3.1-1.fc33.x86_64" + "evra": "11.0.1-0.3.fc34.x86_64" }, "libgcrypt": { - "evra": "1.8.7-1.fc33.x86_64" + "evra": "1.9.3-1.fc34.x86_64" }, "libgomp": { - "evra": "10.3.1-1.fc33.x86_64" + "evra": "11.0.1-0.3.fc34.x86_64" }, "libgpg-error": { - "evra": "1.41-1.fc33.x86_64" + "evra": "1.42-1.fc34.x86_64" }, "libgudev": { - "evra": "234-1.fc33.x86_64" + "evra": "236-1.fc34.x86_64" }, "libgusb": { - "evra": "0.3.6-1.fc33.x86_64" + "evra": "0.3.6-1.fc34.x86_64" }, "libibverbs": { - "evra": "34.0-1.fc33.x86_64" + "evra": "34.0-3.fc34.x86_64" }, "libicu": { - "evra": "67.1-4.fc33.x86_64" + "evra": "67.1-6.fc34.x86_64" }, "libidn2": { - "evra": "2.3.0-4.fc33.x86_64" + "evra": "2.3.0-5.fc34.x86_64" }, "libini_config": { - "evra": "1.3.1-46.fc33.x86_64" + "evra": "1.3.1-47.fc34.x86_64" }, "libipa_hbac": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "libjcat": { - "evra": "0.1.6-1.fc33.x86_64" + "evra": "0.1.6-1.fc34.x86_64" }, "libjose": { - "evra": "10-8.fc33.x86_64" + "evra": "10-9.fc34.x86_64" }, "libkcapi": { - "evra": "1.2.1-1.fc33.x86_64" + "evra": "1.2.1-1.fc34.x86_64" }, "libkcapi-hmaccalc": { - "evra": "1.2.1-1.fc33.x86_64" + "evra": "1.2.1-1.fc34.x86_64" }, "libksba": { - "evra": "1.3.5-13.fc33.x86_64" + "evra": "1.5.0-2.fc34.x86_64" }, "libldb": { - "evra": "2.2.1-1.fc33.x86_64" + "evra": "2.3.0-1.fc34.x86_64" }, "libluksmeta": { - "evra": "9-9.fc33.x86_64" + "evra": "9-10.fc34.x86_64" }, "libmaxminddb": { - "evra": "1.5.2-1.fc33.x86_64" + "evra": "1.5.2-1.fc34.x86_64" }, "libmetalink": { - "evra": "0.1.3-13.fc33.x86_64" + "evra": "0.1.3-14.fc34.x86_64" }, "libmnl": { - "evra": "1.0.4-12.fc33.x86_64" + "evra": "1.0.4-13.fc34.x86_64" }, "libmodulemd": { - "evra": "2.12.0-1.fc33.x86_64" + "evra": "2.12.0-2.fc34.x86_64" }, "libmount": { - "evra": "2.36.1-1.fc33.x86_64" + "evra": "2.36.2-1.fc34.x86_64" }, "libndp": { - "evra": "1.7-6.fc33.x86_64" + "evra": "1.7-7.fc34.x86_64" }, "libnet": { - "evra": "1.2-1.fc33.x86_64" + "evra": "1.2-2.fc34.x86_64" }, "libnetfilter_conntrack": { - "evra": "1.0.7-5.fc33.x86_64" + "evra": "1.0.8-2.fc34.x86_64" }, "libnfnetlink": { - "evra": "1.0.1-18.fc33.x86_64" + "evra": "1.0.1-19.fc34.x86_64" }, "libnfsidmap": { - "evra": "1:2.5.3-1.fc33.x86_64" + "evra": "1:2.5.3-3.rc2.fc34.x86_64" }, "libnftnl": { - "evra": "1.1.7-3.fc33.x86_64" + "evra": "1.1.9-2.fc34.x86_64" }, "libnghttp2": { - "evra": "1.43.0-1.fc33.x86_64" + "evra": "1.43.0-2.fc34.x86_64" }, "libnl3": { - "evra": "3.5.0-5.fc33.x86_64" + "evra": "3.5.0-6.fc34.x86_64" }, "libnl3-cli": { - "evra": "3.5.0-5.fc33.x86_64" + "evra": "3.5.0-6.fc34.x86_64" }, "libnsl2": { - "evra": "1.2.0-8.20180605git4a062cf.fc33.x86_64" + "evra": "1.3.0-2.fc34.x86_64" }, "libpath_utils": { - "evra": "0.2.1-46.fc33.x86_64" + "evra": "0.2.1-47.fc34.x86_64" }, "libpcap": { - "evra": "14:1.10.0-1.fc33.x86_64" + "evra": "14:1.10.0-1.fc34.x86_64" }, "libpkgconf": { - "evra": "1.7.3-5.fc33.x86_64" + "evra": "1.7.3-6.fc34.x86_64" }, "libpsl": { - "evra": "0.21.1-2.fc33.x86_64" + "evra": "0.21.1-3.fc34.x86_64" }, "libpwquality": { - "evra": "1.4.4-2.fc33.x86_64" + "evra": "1.4.4-2.fc34.x86_64" }, "libref_array": { - "evra": "0.1.5-46.fc33.x86_64" + "evra": "0.1.5-47.fc34.x86_64" }, "librepo": { - "evra": "1.13.0-1.fc33.x86_64" + "evra": "1.13.0-1.fc34.x86_64" }, "libreport-filesystem": { - "evra": "2.14.0-15.fc33.noarch" + "evra": "2.14.0-17.fc34.noarch" }, "libseccomp": { - "evra": "2.5.0-3.fc33.x86_64" + "evra": "2.5.0-4.fc34.x86_64" }, "libselinux": { - "evra": "3.1-2.fc33.x86_64" + "evra": "3.2-1.fc34.x86_64" }, "libselinux-utils": { - "evra": "3.1-2.fc33.x86_64" + "evra": "3.2-1.fc34.x86_64" }, "libsemanage": { - "evra": "3.1-2.fc33.x86_64" + "evra": "3.2-1.fc34.x86_64" }, "libsepol": { - "evra": "3.1-3.fc33.x86_64" + "evra": "3.2-1.fc34.x86_64" }, "libsigsegv": { - "evra": "2.11-11.fc33.x86_64" + "evra": "2.13-2.fc34.x86_64" }, "libslirp": { - "evra": "4.3.1-3.fc33.x86_64" + "evra": "4.4.0-2.fc34.x86_64" }, "libsmartcols": { - "evra": "2.36.1-1.fc33.x86_64" + "evra": "2.36.2-1.fc34.x86_64" }, "libsmbclient": { - "evra": "2:4.13.7-1.fc33.x86_64" + "evra": "2:4.14.3-0.fc34.x86_64" }, "libsmbios": { - "evra": "2.4.3-1.fc33.x86_64" + "evra": "2.4.3-2.fc34.x86_64" }, "libsolv": { - "evra": "0.7.17-1.fc33.x86_64" + "evra": "0.7.17-3.fc34.x86_64" }, "libss": { - "evra": "1.45.6-4.fc33.x86_64" + "evra": "1.45.6-5.fc34.x86_64" }, "libssh": { - "evra": "0.9.5-1.fc33.x86_64" + "evra": "0.9.5-2.fc34.x86_64" }, "libssh-config": { - "evra": "0.9.5-1.fc33.noarch" + "evra": "0.9.5-2.fc34.noarch" }, "libsss_certmap": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "libsss_idmap": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "libsss_nss_idmap": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "libsss_sudo": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "libstdc++": { - "evra": "10.3.1-1.fc33.x86_64" + "evra": "11.0.1-0.3.fc34.x86_64" }, "libtalloc": { - "evra": "2.3.1-5.fc33.x86_64" + "evra": "2.3.2-2.fc34.x86_64" }, "libtasn1": { - "evra": "4.16.0-3.fc33.x86_64" + "evra": "4.16.0-4.fc34.x86_64" }, "libtdb": { - "evra": "1.4.3-5.fc33.x86_64" + "evra": "1.4.3-6.fc34.x86_64" }, "libteam": { - "evra": "1.31-2.fc33.x86_64" + "evra": "1.31-3.fc34.x86_64" }, "libtevent": { - "evra": "0.10.2-5.fc33.x86_64" + "evra": "0.10.2-7.fc34.x86_64" }, "libtextstyle": { - "evra": "0.21-3.fc33.x86_64" + "evra": "0.21-4.fc34.x86_64" }, "libtirpc": { - "evra": "1.2.6-3.rc4.fc33.x86_64" + "evra": "1.3.1-1.rc2.fc34.x86_64" }, "libunistring": { - "evra": "0.9.10-9.fc33.x86_64" + "evra": "0.9.10-10.fc34.x86_64" }, "libusbx": { - "evra": "1.0.24-2.fc33.x86_64" + "evra": "1.0.24-2.fc34.x86_64" }, "libuser": { - "evra": "0.62-26.fc33.x86_64" + "evra": "0.63-1.fc34.x86_64" }, "libutempter": { - "evra": "1.2.1-2.fc33.x86_64" + "evra": "1.2.1-4.fc34.x86_64" }, "libuuid": { - "evra": "2.36.1-1.fc33.x86_64" + "evra": "2.36.2-1.fc34.x86_64" + }, + "libuv": { + "evra": "1:1.41.0-1.fc34.x86_64" }, "libvarlink-util": { - "evra": "19-3.fc33.x86_64" + "evra": "21-1.fc34.x86_64" }, "libverto": { - "evra": "0.3.0-10.fc33.x86_64" + "evra": "0.3.2-1.fc34.x86_64" }, "libwbclient": { - "evra": "2:4.13.7-1.fc33.x86_64" + "evra": "2:4.14.3-0.fc34.x86_64" }, "libxcrypt": { - "evra": "4.4.19-1.fc33.x86_64" + "evra": "4.4.19-1.fc34.x86_64" }, "libxml2": { - "evra": "2.9.10-8.fc33.x86_64" + "evra": "2.9.10-10.fc34.x86_64" }, "libxmlb": { - "evra": "0.2.1-1.fc33.x86_64" + "evra": "0.3.0-1.fc34.x86_64" }, "libyaml": { - "evra": "0.2.5-3.fc33.x86_64" + "evra": "0.2.5-5.fc34.x86_64" }, "libzstd": { - "evra": "1.4.9-1.fc33.x86_64" + "evra": "1.4.9-1.fc34.x86_64" }, "linux-atm-libs": { - "evra": "2.5.1-27.fc33.x86_64" + "evra": "2.5.1-28.fc34.x86_64" }, "linux-firmware": { - "evra": "20210315-119.fc33.noarch" + "evra": "20210315-119.fc34.noarch" }, "linux-firmware-whence": { - "evra": "20210315-119.fc33.noarch" + "evra": "20210315-119.fc34.noarch" }, "lmdb-libs": { - "evra": "0.9.28-1.fc33.x86_64" + "evra": "0.9.29-1.fc34.x86_64" }, "logrotate": { - "evra": "3.17.0-3.fc33.x86_64" + "evra": "3.18.0-2.fc34.x86_64" }, "lsof": { - "evra": "4.93.2-4.fc33.x86_64" + "evra": "4.94.0-1.fc34.x86_64" }, "lua-libs": { - "evra": "5.4.2-1.fc33.x86_64" + "evra": "5.4.2-2.fc34.x86_64" }, "luksmeta": { - "evra": "9-9.fc33.x86_64" + "evra": "9-10.fc34.x86_64" }, "lvm2": { - "evra": "2.03.10-1.fc33.x86_64" + "evra": "2.03.11-1.fc34.x86_64" }, "lvm2-libs": { - "evra": "2.03.10-1.fc33.x86_64" + "evra": "2.03.11-1.fc34.x86_64" }, "lz4-libs": { - "evra": "1.9.1-3.fc33.x86_64" + "evra": "1.9.3-2.fc34.x86_64" }, "lzo": { - "evra": "2.10-3.fc33.x86_64" + "evra": "2.10-4.fc34.x86_64" }, "mdadm": { - "evra": "4.1-6.fc33.x86_64" + "evra": "4.1-7.fc34.x86_64" }, "microcode_ctl": { - "evra": "2:2.1-43.1.fc33.x86_64" + "evra": "2:2.1-45.fc34.x86_64" }, "moby-engine": { - "evra": "19.03.13-1.ce.git4484c46.fc33.x86_64" + "evra": "20.10.6-1.fc34.x86_64" }, "mokutil": { - "evra": "2:0.4.0-2.fc33.x86_64" + "evra": "2:0.4.0-4.fc34.x86_64" }, "mozjs78": { - "evra": "78.10.0-1.fc33.x86_64" + "evra": "78.10.0-1.fc34.x86_64" }, "mpfr": { - "evra": "4.1.0-6.fc33.x86_64" + "evra": "4.1.0-6.fc34.x86_64" }, "ncurses": { - "evra": "6.2-3.20200222.fc33.x86_64" + "evra": "6.2-4.20200222.fc34.x86_64" }, "ncurses-base": { - "evra": "6.2-3.20200222.fc33.noarch" + "evra": "6.2-4.20200222.fc34.noarch" }, "ncurses-libs": { - "evra": "6.2-3.20200222.fc33.x86_64" + "evra": "6.2-4.20200222.fc34.x86_64" }, "net-tools": { - "evra": "2.0-0.58.20160912git.fc33.x86_64" + "evra": "2.0-0.59.20160912git.fc34.x86_64" }, "nettle": { - "evra": "3.6-3.fc33.x86_64" + "evra": "3.7.2-1.fc34.x86_64" }, "newt": { - "evra": "0.52.21-8.fc33.x86_64" + "evra": "0.52.21-9.fc34.x86_64" }, "nfs-utils-coreos": { - "evra": "1:2.5.3-1.fc33.x86_64" + "evra": "1:2.5.3-3.rc2.fc34.x86_64" }, "nftables": { - "evra": "1:0.9.3-8.fc33.x86_64" + "evra": "1:0.9.8-2.fc34.x86_64" }, "npth": { - "evra": "1.6-5.fc33.x86_64" + "evra": "1.6-6.fc34.x86_64" }, "nss-altfiles": { - "evra": "2.18.1-17.fc33.x86_64" + "evra": "2.18.1-18.fc34.x86_64" }, "numactl-libs": { - "evra": "2.0.14-1.fc33.x86_64" + "evra": "2.0.14-3.fc34.x86_64" }, "nvme-cli": { - "evra": "1.11.1-2.fc33.x86_64" + "evra": "1.11.1-3.fc34.x86_64" }, "oniguruma": { - "evra": "6.9.6-1.fc33.x86_64" + "evra": "6.9.6-1.fc34.2.x86_64" }, "openldap": { - "evra": "2.4.50-5.fc33.x86_64" + "evra": "2.4.57-3.fc34.x86_64" }, "openssh": { - "evra": "8.4p1-5.fc33.x86_64" + "evra": "8.5p1-2.fc34.x86_64" }, "openssh-clients": { - "evra": "8.4p1-5.fc33.x86_64" + "evra": "8.5p1-2.fc34.x86_64" }, "openssh-server": { - "evra": "8.4p1-5.fc33.x86_64" + "evra": "8.5p1-2.fc34.x86_64" }, "openssl": { - "evra": "1:1.1.1k-1.fc33.x86_64" + "evra": "1:1.1.1k-1.fc34.x86_64" }, "openssl-libs": { - "evra": "1:1.1.1k-1.fc33.x86_64" + "evra": "1:1.1.1k-1.fc34.x86_64" }, "os-prober": { - "evra": "1.77-6.fc33.x86_64" + "evra": "1.77-7.fc34.x86_64" }, "ostree": { - "evra": "2021.2-2.fc33.x86_64" + "evra": "2021.2-2.fc34.x86_64" }, "ostree-libs": { - "evra": "2021.2-2.fc33.x86_64" + "evra": "2021.2-2.fc34.x86_64" }, "p11-kit": { - "evra": "0.23.22-2.fc33.x86_64" + "evra": "0.23.22-3.fc34.x86_64" }, "p11-kit-trust": { - "evra": "0.23.22-2.fc33.x86_64" + "evra": "0.23.22-3.fc34.x86_64" }, "pam": { - "evra": "1.4.0-10.fc33.x86_64" + "evra": "1.5.1-5.fc34.x86_64" }, "passwd": { - "evra": "0.80-9.fc33.x86_64" - }, - "pciutils": { - "evra": "3.7.0-3.fc33.x86_64" - }, - "pciutils-libs": { - "evra": "3.7.0-3.fc33.x86_64" + "evra": "0.80-10.fc34.x86_64" }, "pcre": { - "evra": "8.44-2.fc33.x86_64" + "evra": "8.44-3.fc34.1.x86_64" }, "pcre2": { - "evra": "10.36-4.fc33.x86_64" + "evra": "10.36-4.fc34.x86_64" }, "pcre2-syntax": { - "evra": "10.36-4.fc33.noarch" + "evra": "10.36-4.fc34.noarch" }, "pigz": { - "evra": "2.4-7.fc33.x86_64" + "evra": "2.5-1.fc34.x86_64" }, "pkgconf": { - "evra": "1.7.3-5.fc33.x86_64" + "evra": "1.7.3-6.fc34.x86_64" }, "pkgconf-m4": { - "evra": "1.7.3-5.fc33.noarch" + "evra": "1.7.3-6.fc34.noarch" }, "pkgconf-pkg-config": { - "evra": "1.7.3-5.fc33.x86_64" + "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "2:3.1.2-1.fc33.x86_64" + "evra": "2:3.1.2-1.fc34.x86_64" }, "podman-plugins": { - "evra": "2:3.1.2-1.fc33.x86_64" + "evra": "2:3.1.2-1.fc34.x86_64" }, "policycoreutils": { - "evra": "3.1-4.fc33.x86_64" + "evra": "3.2-1.fc34.x86_64" }, "polkit": { - "evra": "0.117-2.fc33.x86_64" + "evra": "0.117-3.fc34.x86_64" }, "polkit-libs": { - "evra": "0.117-2.fc33.x86_64" + "evra": "0.117-3.fc34.x86_64" }, "polkit-pkla-compat": { - "evra": "0.1-18.fc33.x86_64" + "evra": "0.1-19.fc34.x86_64" }, "popt": { - "evra": "1.18-2.fc33.x86_64" + "evra": "1.18-4.fc34.x86_64" }, "procps-ng": { - "evra": "3.3.16-2.fc33.x86_64" + "evra": "3.3.17-1.fc34.x86_64" }, "protobuf-c": { - "evra": "1.3.3-3.fc33.x86_64" + "evra": "1.3.3-7.fc34.x86_64" }, "psmisc": { - "evra": "23.3-4.fc33.x86_64" + "evra": "23.4-1.fc34.x86_64" }, "publicsuffix-list-dafsa": { - "evra": "20190417-4.fc33.noarch" - }, - "qrencode-libs": { - "evra": "4.0.2-6.fc33.x86_64" - }, - "rdma-core": { - "evra": "34.0-1.fc33.x86_64" + "evra": "20190417-5.fc34.noarch" }, "readline": { - "evra": "8.0-5.fc33.x86_64" + "evra": "8.1-2.fc34.x86_64" }, "rpcbind": { - "evra": "1.2.5-5.rc1.fc33.3.x86_64" + "evra": "1.2.5-5.rc1.fc34.4.x86_64" }, "rpm": { - "evra": "4.16.1.3-1.fc33.x86_64" + "evra": "4.16.1.3-1.fc34.x86_64" }, "rpm-libs": { - "evra": "4.16.1.3-1.fc33.x86_64" + "evra": "4.16.1.3-1.fc34.x86_64" }, "rpm-ostree": { - "evra": "2021.4-1.fc33.x86_64" + "evra": "2021.4-3.fc34.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.4-1.fc33.x86_64" + "evra": "2021.4-3.fc34.x86_64" }, "rpm-plugin-selinux": { - "evra": "4.16.1.3-1.fc33.x86_64" + "evra": "4.16.1.3-1.fc34.x86_64" }, "rsync": { - "evra": "3.2.3-3.fc33.x86_64" + "evra": "3.2.3-5.fc34.x86_64" }, "runc": { - "evra": "2:1.0.0-377.rc93.fc33.x86_64" + "evra": "2:1.0.0-377.rc93.fc34.x86_64" }, "samba-client-libs": { - "evra": "2:4.13.7-1.fc33.x86_64" + "evra": "2:4.14.3-0.fc34.x86_64" }, "samba-common": { - "evra": "2:4.13.7-1.fc33.noarch" + "evra": "2:4.14.3-0.fc34.noarch" }, "samba-common-libs": { - "evra": "2:4.13.7-1.fc33.x86_64" - }, - "samba-libs": { - "evra": "2:4.13.7-1.fc33.x86_64" + "evra": "2:4.14.3-0.fc34.x86_64" }, "sed": { - "evra": "4.8-5.fc33.x86_64" + "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "3.14.6-36.fc33.noarch" + "evra": "34.3-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "3.14.6-36.fc33.noarch" + "evra": "34.3-1.fc34.noarch" }, "setup": { - "evra": "2.13.7-2.fc33.noarch" + "evra": "2.13.7-3.fc34.noarch" }, "sg3_utils": { - "evra": "1.45-3.fc33.x86_64" + "evra": "1.45-4.fc34.x86_64" }, "sg3_utils-libs": { - "evra": "1.45-3.fc33.x86_64" + "evra": "1.45-4.fc34.x86_64" }, "shadow-utils": { - "evra": "2:4.8.1-5.fc33.x86_64" + "evra": "2:4.8.1-8.fc34.x86_64" }, "shared-mime-info": { - "evra": "2.0-3.fc33.x86_64" + "evra": "2.1-2.fc34.x86_64" }, "shim-x64": { - "evra": "15-8.x86_64" + "evra": "15.4-4.x86_64" }, "skopeo": { - "evra": "1:1.2.2-1.fc33.x86_64" + "evra": "1:1.2.2-24.fc34.x86_64" }, "slang": { - "evra": "2.3.2-8.fc33.x86_64" + "evra": "2.3.2-9.fc34.x86_64" }, "slirp4netns": { - "evra": "1.1.9-1.fc33.x86_64" + "evra": "1.1.9-1.fc34.x86_64" }, "snappy": { - "evra": "1.1.8-4.fc33.x86_64" + "evra": "1.1.8-5.fc34.x86_64" }, "socat": { - "evra": "1.7.4.1-1.fc33.x86_64" + "evra": "1.7.4.1-2.fc34.x86_64" }, "sqlite-libs": { - "evra": "3.34.1-1.fc33.x86_64" + "evra": "3.34.1-2.fc34.x86_64" }, "ssh-key-dir": { - "evra": "0.1.2-5.fc33.x86_64" + "evra": "0.1.2-7.fc34.x86_64" }, "sssd-ad": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "sssd-client": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "sssd-common": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "sssd-common-pac": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "sssd-ipa": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "sssd-krb5": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "sssd-krb5-common": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "sssd-ldap": { - "evra": "2.4.2-2.fc33.x86_64" + "evra": "2.4.2-3.fc34.x86_64" }, "stalld": { - "evra": "1.9-1.fc33.x86_64" + "evra": "1.9-1.fc34.x86_64" }, "sudo": { - "evra": "1.9.5p2-1.fc33.x86_64" + "evra": "1.9.5p2-1.fc34.x86_64" }, "systemd": { - "evra": "246.7-1.fc33.x86_64" + "evra": "248-2.fc34.x86_64" }, "systemd-container": { - "evra": "246.7-1.fc33.x86_64" + "evra": "248-2.fc34.x86_64" }, "systemd-libs": { - "evra": "246.7-1.fc33.x86_64" + "evra": "248-2.fc34.x86_64" }, "systemd-pam": { - "evra": "246.7-1.fc33.x86_64" + "evra": "248-2.fc34.x86_64" }, "systemd-rpm-macros": { - "evra": "246.7-1.fc33.noarch" + "evra": "248-2.fc34.noarch" }, "systemd-udev": { - "evra": "246.7-1.fc33.x86_64" + "evra": "248-2.fc34.x86_64" }, "tar": { - "evra": "2:1.32-6.fc33.x86_64" + "evra": "2:1.34-1.fc34.x86_64" }, "teamd": { - "evra": "1.31-2.fc33.x86_64" + "evra": "1.31-3.fc34.x86_64" }, "toolbox": { - "evra": "0.0.99.1-1.fc33.x86_64" + "evra": "0.0.99.1-1.fc34.x86_64" }, "tpm2-tools": { - "evra": "4.3.0-1.fc33.x86_64" + "evra": "5.0-2.fc34.x86_64" }, "tpm2-tss": { - "evra": "3.0.3-1.fc33.x86_64" + "evra": "3.0.3-2.fc34.x86_64" }, "tzdata": { - "evra": "2021a-1.fc33.noarch" + "evra": "2021a-1.fc34.noarch" }, "userspace-rcu": { - "evra": "0.12.1-2.fc33.x86_64" + "evra": "0.12.1-3.fc34.x86_64" }, "util-linux": { - "evra": "2.36.1-1.fc33.x86_64" + "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2811-1.fc33.x86_64" + "evra": "2:8.2.2811-1.fc34.x86_64" }, "which": { - "evra": "2.21-20.fc33.x86_64" + "evra": "2.21-24.fc34.x86_64" }, "wireguard-tools": { - "evra": "1.0.20210315-1.fc33.x86_64" + "evra": "1.0.20210315-1.fc34.x86_64" }, "xfsprogs": { - "evra": "5.7.0-1.fc33.x86_64" + "evra": "5.10.0-2.fc34.x86_64" }, "xz": { - "evra": "5.2.5-4.fc33.x86_64" + "evra": "5.2.5-5.fc34.x86_64" }, "xz-libs": { - "evra": "5.2.5-4.fc33.x86_64" + "evra": "5.2.5-5.fc34.x86_64" }, "yajl": { - "evra": "2.1.0-15.fc33.x86_64" + "evra": "2.1.0-16.fc34.x86_64" }, "zchunk-libs": { - "evra": "1.1.9-1.fc33.x86_64" + "evra": "1.1.9-2.fc34.x86_64" }, "zincati": { - "evra": "0.0.19-1.fc33.x86_64" + "evra": "0.0.19-1.fc34.x86_64" }, "zlib": { - "evra": "1.2.11-23.fc33.x86_64" + "evra": "1.2.11-26.fc34.x86_64" }, "zram-generator": { - "evra": "0.2.0-4.fc33.x86_64" + "evra": "0.3.2-3.fc34.x86_64" } }, "metadata": { - "generated": "2021-04-29T20:55:15Z", + "generated": "2021-04-29T21:13:46Z", "rpmmd_repos": { "fedora": { - "generated": "2020-10-19T23:27:19Z" + "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { "generated": "2021-04-29T04:39:55Z" }, "fedora-updates": { - "generated": "2021-04-29T18:47:17Z" + "generated": "2021-04-29T17:54:41Z" } } } diff --git a/manifest.yaml b/manifest.yaml index aaf361dd5b..f2141b1297 100644 --- a/manifest.yaml +++ b/manifest.yaml @@ -1,7 +1,7 @@ ref: fedora/${basearch}/coreos/testing-devel include: manifests/fedora-coreos.yaml -releasever: "33" +releasever: "34" rojig: license: MIT From 87dde4953c52195f23de1642af7d4c677d93f1b5 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 30 Apr 2021 14:56:07 -0400 Subject: [PATCH 207/489] buildroot: Fedora 34 is out! --- ci/buildroot/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/buildroot/Dockerfile b/ci/buildroot/Dockerfile index cbbb314c6a..154a16efe5 100644 --- a/ci/buildroot/Dockerfile +++ b/ci/buildroot/Dockerfile @@ -5,6 +5,6 @@ # # This image is used by CoreOS CI to build software like # Ignition, rpm-ostree, ostree, coreos-installer, etc... -FROM registry.fedoraproject.org/fedora:33 +FROM registry.fedoraproject.org/fedora:34 COPY . /src RUN ./src/install-buildroot.sh && yum clean all && rm /src -rf # nocache 20210426 From 8d422eeb39c83393446d0e061bef79d6c90080c9 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 30 Apr 2021 14:59:00 -0400 Subject: [PATCH 208/489] manifests: drop login.defs configuration This was needed for f33-. No longer needed for f34+. Originally added in https://github.com/coreos/fedora-coreos-config/pull/765 --- manifests/fedora-coreos-base.yaml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 2dc6e9a45a..478792822f 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -123,20 +123,6 @@ postprocess: echo 'DEFAULT_HOSTNAME=localhost' >> /usr/lib/os-release fi - # Edit `login.defs` to configure `login(1)` to read from `/run/motd.d` for - # displaying the MOTD. This is required for newer versions of - # `console-login-helper-messages` to function properly. - # This will be dropped once Fedora util-linux adds `/run/motd.d` as a default - # in Fedora 34. - # https://src.fedoraproject.org/rpms/util-linux/pull-request/8 - # https://github.com/coreos/fedora-coreos-tracker/issues/704#issuecomment-772862174 - - | - #!/usr/bin/env bash - source /etc/os-release - if [ ${VERSION_ID} -lt 34 ]; then - echo 'MOTD_FILE=/usr/share/misc/motd:/run/motd:/run/motd.d:/etc/motd:/etc/motd.d' >> /etc/login.defs - fi - # Packages listed here should be specific to Fedore CoreOS (as in not yet # available in RHCOS or not desired in RHCOS). All other packages should go # into one of the sub-manifests listed at the top. From 2d9c8164df7b10154867b46c2fdd64b7e32b41c1 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 30 Apr 2021 15:01:48 -0400 Subject: [PATCH 209/489] tests/kola: update systemd-resolved test No longer need to consider F32. --- tests/kola/misc-ro | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index c79c88c2fb..4e132e21db 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -31,17 +31,10 @@ done if ! systemctl show -p ActiveState kdump.service | grep -q ActiveState=inactive; then fatal "Unit kdump.service shouldn't be active" fi -# systemd-resolved should be disabled on f32 but -# enabled on f33+. +# systemd-resolved should be enabled source /etc/os-release -if systemctl is-enabled systemd-resolved 1>/dev/null; then - if [ "$VERSION_ID" == "32" ]; then - fatal "Unit systemd-resolved should not be enabled" - fi -else - if [ "$VERSION_ID" != "32" ]; then - fatal "Unit systemd-resolved should be enabled" - fi +if ! systemctl is-enabled systemd-resolved 1>/dev/null; then + fatal "Unit systemd-resolved should be enabled" fi ok services From 474c87bddd776d01686af2b2ee7bea398e1225a0 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 30 Apr 2021 15:06:01 -0400 Subject: [PATCH 210/489] overlay: remove coreos-reset-stub-resolv-selinux-context units This was added in 4356928. It's no longer needed because the contexts are correct in F34+ and don't need to be "fixed". --- manifests/fedora-coreos-base.yaml | 12 ------------ .../lib/systemd/system-preset/45-fcos.preset | 5 ----- ...reos-reset-stub-resolv-selinux-context.path | 11 ----------- ...s-reset-stub-resolv-selinux-context.service | 18 ------------------ 4 files changed, 46 deletions(-) delete mode 100644 overlay.d/15fcos/usr/lib/systemd/system/coreos-reset-stub-resolv-selinux-context.path delete mode 100644 overlay.d/15fcos/usr/lib/systemd/system/coreos-reset-stub-resolv-selinux-context.service diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 478792822f..fa66933fdc 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -99,18 +99,6 @@ postprocess: DNSStubListener=no EOF - # Disable and delete the coreos-reset-stub-resolv-selinux-context.{path,service}. - # Not needed in Fedora 34 since https://github.com/systemd/systemd/pull/17976 has landed. - # Can remove this and the files in the overlay once we've migrated everything to F34. - - | - #!/usr/bin/env bash - set -xeuo pipefail - source /etc/os-release - if [ ${VERSION_ID} -ge 34 ]; then - rm -fv /etc/systemd/system/multi-user.target.wants/coreos-reset-stub-resolv-selinux-context.{path,service} \ - /usr/lib/systemd/system/coreos-reset-stub-resolv-selinux-context.{path,service} - fi - # Set the fallback hostname to `localhost`. This piggybacks on the # postprocess script above which neuters systemd-resolved, because # currently, a fallback hostname of `localhost` + systemd-resolved breaks diff --git a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset index f54a5805a3..54c813d3fa 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset +++ b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset @@ -3,8 +3,3 @@ enable fedora-coreos-pinger.service # Provide information if no ignition is provided enable coreos-check-ignition-config.service enable coreos-check-ssh-keys.service -# Monitor the stub-resolv.conf SELinux context -enable coreos-reset-stub-resolv-selinux-context.path -# Run once on startup to prevent some race conditions with -# NetworkManager and systemd-resolved starting up. -enable coreos-reset-stub-resolv-selinux-context.service diff --git a/overlay.d/15fcos/usr/lib/systemd/system/coreos-reset-stub-resolv-selinux-context.path b/overlay.d/15fcos/usr/lib/systemd/system/coreos-reset-stub-resolv-selinux-context.path deleted file mode 100644 index 05bd20fd3f..0000000000 --- a/overlay.d/15fcos/usr/lib/systemd/system/coreos-reset-stub-resolv-selinux-context.path +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Monitor /run/systemd/resolve/stub-resolv.conf to fixup SELinux context. -Documentation=https://github.com/systemd/systemd/pull/17976 -Before=systemd-resolved.service - -[Path] -PathModified=/run/systemd/resolve/stub-resolv.conf -Unit=coreos-reset-stub-resolv-selinux-context.service - -[Install] -WantedBy=multi-user.target diff --git a/overlay.d/15fcos/usr/lib/systemd/system/coreos-reset-stub-resolv-selinux-context.service b/overlay.d/15fcos/usr/lib/systemd/system/coreos-reset-stub-resolv-selinux-context.service deleted file mode 100644 index dab08f9853..0000000000 --- a/overlay.d/15fcos/usr/lib/systemd/system/coreos-reset-stub-resolv-selinux-context.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=Fixup SELinux context on /run/systemd/resolve/stub-resolv.conf -Documentation=https://github.com/systemd/systemd/pull/17976 -ConditionPathExists=/run/systemd/resolve/stub-resolv.conf -# Run once on startup in addition to the path unit invocations -# so that we can order ourselves before NetworkManager to prevent -# at least a few race condition denials. -After=systemd-resolved.service -Before=NetworkManager.service - -[Service] -Type=oneshot -# This service can be started more than once. If the file changes. -RemainAfterExit=no -ExecStart=restorecon -v /run/systemd/resolve/stub-resolv.conf - -[Install] -WantedBy=multi-user.target From 1054c6b6ee8c19e577abc8896df2d8d8f32d6879 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 30 Apr 2021 15:13:35 -0400 Subject: [PATCH 211/489] overlay: don't ship seq in initrd This was added in ad5eb32 for clevis, but clevis has been changed to no longer need `seq` [1] so we can drop it. [1] https://github.com/latchset/clevis/pull/295 --- .../usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh index 57239dc966..99796ebf4b 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh @@ -60,9 +60,6 @@ install() { sgdisk \ find - # TODO f34: check if we can drop this temporary workaround for https://github.com/latchset/clevis/pull/295 - inst_multiple seq - for x in mount populate; do install_ignition_unit ignition-ostree-${x}-var.service inst_script "$moddir/ignition-ostree-${x}-var.sh" "/usr/sbin/ignition-ostree-${x}-var" From 9dada2ff05d4346b5a3c4a32279ca60f2b8a7352 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 30 Apr 2021 15:19:08 -0400 Subject: [PATCH 212/489] overlay: update reminder for f35 cycle Since I'm going through all of the TODO f34 items now let's update this one to remind us in the f35 cycle if we haven't already removed it before then. --- .../dracut/modules.d/60coreos-agetty-workaround/module-setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh index a796f5b593..1423fd5a42 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh @@ -16,6 +16,6 @@ install() { inst_multiple \ touch - # TODO f34: check if we can drop this whole module + # TODO f35: check if we can drop this whole module install_unit coreos-touch-run-agetty.service } From 74dd84c2b2b4484d33308851a211e667e8a6a767 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 30 Apr 2021 15:23:04 -0400 Subject: [PATCH 213/489] manifests: remove Fedora version constraint Fedora 34 is now the default and there is nothing less than that so we can remove the version check. --- manifests/fedora-coreos-base.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index fa66933fdc..5b80174c53 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -107,7 +107,7 @@ postprocess: - | #!/usr/bin/env bash source /etc/os-release - if [ ${VERSION_ID} -ge 34 ] && [ -z "${DEFAULT_HOSTNAME:-}" ]; then + if [ -z "${DEFAULT_HOSTNAME:-}" ]; then echo 'DEFAULT_HOSTNAME=localhost' >> /usr/lib/os-release fi From 7f420f72d27e1e152eb14b5a7f48b4a5974fd782 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 30 Apr 2021 21:40:12 +0000 Subject: [PATCH 214/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/242/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index eae162edc4..7d3adb29b5 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -724,7 +724,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "libsmbclient": { - "evra": "2:4.14.3-0.fc34.x86_64" + "evra": "2:4.14.4-0.fc34.x86_64" }, "libsmbios": { "evra": "2.4.3-2.fc34.x86_64" @@ -802,7 +802,7 @@ "evra": "0.3.2-1.fc34.x86_64" }, "libwbclient": { - "evra": "2:4.14.3-0.fc34.x86_64" + "evra": "2:4.14.4-0.fc34.x86_64" }, "libxcrypt": { "evra": "4.4.19-1.fc34.x86_64" @@ -1033,13 +1033,13 @@ "evra": "2:1.0.0-377.rc93.fc34.x86_64" }, "samba-client-libs": { - "evra": "2:4.14.3-0.fc34.x86_64" + "evra": "2:4.14.4-0.fc34.x86_64" }, "samba-common": { - "evra": "2:4.14.3-0.fc34.noarch" + "evra": "2:4.14.4-0.fc34.noarch" }, "samba-common-libs": { - "evra": "2:4.14.3-0.fc34.x86_64" + "evra": "2:4.14.4-0.fc34.x86_64" }, "sed": { "evra": "4.8-7.fc34.x86_64" @@ -1196,16 +1196,16 @@ } }, "metadata": { - "generated": "2021-04-29T21:13:46Z", + "generated": "2021-04-30T21:02:49Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-04-29T04:39:55Z" + "generated": "2021-04-30T20:41:16Z" }, "fedora-updates": { - "generated": "2021-04-29T17:54:41Z" + "generated": "2021-04-30T00:50:52Z" } } } From 9ddb3b1a503fc19ef40b462541c58e29597bf215 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 30 Apr 2021 09:51:33 -0400 Subject: [PATCH 215/489] tests/countme: adapt for rawhide Rawhide only has a single repo enabled with the countme flag. --- tests/kola/rpm-ostree-countme/test.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/kola/rpm-ostree-countme/test.sh b/tests/kola/rpm-ostree-countme/test.sh index c4dd7ebda2..a8a83aeded 100755 --- a/tests/kola/rpm-ostree-countme/test.sh +++ b/tests/kola/rpm-ostree-countme/test.sh @@ -30,7 +30,10 @@ fi # Check rpm-ostree count me output output="$(journalctl --output=json --boot --unit=rpm-ostree-countme.service --grep "Successful requests:" | jq --raw-output '.MESSAGE')" -if [[ "${output}" != "Successful requests: 2/2" ]] && [[ "${output}" != "Successful requests: 3/3" ]]; then +# depending on the stream, we expect different numbers of countme-enabled repos +if [[ "${output}" != "Successful requests: 1/1" ]] && \ + [[ "${output}" != "Successful requests: 2/2" ]] && \ + [[ "${output}" != "Successful requests: 3/3" ]]; then fatal "rpm-ostree-countme service ouput does not match expected sucess output" fi From daea13342cbe0e52d8c480ad062dcf3735d89b32 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 3 May 2021 21:10:27 +0000 Subject: [PATCH 216/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/250/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 7d3adb29b5..be03a26259 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -271,7 +271,7 @@ "evra": "0.0.4-9.fc34.x86_64" }, "fedora-gpg-keys": { - "evra": "34-1.noarch" + "evra": "34-2.noarch" }, "fedora-release-common": { "evra": "34-1.noarch" @@ -283,16 +283,16 @@ "evra": "34-1.noarch" }, "fedora-repos": { - "evra": "34-1.noarch" + "evra": "34-2.noarch" }, "fedora-repos-archive": { - "evra": "34-1.noarch" + "evra": "34-2.noarch" }, "fedora-repos-modular": { - "evra": "34-1.noarch" + "evra": "34-2.noarch" }, "fedora-repos-ostree": { - "evra": "34-1.noarch" + "evra": "34-2.noarch" }, "file": { "evra": "5.39-5.fc34.x86_64" @@ -466,13 +466,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.11.16-300.fc34.x86_64" + "evra": "5.11.17-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.11.16-300.fc34.x86_64" + "evra": "5.11.17-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.11.16-300.fc34.x86_64" + "evra": "5.11.17-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -577,13 +577,13 @@ "evra": "1.4-4.fc34.x86_64" }, "libgcc": { - "evra": "11.0.1-0.3.fc34.x86_64" + "evra": "11.1.1-1.fc34.x86_64" }, "libgcrypt": { - "evra": "1.9.3-1.fc34.x86_64" + "evra": "1.9.3-2.fc34.x86_64" }, "libgomp": { - "evra": "11.0.1-0.3.fc34.x86_64" + "evra": "11.1.1-1.fc34.x86_64" }, "libgpg-error": { "evra": "1.42-1.fc34.x86_64" @@ -754,7 +754,7 @@ "evra": "2.4.2-3.fc34.x86_64" }, "libstdc++": { - "evra": "11.0.1-0.3.fc34.x86_64" + "evra": "11.1.1-1.fc34.x86_64" }, "libtalloc": { "evra": "2.3.2-2.fc34.x86_64" @@ -1196,16 +1196,16 @@ } }, "metadata": { - "generated": "2021-04-30T21:02:49Z", + "generated": "2021-05-03T20:37:21Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-04-30T20:41:16Z" + "generated": "2021-04-30T21:46:50Z" }, "fedora-updates": { - "generated": "2021-04-30T00:50:52Z" + "generated": "2021-05-03T01:54:02Z" } } } From 113682404839f7fa727f79c27d43fe412f03f2fa Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 4 May 2021 21:28:08 +0000 Subject: [PATCH 217/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/254/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index be03a26259..3685bec8ac 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1045,10 +1045,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.3-1.fc34.noarch" + "evra": "34.4-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.3-1.fc34.noarch" + "evra": "34.4-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1069,7 +1069,7 @@ "evra": "15.4-4.x86_64" }, "skopeo": { - "evra": "1:1.2.2-24.fc34.x86_64" + "evra": "1:1.2.3-1.fc34.x86_64" }, "slang": { "evra": "2.3.2-9.fc34.x86_64" @@ -1196,16 +1196,16 @@ } }, "metadata": { - "generated": "2021-05-03T20:37:21Z", + "generated": "2021-05-04T20:53:58Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-04-30T21:46:50Z" + "generated": "2021-05-03T22:50:56Z" }, "fedora-updates": { - "generated": "2021-05-03T01:54:02Z" + "generated": "2021-05-04T00:50:10Z" } } } From 72ea97ac43f279f778410b02c4840f6e6c06a9e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Thu, 6 May 2021 12:43:20 +0200 Subject: [PATCH 218/489] overrides: drop graduated overrides --- manifest-lock.overrides.yaml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index b60cbc3ecc..c33c0b6dff 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -1,7 +1 @@ -packages: - ############################################# - # updates to prevent downgrades from f33->f34 - ############################################# - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-39df52b880 - fstrm: - evr: 0.6.1-2.fc34 +packages: {} From fee37377fdb91030b64902242cdb1c9f2668793d Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 6 May 2021 21:27:02 +0000 Subject: [PATCH 219/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/258/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 37 +++++++++++++++++-------------------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 3685bec8ac..d40db0da9d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -52,16 +52,13 @@ "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.16.11-5.fc34.x86_64" - }, - "bind-libs-lite": { - "evra": "32:9.16.11-5.fc34.x86_64" + "evra": "32:9.16.15-1.fc34.x86_64" }, "bind-license": { - "evra": "32:9.16.11-5.fc34.noarch" + "evra": "32:9.16.15-1.fc34.noarch" }, "bind-utils": { - "evra": "32:9.16.11-5.fc34.x86_64" + "evra": "32:9.16.15-1.fc34.x86_64" }, "bootupd": { "evra": "0.2.5-3.fc34.x86_64" @@ -148,10 +145,10 @@ "evra": "0.9.0-2.fc34.x86_64" }, "coreutils": { - "evra": "8.32-23.fc34.x86_64" + "evra": "8.32-24.fc34.x86_64" }, "coreutils-common": { - "evra": "8.32-23.fc34.x86_64" + "evra": "8.32-24.fc34.x86_64" }, "cpio": { "evra": "2.13-10.fc34.x86_64" @@ -178,10 +175,10 @@ "evra": "2.3.5-2.fc34.x86_64" }, "cups-libs": { - "evra": "1:2.3.3op2-4.fc34.x86_64" + "evra": "1:2.3.3op2-5.fc34.x86_64" }, "curl": { - "evra": "7.76.1-1.fc34.x86_64" + "evra": "7.76.1-2.fc34.x86_64" }, "cyrus-sasl-gssapi": { "evra": "2.1.27-8.fc34.x86_64" @@ -262,7 +259,7 @@ "evra": "0.183-1.fc34.x86_64" }, "ethtool": { - "evra": "2:5.10-2.fc34.x86_64" + "evra": "2:5.12-1.fc34.x86_64" }, "expat": { "evra": "2.2.10-2.fc34.x86_64" @@ -352,7 +349,7 @@ "evra": "0.21-4.fc34.x86_64" }, "git-core": { - "evra": "2.31.1-1.fc34.x86_64" + "evra": "2.31.1-3.fc34.x86_64" }, "glib2": { "evra": "2.68.1-1.fc34.x86_64" @@ -427,7 +424,7 @@ "evra": "1.8.7-3.fc34.x86_64" }, "iptables-services": { - "evra": "1.8.7-6.fc34.x86_64" + "evra": "1.8.7-7.fc34.x86_64" }, "iputils": { "evra": "20210202-2.fc34.x86_64" @@ -544,7 +541,7 @@ "evra": "1.45.6-5.fc34.x86_64" }, "libcurl": { - "evra": "7.76.1-1.fc34.x86_64" + "evra": "7.76.1-2.fc34.x86_64" }, "libdaemon": { "evra": "0.14-21.fc34.x86_64" @@ -838,7 +835,7 @@ "evra": "4.94.0-1.fc34.x86_64" }, "lua-libs": { - "evra": "5.4.2-2.fc34.x86_64" + "evra": "5.4.3-1.fc34.x86_64" }, "luksmeta": { "evra": "9-10.fc34.x86_64" @@ -1162,10 +1159,10 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2811-1.fc34.x86_64" + "evra": "2:8.2.2825-1.fc34.x86_64" }, "which": { - "evra": "2.21-24.fc34.x86_64" + "evra": "2.21-26.fc34.x86_64" }, "wireguard-tools": { "evra": "1.0.20210315-1.fc34.x86_64" @@ -1196,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-04T20:53:58Z", + "generated": "2021-05-06T20:54:39Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-03T22:50:56Z" + "generated": "2021-05-06T13:30:23Z" }, "fedora-updates": { - "generated": "2021-05-04T00:50:10Z" + "generated": "2021-05-06T00:49:52Z" } } } From 7b1dbc3fcad534b25313f455149e99dcd21ba22c Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 8 May 2021 21:24:31 +0000 Subject: [PATCH 220/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/262/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 40 +++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index d40db0da9d..71a09245ab 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -355,13 +355,13 @@ "evra": "2.68.1-1.fc34.x86_64" }, "glibc": { - "evra": "2.33-5.fc34.x86_64" + "evra": "2.33-8.fc34.x86_64" }, "glibc-common": { - "evra": "2.33-5.fc34.x86_64" + "evra": "2.33-8.fc34.x86_64" }, "glibc-minimal-langpack": { - "evra": "2.33-5.fc34.x86_64" + "evra": "2.33-8.fc34.x86_64" }, "gmp": { "evra": "1:6.2.0-6.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.11.17-300.fc34.x86_64" + "evra": "5.11.18-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.11.17-300.fc34.x86_64" + "evra": "5.11.18-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.11.17-300.fc34.x86_64" + "evra": "5.11.18-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -493,7 +493,7 @@ "evra": "1.19.1-3.fc34.x86_64" }, "less": { - "evra": "575-2.fc34.x86_64" + "evra": "581.2-1.fc34.x86_64" }, "libacl": { "evra": "2.3.1-1.fc34.x86_64" @@ -637,7 +637,7 @@ "evra": "1.0.4-13.fc34.x86_64" }, "libmodulemd": { - "evra": "2.12.0-2.fc34.x86_64" + "evra": "2.12.1-1.fc34.x86_64" }, "libmount": { "evra": "2.36.2-1.fc34.x86_64" @@ -802,7 +802,7 @@ "evra": "2:4.14.4-0.fc34.x86_64" }, "libxcrypt": { - "evra": "4.4.19-1.fc34.x86_64" + "evra": "4.4.20-2.fc34.x86_64" }, "libxml2": { "evra": "2.9.10-10.fc34.x86_64" @@ -829,7 +829,7 @@ "evra": "0.9.29-1.fc34.x86_64" }, "logrotate": { - "evra": "3.18.0-2.fc34.x86_64" + "evra": "3.18.0-3.fc34.x86_64" }, "lsof": { "evra": "4.94.0-1.fc34.x86_64" @@ -907,7 +907,7 @@ "evra": "1.11.1-3.fc34.x86_64" }, "oniguruma": { - "evra": "6.9.6-1.fc34.2.x86_64" + "evra": "6.9.7.1-1.fc34.x86_64" }, "openldap": { "evra": "2.4.57-3.fc34.x86_64" @@ -970,10 +970,10 @@ "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "2:3.1.2-1.fc34.x86_64" + "evra": "2:3.2.0-0.1.rc1.fc34.x86_64" }, "podman-plugins": { - "evra": "2:3.1.2-1.fc34.x86_64" + "evra": "2:3.2.0-0.1.rc1.fc34.x86_64" }, "policycoreutils": { "evra": "3.2-1.fc34.x86_64" @@ -1042,10 +1042,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.4-1.fc34.noarch" + "evra": "34.5-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.4-1.fc34.noarch" + "evra": "34.5-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1111,7 +1111,7 @@ "evra": "2.4.2-3.fc34.x86_64" }, "stalld": { - "evra": "1.9-1.fc34.x86_64" + "evra": "1.10-1.fc34.x86_64" }, "sudo": { "evra": "1.9.5p2-1.fc34.x86_64" @@ -1180,7 +1180,7 @@ "evra": "2.1.0-16.fc34.x86_64" }, "zchunk-libs": { - "evra": "1.1.9-2.fc34.x86_64" + "evra": "1.1.11-1.fc34.x86_64" }, "zincati": { "evra": "0.0.19-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-06T20:54:39Z", + "generated": "2021-05-08T20:54:20Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-06T13:30:23Z" + "generated": "2021-05-07T21:45:14Z" }, "fedora-updates": { - "generated": "2021-05-06T00:49:52Z" + "generated": "2021-05-08T01:12:59Z" } } } From 6d7d07f11d9403378bbf5dee4307f2cd8c12645b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 9 May 2021 21:24:59 +0000 Subject: [PATCH 221/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/264/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 71a09245ab..2bc49b0ae6 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -136,7 +136,7 @@ "evra": "0.9.1-4.fc34.x86_64" }, "containers-common": { - "evra": "4:1-15.fc34.noarch" + "evra": "4:1-16.fc34.noarch" }, "coreos-installer": { "evra": "0.9.0-2.fc34.x86_64" @@ -403,7 +403,7 @@ "evra": "3.23-4.fc34.x86_64" }, "ignition": { - "evra": "2.9.0-4.fc34.x86_64" + "evra": "2.10.1-1.fc34.x86_64" }, "inih": { "evra": "49-3.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-08T20:54:20Z", + "generated": "2021-05-09T20:53:57Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-07T21:45:14Z" + "generated": "2021-05-08T21:32:57Z" }, "fedora-updates": { - "generated": "2021-05-08T01:12:59Z" + "generated": "2021-05-09T00:53:31Z" } } } From f946fc83af5eaadad27144e5f4ab8375c8302b33 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 10 May 2021 21:28:23 +0000 Subject: [PATCH 222/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/266/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2bc49b0ae6..a9991261ae 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -805,7 +805,7 @@ "evra": "4.4.20-2.fc34.x86_64" }, "libxml2": { - "evra": "2.9.10-10.fc34.x86_64" + "evra": "2.9.10-12.fc34.x86_64" }, "libxmlb": { "evra": "0.3.0-1.fc34.x86_64" @@ -1042,10 +1042,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.5-1.fc34.noarch" + "evra": "34.6-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.5-1.fc34.noarch" + "evra": "34.6-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1165,7 +1165,7 @@ "evra": "2.21-26.fc34.x86_64" }, "wireguard-tools": { - "evra": "1.0.20210315-1.fc34.x86_64" + "evra": "1.0.20210424-1.fc34.x86_64" }, "xfsprogs": { "evra": "5.10.0-2.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-09T20:53:57Z", + "generated": "2021-05-10T20:54:44Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-08T21:32:57Z" + "generated": "2021-05-09T21:31:54Z" }, "fedora-updates": { - "generated": "2021-05-09T00:53:31Z" + "generated": "2021-05-10T00:53:55Z" } } } From b72844c5c801e7bf899ac65b4040aaecb743a7ec Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 10 May 2021 12:20:30 -0400 Subject: [PATCH 223/489] overrides: freeze podman to 3.1.2-1 There is a regression in the latest 3.2.0 RC in stable: - https://github.com/containers/podman/issues/10274 - https://github.com/containers/podman/pull/10288 No Bodhi updates yet with the fix. Also hit that bug myself locally on FSB. --- manifest-lock.overrides.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index c33c0b6dff..1e5d9ad1da 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -1 +1,8 @@ -packages: {} +packages: + # Freeze due to regression in 3.2.0 rc + # https://github.com/containers/podman/issues/10274 + # https://github.com/containers/podman/pull/10288 + podman: + evr: 2:3.1.2-1.fc34 + podman-plugins: + evr: 2:3.1.2-1.fc34 From 26a33f685ba5b63e2063c8b7f5c54240055d6c08 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 11 May 2021 14:13:57 +0000 Subject: [PATCH 224/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/268/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/master/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index a9991261ae..717956bc0d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -970,10 +970,10 @@ "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "2:3.2.0-0.1.rc1.fc34.x86_64" + "evra": "2:3.1.2-1.fc34.x86_64" }, "podman-plugins": { - "evra": "2:3.2.0-0.1.rc1.fc34.x86_64" + "evra": "2:3.1.2-1.fc34.x86_64" }, "policycoreutils": { "evra": "3.2-1.fc34.x86_64" @@ -1117,22 +1117,22 @@ "evra": "1.9.5p2-1.fc34.x86_64" }, "systemd": { - "evra": "248-2.fc34.x86_64" + "evra": "248.2-1.fc34.x86_64" }, "systemd-container": { - "evra": "248-2.fc34.x86_64" + "evra": "248.2-1.fc34.x86_64" }, "systemd-libs": { - "evra": "248-2.fc34.x86_64" + "evra": "248.2-1.fc34.x86_64" }, "systemd-pam": { - "evra": "248-2.fc34.x86_64" + "evra": "248.2-1.fc34.x86_64" }, "systemd-rpm-macros": { - "evra": "248-2.fc34.noarch" + "evra": "248.2-1.fc34.noarch" }, "systemd-udev": { - "evra": "248-2.fc34.x86_64" + "evra": "248.2-1.fc34.x86_64" }, "tar": { "evra": "2:1.34-1.fc34.x86_64" @@ -1193,7 +1193,7 @@ } }, "metadata": { - "generated": "2021-05-10T20:54:44Z", + "generated": "2021-05-11T13:44:08Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1202,7 +1202,7 @@ "generated": "2021-05-09T21:31:54Z" }, "fedora-updates": { - "generated": "2021-05-10T00:53:55Z" + "generated": "2021-05-11T01:50:18Z" } } } From de05fc7426d4daff5fe7b32de987662d7514aaea Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 5 May 2021 16:30:07 -0400 Subject: [PATCH 225/489] Updates for master -> main branch renamings --- .cci.jenkinsfile | 4 ++-- README.md | 10 +++++----- ci/buildroot/buildroot-specs.txt | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index 07553f4633..5e7f1a6c29 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -1,4 +1,4 @@ -// Documentation: https://github.com/coreos/coreos-ci/blob/master/README-upstream-ci.md +// Documentation: https://github.com/coreos/coreos-ci/blob/main/README-upstream-ci.md cosaPod { checkoutToDir(scm, 'config') @@ -10,7 +10,7 @@ cosaPod { shwrap(""" mkdir -p /srv/fcos && cd /srv/fcos cosa init ${env.WORKSPACE}/config - curl -LO https://raw.githubusercontent.com/coreos/fedora-coreos-releng-automation/master/scripts/download-overrides.py + curl -LO https://raw.githubusercontent.com/coreos/fedora-coreos-releng-automation/main/scripts/download-overrides.py python3 download-overrides.py # prep from the latest builds so that we generate a diff on PRs that add packages cosa buildprep https://builds.coreos.fedoraproject.org/prod/streams/${env.CHANGE_TARGET}/builds diff --git a/README.md b/README.md index 8b98fcaadf..19e81652d0 100644 --- a/README.md +++ b/README.md @@ -14,13 +14,13 @@ https://github.com/coreos/fedora-coreos-tracker. There is one branch for each stream. The default branch is [`testing-devel`](https://github.com/coreos/fedora-coreos-config/commits/testing-devel), on which all development happens. See -[the design](https://github.com/coreos/fedora-coreos-tracker/blob/master/Design.md#release-streams) -and [tooling](https://github.com/coreos/fedora-coreos-tracker/blob/master/stream-tooling.md) +[the design](https://github.com/coreos/fedora-coreos-tracker/blob/main//Design.md#release-streams) +and [tooling](https://github.com/coreos/fedora-coreos-tracker/blob/main//stream-tooling.md) docs for more information about streams. All file changes in `testing-devel` are propagated to other branches (to `bodhi-updates` through -[config-bot](https://github.com/coreos/fedora-coreos-releng-automation/tree/master/config-bot), +[config-bot](https://github.com/coreos/fedora-coreos-releng-automation/tree/main/config-bot), and to `testing` through usual promotion), with the following exceptions: - `manifest.yaml`: contains the stream "identity", such as @@ -65,7 +65,7 @@ update to Bodhi so that we don't have to carry the override forever. Once an override PR is merged, -[`coreos-koji-tagger`](https://github.com/coreos/fedora-coreos-releng-automation/tree/master/coreos-koji-tagger) +[`coreos-koji-tagger`](https://github.com/coreos/fedora-coreos-releng-automation/tree/main/coreos-koji-tagger) will automatically tag overridden packages into the pool. ## Adding packages to the OS @@ -97,4 +97,4 @@ one easy way to do this is for now: Pull requests submitted to this repo are tested by [CoreOS CI](https://github.com/coreos/coreos-ci). You can see the pipeline executed in `.cci.jenkinsfile`. For more information, including interacting with -CI, see the [CoreOS CI documentation](https://github.com/coreos/coreos-ci/blob/master/README-upstream-ci.md). +CI, see the [CoreOS CI documentation](https://github.com/coreos/coreos-ci/blob/main/README-upstream-ci.md). diff --git a/ci/buildroot/buildroot-specs.txt b/ci/buildroot/buildroot-specs.txt index f164c9d9b4..24715e5be5 100644 --- a/ci/buildroot/buildroot-specs.txt +++ b/ci/buildroot/buildroot-specs.txt @@ -1,3 +1,3 @@ # for projects which have their canonical spec files upstream, use those instead # since they're more up to date -https://raw.githubusercontent.com/coreos/rpm-ostree/master/packaging/rpm-ostree.spec.in +https://raw.githubusercontent.com/coreos/rpm-ostree/main/packaging/rpm-ostree.spec.in From d87b52bc6a90b53e1afeab2731b52612d5e3bbc0 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 12 May 2021 17:20:06 +0000 Subject: [PATCH 226/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/272/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 717956bc0d..2551b185f2 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -793,7 +793,7 @@ "evra": "1:1.41.0-1.fc34.x86_64" }, "libvarlink-util": { - "evra": "21-1.fc34.x86_64" + "evra": "22-2.fc34.x86_64" }, "libverto": { "evra": "0.3.2-1.fc34.x86_64" @@ -1193,7 +1193,7 @@ } }, "metadata": { - "generated": "2021-05-11T13:44:08Z", + "generated": "2021-05-12T16:50:58Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1202,7 +1202,7 @@ "generated": "2021-05-09T21:31:54Z" }, "fedora-updates": { - "generated": "2021-05-11T01:50:18Z" + "generated": "2021-05-12T05:27:39Z" } } } From 8922690823b7dbc1202f6d494d104bf4f2747f8d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 12 May 2021 15:38:28 -0400 Subject: [PATCH 227/489] overrides: Fast-track podman-3.1.2-3 Fixes podman selinux labelling regression. https://github.com/coreos/fedora-coreos-tracker/issues/818 --- manifest-lock.overrides.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 1e5d9ad1da..9416e829f6 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -1,8 +1,8 @@ packages: - # Freeze due to regression in 3.2.0 rc - # https://github.com/containers/podman/issues/10274 - # https://github.com/containers/podman/pull/10288 + # Fast-track 3.1.2-3. Fixes podman selinux labelling regression. + # https://github.com/coreos/fedora-coreos-tracker/issues/818 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-aab271bbc8 podman: - evr: 2:3.1.2-1.fc34 + evr: 3:3.1.2-3.fc34 podman-plugins: - evr: 2:3.1.2-1.fc34 + evr: 3:3.1.2-3.fc34 From fb1a8b6b32df3b5eacba68e289b0ca7f20cb50bd Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 13 May 2021 21:54:33 +0000 Subject: [PATCH 228/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/275/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2551b185f2..32605b2897 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.11.18-300.fc34.x86_64" + "evra": "5.11.19-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.11.18-300.fc34.x86_64" + "evra": "5.11.19-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.11.18-300.fc34.x86_64" + "evra": "5.11.19-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -970,10 +970,10 @@ "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "2:3.1.2-1.fc34.x86_64" + "evra": "3:3.1.2-3.fc34.x86_64" }, "podman-plugins": { - "evra": "2:3.1.2-1.fc34.x86_64" + "evra": "3:3.1.2-3.fc34.x86_64" }, "policycoreutils": { "evra": "3.2-1.fc34.x86_64" @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2825-1.fc34.x86_64" + "evra": "2:8.2.2846-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-12T16:50:58Z", + "generated": "2021-05-13T20:55:47Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-09T21:31:54Z" + "generated": "2021-05-12T23:21:52Z" }, "fedora-updates": { - "generated": "2021-05-12T05:27:39Z" + "generated": "2021-05-13T00:53:41Z" } } } From c7d25b56320b5c02e479f67ba50fe7dd1e5f8dd3 Mon Sep 17 00:00:00 2001 From: Stephen Lowrie Date: Fri, 19 Mar 2021 01:50:28 -0500 Subject: [PATCH 229/489] 35coreos-ignition: add coreos-kargs Co-authored-by: Jonathan Lebon --- .../coreos-kargs-reboot.service | 21 +++++++++++++++++++ .../35coreos-ignition/coreos-kargs.sh | 4 ++++ .../35coreos-ignition/module-setup.sh | 6 ++++++ tests/kola/ignition/kargs/config.ign | 9 ++++++++ tests/kola/ignition/kargs/test.sh | 19 +++++++++++++++++ 5 files changed, 59 insertions(+) create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service create mode 100755 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh create mode 100644 tests/kola/ignition/kargs/config.ign create mode 100755 tests/kola/ignition/kargs/test.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service new file mode 100644 index 0000000000..4f50823092 --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service @@ -0,0 +1,21 @@ +[Unit] +Description=CoreOS Kernel Arguments Reboot +ConditionPathExists=/etc/initrd-release +ConditionPathExists=/run/ignition-modified-kargs +DefaultDependencies=false +Before=ignition-complete.target + +# This runs after ignition-kargs & before ignition-disks so that it can optionally reboot +# if kargs were modified via Ignition. This is done in a two-stage fashion so that other +# mechanisms which may want to reboot (e.x. FIPS) can also hook in here and only reboot +# once from the initrd. +After=ignition-kargs.service +Before=ignition-disks.service + +OnFailure=emergency.target +OnFailureJobMode=isolate + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/systemctl reboot diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh new file mode 100755 index 0000000000..3744eb6d4b --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -euo pipefail + +/usr/bin/rdcore kargs --boot-device /dev/disk/by-label/boot --create-if-changed /run/ignition-modified-kargs "$@" diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh index da869947e0..c874f1e160 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh @@ -40,6 +40,12 @@ install() { # path generated by systemd-escape --path /dev/disk/by-label/root install_ignition_unit coreos-gpt-setup.service ignition-diskful.target + # dracut inst_script doesn't allow overwrites and we are replacing + # the default script placed by Ignition + binpath="/usr/sbin/ignition-kargs-helper" + mv "$moddir/coreos-kargs.sh" "$initdir$binpath" + install_ignition_unit coreos-kargs-reboot.service + inst_script "$moddir/coreos-boot-edit.sh" \ "/usr/sbin/coreos-boot-edit" # Only start when the system has disks since we are editing /boot. diff --git a/tests/kola/ignition/kargs/config.ign b/tests/kola/ignition/kargs/config.ign new file mode 100644 index 0000000000..fb9fa01a5a --- /dev/null +++ b/tests/kola/ignition/kargs/config.ign @@ -0,0 +1,9 @@ +{ + "ignition": { + "version": "3.3.0-experimental" + }, + "kernelArguments": { + "shouldExist": ["foobar"], + "shouldNotExist": ["mitigations=auto,nosmt"] + } +} diff --git a/tests/kola/ignition/kargs/test.sh b/tests/kola/ignition/kargs/test.sh new file mode 100755 index 0000000000..a7535254f8 --- /dev/null +++ b/tests/kola/ignition/kargs/test.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -xeuo pipefail + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +if ! grep foobar /proc/cmdline; then + fatal "missing foobar in kernel cmdline" +fi +if grep mitigations /proc/cmdline; then + fatal "found mitigations in kernel cmdline" +fi +ok "Ignition kargs" From 579e46ad1da987b28bef097e51bd7b674879e4c8 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 15 May 2021 21:19:45 +0000 Subject: [PATCH 230/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/281/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 32605b2897..4aea6b25f9 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -352,7 +352,7 @@ "evra": "2.31.1-3.fc34.x86_64" }, "glib2": { - "evra": "2.68.1-1.fc34.x86_64" + "evra": "2.68.2-1.fc34.x86_64" }, "glibc": { "evra": "2.33-8.fc34.x86_64" @@ -820,10 +820,10 @@ "evra": "2.5.1-28.fc34.x86_64" }, "linux-firmware": { - "evra": "20210315-119.fc34.noarch" + "evra": "20210511-120.fc34.noarch" }, "linux-firmware-whence": { - "evra": "20210315-119.fc34.noarch" + "evra": "20210511-120.fc34.noarch" }, "lmdb-libs": { "evra": "0.9.29-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-13T20:55:47Z", + "generated": "2021-05-15T20:53:44Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-12T23:21:52Z" + "generated": "2021-05-14T19:11:15Z" }, "fedora-updates": { - "generated": "2021-05-13T00:53:41Z" + "generated": "2021-05-15T01:28:39Z" } } } From 455a26aa6c540c834c848e29cbc8c737fb495207 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 17 May 2021 13:03:32 +0000 Subject: [PATCH 231/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/285/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 4aea6b25f9..397f75954a 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -133,7 +133,7 @@ "evra": "1.5.0~rc.1-1.fc34.x86_64" }, "containernetworking-plugins": { - "evra": "0.9.1-4.fc34.x86_64" + "evra": "1.0.0-0.1.rc1.fc34.x86_64" }, "containers-common": { "evra": "4:1-16.fc34.noarch" @@ -163,7 +163,7 @@ "evra": "3.15-3.fc34.x86_64" }, "crun": { - "evra": "0.19.1-2.fc34.x86_64" + "evra": "0.19.1-1.fc34.x86_64" }, "crypto-policies": { "evra": "20210213-1.git5c710c0.fc34.noarch" @@ -445,7 +445,7 @@ "evra": "2.13.1-2.fc34.x86_64" }, "jose": { - "evra": "10-9.fc34.x86_64" + "evra": "11-1.fc34.x86_64" }, "jq": { "evra": "1.6-7.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.11.19-300.fc34.x86_64" + "evra": "5.11.20-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.11.19-300.fc34.x86_64" + "evra": "5.11.20-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.11.19-300.fc34.x86_64" + "evra": "5.11.20-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -610,7 +610,7 @@ "evra": "0.1.6-1.fc34.x86_64" }, "libjose": { - "evra": "10-9.fc34.x86_64" + "evra": "11-1.fc34.x86_64" }, "libkcapi": { "evra": "1.2.1-1.fc34.x86_64" @@ -691,7 +691,7 @@ "evra": "0.1.5-47.fc34.x86_64" }, "librepo": { - "evra": "1.13.0-1.fc34.x86_64" + "evra": "1.14.0-1.fc34.x86_64" }, "libreport-filesystem": { "evra": "2.14.0-17.fc34.noarch" @@ -991,7 +991,7 @@ "evra": "1.18-4.fc34.x86_64" }, "procps-ng": { - "evra": "3.3.17-1.fc34.x86_64" + "evra": "3.3.17-1.fc34.1.x86_64" }, "protobuf-c": { "evra": "1.3.3-7.fc34.x86_64" @@ -1042,10 +1042,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.6-1.fc34.noarch" + "evra": "34.7-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.6-1.fc34.noarch" + "evra": "34.7-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1193,7 +1193,7 @@ } }, "metadata": { - "generated": "2021-05-15T20:53:44Z", + "generated": "2021-05-17T12:28:40Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1202,7 +1202,7 @@ "generated": "2021-05-14T19:11:15Z" }, "fedora-updates": { - "generated": "2021-05-15T01:28:39Z" + "generated": "2021-05-17T02:57:42Z" } } } From b68d653fe3cc6d8b3571f0feb6e807b89ace76e5 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 17 May 2021 10:51:45 -0400 Subject: [PATCH 232/489] overrides: fast-track crun-0.19.1-3.fc34 It was erroneously downgraded in Fedora. https://bodhi.fedoraproject.org/updates/FEDORA-2021-316efff8f2 --- manifest-lock.overrides.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 9416e829f6..5954027b54 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -6,3 +6,7 @@ packages: evr: 3:3.1.2-3.fc34 podman-plugins: evr: 3:3.1.2-3.fc34 + # Fast-track crun-0.19.1-3.fc34 It was erroneously downgraded in Fedora. + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-316efff8f2 + crun: + evr: 0.19.1-3.fc34 From c0e52cb4854d47e660d28632fb4e7adffb6c1b0a Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Mon, 17 May 2021 14:07:01 -0400 Subject: [PATCH 233/489] overrides: fast-track coreos-installer 0.9.1 --- manifest-lock.overrides.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 5954027b54..03595457e5 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -10,3 +10,9 @@ packages: # https://bodhi.fedoraproject.org/updates/FEDORA-2021-316efff8f2 crun: evr: 0.19.1-3.fc34 + # Fast-track new coreos-installer release + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-46c72bed26 + coreos-installer: + evr: 0.9.1-1.fc34 + coreos-installer-bootinfra: + evr: 0.9.1-1.fc34 From 0387c930f88857990385e1b45fd68a6d27f7a919 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 18 May 2021 08:21:48 +0000 Subject: [PATCH 234/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/289/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 397f75954a..def2b1fde3 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -139,10 +139,10 @@ "evra": "4:1-16.fc34.noarch" }, "coreos-installer": { - "evra": "0.9.0-2.fc34.x86_64" + "evra": "0.9.1-1.fc34.x86_64" }, "coreos-installer-bootinfra": { - "evra": "0.9.0-2.fc34.x86_64" + "evra": "0.9.1-1.fc34.x86_64" }, "coreutils": { "evra": "8.32-24.fc34.x86_64" @@ -163,7 +163,7 @@ "evra": "3.15-3.fc34.x86_64" }, "crun": { - "evra": "0.19.1-1.fc34.x86_64" + "evra": "0.19.1-3.fc34.x86_64" }, "crypto-policies": { "evra": "20210213-1.git5c710c0.fc34.noarch" @@ -814,7 +814,7 @@ "evra": "0.2.5-5.fc34.x86_64" }, "libzstd": { - "evra": "1.4.9-1.fc34.x86_64" + "evra": "1.5.0-1.fc34.x86_64" }, "linux-atm-libs": { "evra": "2.5.1-28.fc34.x86_64" @@ -1117,22 +1117,22 @@ "evra": "1.9.5p2-1.fc34.x86_64" }, "systemd": { - "evra": "248.2-1.fc34.x86_64" + "evra": "248.3-1.fc34.x86_64" }, "systemd-container": { - "evra": "248.2-1.fc34.x86_64" + "evra": "248.3-1.fc34.x86_64" }, "systemd-libs": { - "evra": "248.2-1.fc34.x86_64" + "evra": "248.3-1.fc34.x86_64" }, "systemd-pam": { - "evra": "248.2-1.fc34.x86_64" + "evra": "248.3-1.fc34.x86_64" }, "systemd-rpm-macros": { - "evra": "248.2-1.fc34.noarch" + "evra": "248.3-1.fc34.noarch" }, "systemd-udev": { - "evra": "248.2-1.fc34.x86_64" + "evra": "248.3-1.fc34.x86_64" }, "tar": { "evra": "2:1.34-1.fc34.x86_64" @@ -1183,7 +1183,7 @@ "evra": "1.1.11-1.fc34.x86_64" }, "zincati": { - "evra": "0.0.19-1.fc34.x86_64" + "evra": "0.0.20-1.fc34.x86_64" }, "zlib": { "evra": "1.2.11-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-17T12:28:40Z", + "generated": "2021-05-18T07:54:30Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-14T19:11:15Z" + "generated": "2021-05-17T19:42:55Z" }, "fedora-updates": { - "generated": "2021-05-17T02:57:42Z" + "generated": "2021-05-18T00:50:03Z" } } } From 3fc2e10fc09537f46e229f8ee644af6b12b0a7ec Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 13 Jan 2021 17:00:26 -0500 Subject: [PATCH 235/489] ignition-ostree-growfs: don't conditionalize on root= karg Anaconda is long gone now. We do want this service to always run on first boot, regardless of whether there's a `root=` karg or not. In the case of multipath, a `root=` karg is expected on first boot. --- .../modules.d/40ignition-ostree/ignition-ostree-growfs.service | 3 --- 1 file changed, 3 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service index 63e4106160..62d2db692f 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service @@ -2,9 +2,6 @@ Description=Ignition OSTree: Grow root filesystem DefaultDependencies=false ConditionKernelCommandLine=ostree -# Similar to the other mount rules, suppress invocation if we detect -# we are running from a legacy setup created by Anaconda. -ConditionKernelCommandLine=!root ConditionPathExists=!/run/ostree-live Before=initrd-root-fs.target After=ignition-ostree-mount-firstboot-sysroot.service From caa586a5f7dc9db58624aee12c24755f7dc0ac85 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 13 Jan 2021 17:04:33 -0500 Subject: [PATCH 236/489] ignition-ostree-growfs: fix dependency to sysroot mount In the case of multipath, `ignition-ostree-mount-firstboot-sysroot.service` won't kick in because the `root=` karg is already present on first boot. But we still need to grow the partition and filesystem in that case. What we really mean here is that the sysroot should already be mounted before we growfs. Drop the `Requires=` and add `sysroot.mount` to the list of `After=` so that we cover the case where the sysroot is mounted via the mount unit generated via systemd-fstab-generator from the `root=` karg. --- .../modules.d/40ignition-ostree/ignition-ostree-growfs.service | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service index 62d2db692f..8704894f3b 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service @@ -4,8 +4,7 @@ DefaultDependencies=false ConditionKernelCommandLine=ostree ConditionPathExists=!/run/ostree-live Before=initrd-root-fs.target -After=ignition-ostree-mount-firstboot-sysroot.service -Requires=ignition-ostree-mount-firstboot-sysroot.service +After=sysroot.mount ignition-ostree-mount-firstboot-sysroot.service # This shouldn't be strictly necessary, but it's cleaner to not have OSTree muck # around with moving mounts while we're still resizing the filesystem. Before=ostree-prepare-root.service From 2b22dcb6261c463832dfc4495c34b26fc641f0f2 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 13 May 2021 10:32:00 -0400 Subject: [PATCH 237/489] overlay: convert more unit descriptions to Title Case This is the convention in systemd and in most of our other units. --- .../dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service | 2 +- .../40ignition-ostree/ignition-ostree-uuid-boot.service | 2 +- .../40ignition-ostree/ignition-ostree-uuid-root.service | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service index 6d873665fb..e70c74e38b 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service @@ -1,5 +1,5 @@ [Unit] -Description=Generate new UUID for boot disk GPT +Description=Generate New UUID For Boot Disk GPT ConditionPathExists=/etc/initrd-release DefaultDependencies=no Before=local-fs-pre.target systemd-fsck-root.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service index bad9ece0ce..6805127e83 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service @@ -1,5 +1,5 @@ [Unit] -Description=Ignition OSTree: Regenerate filesystem UUID (boot) +Description=Ignition OSTree: Regenerate Filesystem UUID (boot) DefaultDependencies=false ConditionPathExists=/usr/lib/initrd-release ConditionKernelCommandLine=ostree diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service index 45da600af0..f9a77c30aa 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service @@ -1,5 +1,5 @@ [Unit] -Description=Ignition OSTree: Regenerate filesystem UUID (root) +Description=Ignition OSTree: Regenerate Filesystem UUID (root) # These conditions match mount-firstboot-sysroot.service DefaultDependencies=false ConditionKernelCommandLine=!root From be9e9ecef1507eb93b7fbeb21a9dedf9ee9f6a94 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 13 May 2021 10:32:55 -0400 Subject: [PATCH 238/489] coreos-gpt-setup: log whether sgdisk was called Helpful for debugging. --- .../dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh index 757d8fe96d..dd62209d48 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh @@ -24,7 +24,11 @@ fi # - The PTUUID is empty. This happens on s390x where DASD disks don't # have PTUUID or any of the other traditional partition table # attributes of GPT disks. -[ "${PTUUID:-}" != "$UNINITIALIZED_GUID" ] && exit 0 +if [ "${PTUUID:-}" != "$UNINITIALIZED_GUID" ]; then + echo "Not randomizing disk GUID; found ${PTUUID:-none}" + exit 0 +fi +echo "Randomizing disk GUID" sgdisk --disk-guid=R --move-second-header "$PKNAME" udevadm settle From 5b96230305b3a1784daa6e94729e06e5509c74f6 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 13 May 2021 10:33:58 -0400 Subject: [PATCH 239/489] ignition-ostree-uuid-root: also run if root= is provided We want it to run in the multipath case, in which users may provide a `root=` karg. So drop that condition. This service is already queued against `ignition-diskful.target` so it only runs on first boot. It also already correctly does nothing if somehow the UUID was already changed. --- .../40ignition-ostree/ignition-ostree-uuid-root.service | 1 - 1 file changed, 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service index f9a77c30aa..7164aaf5c3 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service @@ -2,7 +2,6 @@ Description=Ignition OSTree: Regenerate Filesystem UUID (root) # These conditions match mount-firstboot-sysroot.service DefaultDependencies=false -ConditionKernelCommandLine=!root ConditionKernelCommandLine=ostree ConditionPathExists=!/run/ostree-live Before=initrd-root-fs.target From 47cc852b50998cb629050bfbe43c882de98aa030 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 18 May 2021 10:56:26 -0400 Subject: [PATCH 240/489] coreos-boot-mount-generator: Move all "exit 0" checks to early on This way it's a lot clearer under which conditions the generator runs. --- .../coreos-boot-mount-generator | 38 ++++++++++--------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator index cc8e418d79..ec2d059d77 100755 --- a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator +++ b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator @@ -14,13 +14,6 @@ UNIT_DIR="${1:-/tmp}" exit 0 } -add_wants() { - local name="$1"; shift - local wants_dir="${UNIT_DIR}/local-fs.target.wants" - mkdir -p "${wants_dir}" - ln -sf "../${name}" "${wants_dir}/${name}" -} - # If there's already an /etc/fstab entries for /boot, then this is is a non-FCOS # system, likely RHCOS pre-4.3 (which still used Anaconda). In that case, we # don't want to overwrite what the systemd-fstab-generator will do. @@ -28,6 +21,20 @@ if findmnt --fstab /boot &>/dev/null; then exit 0 fi +# Don't create mount units for /boot on live systems. +# ConditionPathExists won't work here because conditions don't affect +# the dependency on the underlying device unit. +if [ -f /run/ostree-live ]; then + exit 0 +fi + +add_wants() { + local name="$1"; shift + local wants_dir="${UNIT_DIR}/local-fs.target.wants" + mkdir -p "${wants_dir}" + ln -sf "../${name}" "${wants_dir}/${name}" +} + # Generate mount units that work with device mapper. The traditional # device unit (dev-disk-by\x2dlabel...) does not work since it is not the # device that systemd will fsck. This code ensures that if the label @@ -68,14 +75,9 @@ EOF add_wants "${unit_name}" } -# Don't create mount units for /boot on live systems. -# ConditionPathExists won't work here because conditions don't affect -# the dependency on the underlying device unit. -if [ ! -f /run/ostree-live ]; then - # We mount read-only by default mostly to protect - # against accidental damage. Only a few things - # owned by CoreOS should be touching /boot or the ESP. - # Use nodev,nosuid because some hardening guides want - # that even though it's of minimal value. - mk_mount /boot boot ro,nodev,nosuid -fi +# We mount read-only by default mostly to protect +# against accidental damage. Only a few things +# owned by CoreOS should be touching /boot or the ESP. +# Use nodev,nosuid because some hardening guides want +# that even though it's of minimal value. +mk_mount /boot boot ro,nodev,nosuid From 3f19340ab9c3c9ec35cf79a89a6f2925f12e217c Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 18 May 2021 12:28:07 -0400 Subject: [PATCH 241/489] live-generator: don't call `man bootup` Even though it's on a comment line, because it's in a heredoc, bash does try to execute this. This fails on FCOS thankfully because there is no `man` on FCOS, but it still logs an error message. (And... any derived system which does ship `man`, I think this actually would dump the manpage into the unit.) --- .../usr/lib/dracut/modules.d/35coreos-live/live-generator | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator index fec5860061..3cdd88fd2a 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator @@ -90,7 +90,7 @@ EOF DefaultDependencies=false # HACK for https://github.com/coreos/fedora-coreos-config/issues/437 Wants=systemd-udev-settle.service -# Note that `man bootup` implies that initrd-root-device is After=basic.target +# Note that bootup(7) implies that initrd-root-device is After=basic.target # but that appears to not be the case. We explicitly order after sysinit.target After=sysinit.target After=initrd-root-device.target From 9142419669cbfaa79832b5e0a722c7bd50a7ba0d Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Wed, 19 May 2021 17:49:13 +0200 Subject: [PATCH 242/489] testing-devel: remove podman overrides now that the update is in the stable repos Signed-off-by: Clement Verna --- manifest-lock.overrides.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 03595457e5..bf43473571 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -1,11 +1,4 @@ packages: - # Fast-track 3.1.2-3. Fixes podman selinux labelling regression. - # https://github.com/coreos/fedora-coreos-tracker/issues/818 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-aab271bbc8 - podman: - evr: 3:3.1.2-3.fc34 - podman-plugins: - evr: 3:3.1.2-3.fc34 # Fast-track crun-0.19.1-3.fc34 It was erroneously downgraded in Fedora. # https://bodhi.fedoraproject.org/updates/FEDORA-2021-316efff8f2 crun: From 78b5cd7532c52524219562a6f0cb107efb53aeb4 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 18 May 2021 12:21:24 -0400 Subject: [PATCH 243/489] udev/90-coreos-device-mapper: Create label links in real root too We're currently gating on `ENV{DM_SUSPENDED}=="Active"` but `10-dm.rules` does: ``` ENV{DM_SUSPENDED}=="Active", ENV{DM_SUSPENDED}="0" ENV{DM_SUSPENDED}=="Suspended", ENV{DM_SUSPENDED}="1" ``` So what I think is happening here is that our rule happens to run before that kicks in, so we make the links once, but not thereafter. Change the condition to match what `13-dm-disk.rules` from LVM is doing. Also slightly reorder the code and add some comments for extra clarity. --- .../lib/udev/rules.d/90-coreos-device-mapper.rules | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules b/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules index b908be71e9..e2413c3746 100644 --- a/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules +++ b/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules @@ -1,24 +1,27 @@ +# CoreOS-specific symlinks for dm-multipath filesystem labels, +# used for `label=boot` and `label=root`. + ACTION=="remove", GOTO="dm_label_end" SUBSYSTEM!="block", GOTO="dm_label_end" KERNEL!="dm-*", GOTO="dm_label_end" # Ensure that the device mapper target is active -# And the required attributes exist. ENV{DM_ACTIVATION}!="1", GOTO="dm_label_end" -ENV{ID_FS_LABEL_ENC}!="?*", GOTO="dm_label_end" -ENV{ID_FS_UUID_ENC}!="?*", GOTO="dm_label_end" +ENV{DM_SUSPENDED}=="1", GOTO="dm_label_end" # Only act on filesystems. This should prevent layered devices # such as Raid on Multipath devices from appearing. ENV{ID_FS_USAGE}!="filesystem", GOTO="dm_label_end" +# And if the filesystem doesn't have a label+uuid, we're done. +ENV{ID_FS_LABEL_ENC}!="?*", GOTO="dm_label_end" +ENV{ID_FS_UUID_ENC}!="?*", GOTO="dm_label_end" + # Setup up Multipath labels and UUID's. Match on DM_UUID which # is stable regardless of whether friendly names are used or not. # 66-kpartx.rules use DM_UUID to match for linear mappings on multipath # targets. ENV{DM_UUID}=="*mpath*" \ - , ENV{DM_SUSPENDED}=="Active" \ - , ENV{DM_TABLES_LOADED}=="Live" \ , SYMLINK+="disk/by-label/dm-mpath-$env{ID_FS_LABEL_ENC}" \ , SYMLINK+="disk/by-uuid/dm-mpath-$env{ID_FS_UUID_ENC}" From 508afe35dc498189aa8d9975cca3d5950a98a496 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 18 May 2021 10:55:21 -0400 Subject: [PATCH 244/489] coreos-boot-mount-generator: Always use mpath for /boot if rd.multipath If root is on multipath (which is today for CoreOS always `rd.multipath=default`) then we *know* we must use it for `/boot`. We're not going to support "tearing" where `/boot` is on a non-mpath device but `/` is on mpath. The current code is I believe racy because at the time the generator runs (and systemd generators run *early*), we're querying the "current" properties of the device at `/dev/disk/by-label/boot`. But multipathd could still be in the process of setting up and replacing the target of that symlink. This can cause systemd to tear down and reinitialize the mount, causing races. https://bugzilla.redhat.com/show_bug.cgi?id=1944660 --- .../coreos-boot-mount-generator | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator index ec2d059d77..321bd2e33d 100755 --- a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator +++ b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator @@ -41,21 +41,12 @@ add_wants() { # is backed by a device-mapper target the dev-mapper.*.device is used. mk_mount() { local mount_pt="${1}"; shift - local label="${1}"; shift + local path="${1}"; shift local options="${1}"; shift - local path="/dev/disk/by-label/${label}" + local devservice=$(systemd-escape -p ${path} --suffix=service) local unit_name=$(systemd-escape -p ${mount_pt} --suffix=mount) - eval $(udevadm info --query property --export "${path}") - device="$(systemd-escape ${path})" - if [ "${DM_NAME:-x}" != "x" ]; then - path="/dev/mapper/${DM_NAME}" - device="$(systemd-escape dev/mapper/${DM_NAME})" - fi - device="${device//-dev/dev}" - echo "coreos-boot-mount-generator: using ${device} for ${label} mount to ${mount_pt}" - cat > "${UNIT_DIR}/${unit_name}" < Date: Wed, 19 May 2021 16:15:36 -0400 Subject: [PATCH 245/489] overrides: fast-track runc-1.0.0-378.rc95.fc34 for CVE-2021-30465 (symlink exchange attack) --- manifest-lock.overrides.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index bf43473571..26432de99e 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -9,3 +9,7 @@ packages: evr: 0.9.1-1.fc34 coreos-installer-bootinfra: evr: 0.9.1-1.fc34 + # For CVE-2021-30465 (symlink exchange attack) + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0440f235a0 + runc: + evr: 2:1.0.0-378.rc95.fc34 From 1fc7cd93efc1ffc6762a3b0c65f76c837e5b620b Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 19 May 2021 15:05:35 -0400 Subject: [PATCH 246/489] overlay/05core: Add a new /usr/lib/coreos/generator-lib.sh Hopefully in the future we'll create a nice `rdcore` like Rust place for our generators. For now let's factor out a little helper library. --- .../05core/usr/lib/coreos/generator-lib.sh | 19 +++++++++++++++++++ .../coreos-boot-mount-generator | 10 +++------- .../coreos-liveiso-autologin-generator | 18 +----------------- 3 files changed, 23 insertions(+), 24 deletions(-) create mode 100644 overlay.d/05core/usr/lib/coreos/generator-lib.sh diff --git a/overlay.d/05core/usr/lib/coreos/generator-lib.sh b/overlay.d/05core/usr/lib/coreos/generator-lib.sh new file mode 100644 index 0000000000..b133e5ac67 --- /dev/null +++ b/overlay.d/05core/usr/lib/coreos/generator-lib.sh @@ -0,0 +1,19 @@ +# File intended to be sourced by shell script generators shipped with CoreOS systems + +# Generators don't have logging right now +# https://github.com/systemd/systemd/issues/15638 +exec 1>/dev/kmsg; exec 2>&1 + +UNIT_DIR="${1:-/tmp}" + +have_karg() { + local arg="$1" + local cmdline=( $(/dev/kmsg; exec 2>&1 - -UNIT_DIR="${1:-/tmp}" +. /usr/lib/coreos/generator-lib.sh # Turn out if you boot with "root=..." $UNIT_DIR is not writable. [ -w "${UNIT_DIR}" ] || { @@ -71,8 +67,8 @@ EOF # Otherwise, use the usual by-label symlink. # See discussion in https://github.com/coreos/fedora-coreos-config/pull/1022 bootdev=/dev/disk/by-label/boot -# Yes this isn't a real karg parser but we're trapped in this shell script -if grep -q rd.multipath /proc/cmdline; then +# TODO add equivalent of getargbool() so we handle rd.multipath=0 +if have_karg rd.multipath; then bootdev=/dev/disk/by-label/dm-mpath-boot fi diff --git a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator index aa8e9f4ffd..c49139b315 100755 --- a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator +++ b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator @@ -2,23 +2,7 @@ set -euo pipefail -# Generators don't have logging right now -# https://github.com/systemd/systemd/issues/15638 -exec 1>/dev/kmsg; exec 2>&1 - -UNIT_DIR="${1:-/tmp}" - -have_karg() { - local arg="$1" - local cmdline=( $( Date: Thu, 20 May 2021 21:28:10 +0000 Subject: [PATCH 247/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/296/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index def2b1fde3..6ecb3474d9 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -145,10 +145,10 @@ "evra": "0.9.1-1.fc34.x86_64" }, "coreutils": { - "evra": "8.32-24.fc34.x86_64" + "evra": "8.32-26.fc34.x86_64" }, "coreutils-common": { - "evra": "8.32-24.fc34.x86_64" + "evra": "8.32-26.fc34.x86_64" }, "cpio": { "evra": "2.13-10.fc34.x86_64" @@ -175,7 +175,7 @@ "evra": "2.3.5-2.fc34.x86_64" }, "cups-libs": { - "evra": "1:2.3.3op2-5.fc34.x86_64" + "evra": "1:2.3.3op2-7.fc34.x86_64" }, "curl": { "evra": "7.76.1-2.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.11.20-300.fc34.x86_64" + "evra": "5.11.21-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.11.20-300.fc34.x86_64" + "evra": "5.11.21-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.11.20-300.fc34.x86_64" + "evra": "5.11.21-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1027,7 +1027,7 @@ "evra": "3.2.3-5.fc34.x86_64" }, "runc": { - "evra": "2:1.0.0-377.rc93.fc34.x86_64" + "evra": "2:1.0.0-378.rc95.fc34.x86_64" }, "samba-client-libs": { "evra": "2:4.14.4-0.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-18T07:54:30Z", + "generated": "2021-05-20T20:54:20Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-17T19:42:55Z" + "generated": "2021-05-19T22:08:56Z" }, "fedora-updates": { - "generated": "2021-05-18T00:50:03Z" + "generated": "2021-05-20T00:51:45Z" } } } From e252ccbf8dbb578858f90dd1805f0290c5f793f5 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 24 May 2021 16:22:39 -0400 Subject: [PATCH 248/489] overrides: freeze on dracut-053-5.fc34 There are some NetworkManager related changes and possibly others that are causing failures in our bump-lockfile process. We need to investigate these issues before promoting dracut-054. https://github.com/coreos/fedora-coreos-tracker/issues/842 --- manifest-lock.overrides.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 26432de99e..0bd4621666 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -1,4 +1,10 @@ packages: + # Freeze dracut on 053. We need to investigate NetworkManager systemd changes. + # https://github.com/coreos/fedora-coreos-tracker/issues/842 + dracut: + evr: 053-5.fc34 + dracut-network: + evr: 053-5.fc34 # Fast-track crun-0.19.1-3.fc34 It was erroneously downgraded in Fedora. # https://bodhi.fedoraproject.org/updates/FEDORA-2021-316efff8f2 crun: From a70a9ee5390221d49ce962388c3a855b3bc8855d Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 25 May 2021 01:46:08 +0000 Subject: [PATCH 249/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/308/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 76 +++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 6ecb3474d9..21accadb99 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -67,7 +67,7 @@ "evra": "3.5.1-2.fc34.x86_64" }, "btrfs-progs": { - "evra": "5.11.1-1.fc34.x86_64" + "evra": "5.12.1-1.fc34.x86_64" }, "bubblewrap": { "evra": "0.4.1-3.fc34.x86_64" @@ -88,7 +88,7 @@ "evra": "0.1.5-4.fc34.x86_64" }, "chrony": { - "evra": "4.0-3.fc34.x86_64" + "evra": "4.1-1.fc34.x86_64" }, "cifs-utils": { "evra": "6.11-3.fc34.x86_64" @@ -127,7 +127,7 @@ "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.160.0-2.fc34.noarch" + "evra": "2:2.162.1-3.fc34.noarch" }, "containerd": { "evra": "1.5.0~rc.1-1.fc34.x86_64" @@ -316,7 +316,7 @@ "evra": "2.9.9-11.fc34.x86_64" }, "fuse-common": { - "evra": "3.10.2-1.fc34.x86_64" + "evra": "3.10.3-1.fc34.x86_64" }, "fuse-libs": { "evra": "2.9.9-11.fc34.x86_64" @@ -328,10 +328,10 @@ "evra": "3.7.1-2.fc34.x86_64" }, "fuse3": { - "evra": "3.10.2-1.fc34.x86_64" + "evra": "3.10.3-1.fc34.x86_64" }, "fuse3-libs": { - "evra": "3.10.2-1.fc34.x86_64" + "evra": "3.10.3-1.fc34.x86_64" }, "fwupd": { "evra": "1.5.9-2.fc34.x86_64" @@ -424,7 +424,7 @@ "evra": "1.8.7-3.fc34.x86_64" }, "iptables-services": { - "evra": "1.8.7-7.fc34.x86_64" + "evra": "1.8.7-8.fc34.x86_64" }, "iputils": { "evra": "20210202-2.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.11.21-300.fc34.x86_64" + "evra": "5.12.6-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.11.21-300.fc34.x86_64" + "evra": "5.12.6-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.11.21-300.fc34.x86_64" + "evra": "5.12.6-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -490,7 +490,7 @@ "evra": "0.8.5-4.fc34.x86_64" }, "krb5-libs": { - "evra": "1.19.1-3.fc34.x86_64" + "evra": "1.19.1-8.fc34.x86_64" }, "less": { "evra": "581.2-1.fc34.x86_64" @@ -592,19 +592,19 @@ "evra": "0.3.6-1.fc34.x86_64" }, "libibverbs": { - "evra": "34.0-3.fc34.x86_64" + "evra": "35.0-1.fc34.x86_64" }, "libicu": { "evra": "67.1-6.fc34.x86_64" }, "libidn2": { - "evra": "2.3.0-5.fc34.x86_64" + "evra": "2.3.1-1.fc34.x86_64" }, "libini_config": { "evra": "1.3.1-47.fc34.x86_64" }, "libipa_hbac": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "libjcat": { "evra": "0.1.6-1.fc34.x86_64" @@ -622,7 +622,7 @@ "evra": "1.5.0-2.fc34.x86_64" }, "libldb": { - "evra": "2.3.0-1.fc34.x86_64" + "evra": "2.3.0-2.fc34.x86_64" }, "libluksmeta": { "evra": "9-10.fc34.x86_64" @@ -739,16 +739,16 @@ "evra": "0.9.5-2.fc34.noarch" }, "libsss_certmap": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "libsss_idmap": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "libsss_nss_idmap": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "libsss_sudo": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "libstdc++": { "evra": "11.1.1-1.fc34.x86_64" @@ -772,7 +772,7 @@ "evra": "0.21-4.fc34.x86_64" }, "libtirpc": { - "evra": "1.3.1-1.rc2.fc34.x86_64" + "evra": "1.3.2-0.fc34.x86_64" }, "libunistring": { "evra": "0.9.10-10.fc34.x86_64" @@ -781,7 +781,7 @@ "evra": "1.0.24-2.fc34.x86_64" }, "libuser": { - "evra": "0.63-1.fc34.x86_64" + "evra": "0.63-3.fc34.x86_64" }, "libutempter": { "evra": "1.2.1-4.fc34.x86_64" @@ -805,7 +805,7 @@ "evra": "4.4.20-2.fc34.x86_64" }, "libxml2": { - "evra": "2.9.10-12.fc34.x86_64" + "evra": "2.9.12-2.fc34.x86_64" }, "libxmlb": { "evra": "0.3.0-1.fc34.x86_64" @@ -1006,7 +1006,7 @@ "evra": "8.1-2.fc34.x86_64" }, "rpcbind": { - "evra": "1.2.5-5.rc1.fc34.4.x86_64" + "evra": "1.2.6-0.fc34.x86_64" }, "rpm": { "evra": "4.16.1.3-1.fc34.x86_64" @@ -1015,10 +1015,10 @@ "evra": "4.16.1.3-1.fc34.x86_64" }, "rpm-ostree": { - "evra": "2021.4-3.fc34.x86_64" + "evra": "2021.5-1.fc34.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.4-3.fc34.x86_64" + "evra": "2021.5-1.fc34.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.3-1.fc34.x86_64" @@ -1087,28 +1087,28 @@ "evra": "0.1.2-7.fc34.x86_64" }, "sssd-ad": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "sssd-client": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "sssd-common": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "sssd-common-pac": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "sssd-ipa": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "sssd-krb5": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "sssd-krb5-common": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "sssd-ldap": { - "evra": "2.4.2-3.fc34.x86_64" + "evra": "2.5.0-2.fc34.x86_64" }, "stalld": { "evra": "1.10-1.fc34.x86_64" @@ -1147,7 +1147,7 @@ "evra": "5.0-2.fc34.x86_64" }, "tpm2-tss": { - "evra": "3.0.3-2.fc34.x86_64" + "evra": "3.1.0-1.fc34.x86_64" }, "tzdata": { "evra": "2021a-1.fc34.noarch" @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2846-1.fc34.x86_64" + "evra": "2:8.2.2875-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-20T20:54:20Z", + "generated": "2021-05-25T01:18:06Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-19T22:08:56Z" + "generated": "2021-05-24T22:16:16Z" }, "fedora-updates": { - "generated": "2021-05-20T00:51:45Z" + "generated": "2021-05-25T01:01:15Z" } } } From aa16ec31d3986cc85ebc26e885ae0d60e2d3bb27 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 25 May 2021 11:37:43 -0400 Subject: [PATCH 250/489] move to cgroups v2 everywhere Adjust the kernel arguments so that we're now using cgroups v2 in our testing-devel (and subsequently, testing and stable) stream(s). Context: https://github.com/coreos/fedora-coreos-tracker/issues/292 --- image.yaml | 5 ----- tests/kola/misc-ro | 25 +++++++------------------ 2 files changed, 7 insertions(+), 23 deletions(-) diff --git a/image.yaml b/image.yaml index 8f79a3abde..1bf800cca2 100644 --- a/image.yaml +++ b/image.yaml @@ -2,8 +2,3 @@ # similarly to manifest.yaml. Unlike image-base.yaml, which is shared by all # streams. include: image-base.yaml - -extra-kargs: - # https://github.com/coreos/fedora-coreos-tracker/issues/292 - # https://fedoraproject.org/wiki/Changes/CGroupsV2 - - systemd.unified_cgroup_hierarchy=0 diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 4e132e21db..b30542d356 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -144,25 +144,14 @@ if ! grep prjquota <<< "${rootflags}"; then fi ok "root mounted with prjquota" +# make sure the system is on cgroups v2 has_cgroup_karg=1 grep -q systemd.unified_cgroup_hierarchy /proc/cmdline || has_cgroup_karg=0 sys_fs_cgroup_source=$(findmnt -no SOURCE /sys/fs/cgroup) stream=$(rpm-ostree status -b --json | jq -r '.deployments[0]["base-commit-meta"]["fedora-coreos.stream"]') -case "$stream" in - "testing-devel" | "testing" | "stable") - if [ $has_cgroup_karg == 0 ]; then - fatal "missing systemd.unified_cgroup_hierarchy=0" - fi - if [[ $sys_fs_cgroup_source != tmpfs ]]; then - fatal "/sys/fs/cgroup is not tmpfs" - fi - ;; - *) - if [ $has_cgroup_karg == 1 ]; then - fatal "found systemd.unified_cgroup_hierarchy=0" - fi - if [[ $sys_fs_cgroup_source != cgroup2 ]]; then - fatal "/sys/fs/cgroup is not cgroup2" - fi - ;; -esac +if [ $has_cgroup_karg == 1 ]; then + fatal "found systemd.unified_cgroup_hierarchy=0" +fi +if [[ $sys_fs_cgroup_source != cgroup2 ]]; then + fatal "/sys/fs/cgroup is not cgroup2" +fi From c9be4ca5cc1460e8e9255a5f20507bec64a9700e Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Thu, 1 Apr 2021 12:04:30 -0400 Subject: [PATCH 251/489] overlay: helper service for warning about cgroupsv1 This will check if a system is still using cgroupsv1 and generate a message to be printed as part of CLHM. Co-authored-by: Dusty Mabe --- .../lib/systemd/system-preset/45-fcos.preset | 2 ++ .../system/coreos-check-cgroups.service | 11 ++++++++ .../usr/libexec/coreos-check-cgroups.sh | 25 +++++++++++++++++++ 3 files changed, 38 insertions(+) create mode 100644 overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service create mode 100755 overlay.d/15fcos/usr/libexec/coreos-check-cgroups.sh diff --git a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset index 54c813d3fa..d153b69b73 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset +++ b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset @@ -3,3 +3,5 @@ enable fedora-coreos-pinger.service # Provide information if no ignition is provided enable coreos-check-ignition-config.service enable coreos-check-ssh-keys.service +# Check if cgroupsv1 is still being used +enable coreos-check-cgroups.service diff --git a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service new file mode 100644 index 0000000000..ceeb3edd64 --- /dev/null +++ b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service @@ -0,0 +1,11 @@ +# This service is used for printing a message if +# cgroups v1 is still being used +[Unit] +Description=Check if cgroupsv1 is still being used +ConditionControlGroupController=v1 +[Service] +Type=oneshot +ExecStart=/usr/libexec/coreos-check-cgroups.sh +RemainAfterExit=yes +[Install] +WantedBy=multi-user.target diff --git a/overlay.d/15fcos/usr/libexec/coreos-check-cgroups.sh b/overlay.d/15fcos/usr/libexec/coreos-check-cgroups.sh new file mode 100755 index 0000000000..39a68b7178 --- /dev/null +++ b/overlay.d/15fcos/usr/libexec/coreos-check-cgroups.sh @@ -0,0 +1,25 @@ +#!/usr/bin/bash +# This script checks if the system is still using cgroups v1 +# and prints a message to the serial console. + +# Change the output color to yellow +warn=$(echo -e '\033[0;33m') +# No color +nc=$(echo -e '\033[0m') + +motd_path=/run/motd.d/30_cgroupsv1_warning.motd + +cat << EOF > "${motd_path}" +${warn} +############################################################################ +WARNING: This system is using cgroups v1. For increased reliability +it is strongly recommended to migrate this system and your workloads +to use cgroups v2. For instructions on how to adjust kernel arguments +to use cgroups v2, see: +https://docs.fedoraproject.org/en-US/fedora-coreos/kernel-args/ + +To disable this warning, use: +sudo systemctl disable coreos-check-cgroups.service +############################################################################ +${nc} +EOF From ac2645a79cc6e5839a855a6ad8f00f3a2570e8ea Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 26 May 2021 21:18:32 +0000 Subject: [PATCH 252/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/310/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 21accadb99..bdf37a8b15 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2875-1.fc34.x86_64" + "evra": "2:8.2.2879-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1183,7 +1183,7 @@ "evra": "1.1.11-1.fc34.x86_64" }, "zincati": { - "evra": "0.0.20-1.fc34.x86_64" + "evra": "0.0.21-1.fc34.x86_64" }, "zlib": { "evra": "1.2.11-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-25T01:18:06Z", + "generated": "2021-05-26T20:53:30Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-24T22:16:16Z" + "generated": "2021-05-25T01:53:18Z" }, "fedora-updates": { - "generated": "2021-05-25T01:01:15Z" + "generated": "2021-05-26T00:54:05Z" } } } From f0a776d1235620e7371795a3a14fac71e6ec1fd1 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 26 May 2021 17:36:00 -0400 Subject: [PATCH 253/489] overrides: fast-track ignition-2.10.1-3.fc34 For firstboot multipath support: https://github.com/coreos/fedora-coreos-config/pull/1011 --- manifest-lock.overrides.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 0bd4621666..3548cf3136 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -19,3 +19,7 @@ packages: # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0440f235a0 runc: evr: 2:1.0.0-378.rc95.fc34 + # For firstboot multipath + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-123bd6e0dc + ignition: + evr: 2.10.1-3.fc34 From 175a350f8d65a7831be971dddfa1932fc3d9c67b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Thu, 27 May 2021 16:41:10 +0200 Subject: [PATCH 254/489] manifests: Move crun to fedora-coreos-base crun was explicitely included in [1] for Fedora CoreOS but we don't use it in RHCOS for now as we default to runc [2] so this moves it to the fedora-coreos-base manifest to make it FCOS only. [1] https://github.com/coreos/fedora-coreos-config/commit/45b01675f9139aacf306830e5fda0a1c5d454b65 [2] https://github.com/openshift/os/commit/80aa676918965abd2c5f47415d70d8ceb55f2129 --- manifests/fedora-coreos-base.yaml | 2 ++ manifests/user-experience.yaml | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 5b80174c53..524c56f042 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -115,6 +115,8 @@ postprocess: # available in RHCOS or not desired in RHCOS). All other packages should go # into one of the sub-manifests listed at the top. packages: + # Container tooling + - crun # Security - polkit # System setup diff --git a/manifests/user-experience.yaml b/manifests/user-experience.yaml index 93d961dc83..1874669071 100644 --- a/manifests/user-experience.yaml +++ b/manifests/user-experience.yaml @@ -28,7 +28,6 @@ packages: # Remote Access - openssh-clients openssh-server # Container tooling - - crun - podman - runc - skopeo From 39c9e73f92c5f7b146ad745061054ff76e649a09 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 13 May 2021 10:45:52 -0400 Subject: [PATCH 255/489] Add support for multipath on firstboot As we've learned in https://bugzilla.redhat.com/show_bug.cgi?id=1954025, we can't assume that we can use any individual path before multipathd unifies them. This means that it's not correct to turn it on from the second boot onwards only, which is the current approach. So we need to support multipath at first boot, and further, we need to delay all I/O to the boot disk to *after* multipathd takes ownership. This patch does this by introducing a generator and a target. We need to use a target because `After=multipathd.service` is not enough to ensure that multipathd finished setting up the devices. The target explicitly waits for the multipathed boot device to appear. (Note though that we *can't* assume that root is also directly on top of the multipath device because of LUKS-on-root.) This creates an awkward UX, which is that multipath is the only root setup option which is *not* driven by Ignition but instead set up behind its back. This will be somewhat better once Ignition supports kernel arguments, because the `rd.multipath` karg can be fed that way. But long-term, we should consider teaching Ignition to configure multipath devices. This would fix the configuration problem (right now, we only support first-booting with default configs), and would free users from adding the necessary kargs, which would be done by the rootmap code as usual. But still, even in that world, there's a gap where the Ignition config could be on the boot device, in which case multipathd would need to be turned on beforehand. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1954025 --- .../coreos-boot-edit.service | 2 ++ .../coreos-gpt-setup.service | 3 ++ .../coreos-multipath-generator | 30 +++++++++++++++++++ .../coreos-multipath-trigger.service | 19 ++++++++++++ .../coreos-multipath-wait.target | 17 +++++++++++ .../35coreos-multipath/module-setup.sh | 9 ++++++ .../coreos-copy-firstboot-network.service | 3 ++ 7 files changed, 83 insertions(+) create mode 100755 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service index 99a28563c2..b51059f008 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service @@ -14,6 +14,8 @@ Requires=dev-disk-by\x2dlabel-boot.device After=dev-disk-by\x2dlabel-boot.device # Start after Ignition has finished After=ignition-files.service +# As above, this isn't strictly necessary, but on principle. +After=coreos-multipath-wait.target [Service] Type=oneshot diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service index e70c74e38b..b9fad50ce7 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service @@ -19,6 +19,9 @@ After=systemd-udevd.service # unit. Requires=dev-disk-by\x2dlabel-boot.device After=dev-disk-by\x2dlabel-boot.device +# And since the boot device may be on multipath; optionally wait for it to +# appear via the dynamic target. +After=coreos-multipath-wait.target # Run before services that use device nodes, preventing them from racing # with udev activity generated by sgdisk diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator new file mode 100755 index 0000000000..7165620fb1 --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator @@ -0,0 +1,30 @@ +#!/bin/bash + +# Generators don't have logging right now +# https://github.com/systemd/systemd/issues/15638 +exec 1>/dev/kmsg; exec 2>&1 + +command -v getargbool >/dev/null || . /usr/lib/dracut-lib.sh + +set -e + +if is-live-image; then + exit 0 +fi + +UNIT_DIR="${1:-/tmp}" + +add_requires() { + local name="$1"; shift + local target="$1"; shift + local requires_dir="${UNIT_DIR}/${target}.requires" + mkdir -p "${requires_dir}" + ln -sf "../${name}" "${requires_dir}/${name}" +} + +if getargbool 0 rd.multipath; then + add_requires coreos-multipath-wait.target initrd.target + if ! getargbool 0 ignition.firstboot; then + add_requires coreos-multipath-trigger.service initrd.target + fi +fi diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service new file mode 100644 index 0000000000..524dc9140e --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service @@ -0,0 +1,19 @@ +# This unit is needed in the LUKS-on-multipath case on subsequent boots. When +# multipathd takes ownership of the individual paths, the by-uuid/ symlink +# which systemd-cryptsetup@.service binds to gets lost. So we retrigger udev +# here to make sure it's re-added. +# +# This is tracked at: +# https://bugzilla.redhat.com/show_bug.cgi?id=1963242 + +[Unit] +Description=CoreOS Trigger Multipath +DefaultDependencies=false +Requires=coreos-multipath-wait.target +After=coreos-multipath-wait.target +Before=cryptsetup-pre.target + +[Service] +Type=oneshot +ExecStart=/usr/sbin/udevadm trigger --settle --subsystem-match block +RemainAfterExit=yes diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target new file mode 100644 index 0000000000..cf24cd6f57 --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target @@ -0,0 +1,17 @@ +[Unit] +Description=CoreOS Wait For Multipathed Boot +DefaultDependencies=false +Before=dracut-initqueue.service +After=dracut-cmdline.service +Requires=dev-disk-by\x2dlabel-dm\x2dmpath\x2dboot.device +After=dev-disk-by\x2dlabel-dm\x2dmpath\x2dboot.device +Requires=multipathd.service +After=multipathd.service + +# This is already enforced transitively by coreos-gpt-setup.service, but since +# it's an external unit, let's be more explicit and list it directly here too. +Before=ignition-setup-user.service + +# This is already enforced by coreos-multipath-trigger.service, though ideally +# eventually we can get rid of that one and then we *would* need this. +Before=cryptsetup-pre.target diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh index c0257fd066..4ab4bc4006 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh @@ -16,4 +16,13 @@ install() { "/usr/sbin/coreos-propagate-multipath-conf" install_ignition_unit coreos-propagate-multipath-conf.service subsequent + + inst_simple "$moddir/coreos-multipath-generator" \ + "$systemdutildir/system-generators/coreos-multipath-generator" + + # we don't enable these; they're enabled dynamically via the generator + inst_simple "$moddir/coreos-multipath-wait.target" \ + "$systemdsystemunitdir/coreos-multipath-wait.target" + inst_simple "$moddir/coreos-multipath-trigger.service" \ + "$systemdsystemunitdir/coreos-multipath-trigger.service" } diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service index 0a78add956..e2b8588506 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service @@ -40,6 +40,9 @@ After=coreos-gpt-setup.service # Since we are mounting /boot/, require the device first Requires=dev-disk-by\x2dlabel-boot.device After=dev-disk-by\x2dlabel-boot.device +# And since the boot device may be on multipath; optionally wait for it to +# appear via the dynamic target. +After=coreos-multipath-wait.target # Need to run after coreos-enable-network since it may re-run the NM cmdline # hook which will generate NM configs from the network kargs, but we want to # have precedence. From 4664e64f1e5a44d427c37e0010e79b09953c622f Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 13 May 2021 11:13:11 -0400 Subject: [PATCH 256/489] coreos-gpt-setup: add support for multipath `lsblk` doesn't know how to query the `PKNAME` and `PTUUID` on multipath devices, so handle that case. --- .../35coreos-ignition/coreos-gpt-setup.sh | 28 ++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh index dd62209d48..ee2fc4f4c0 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh @@ -6,17 +6,25 @@ set -euo pipefail UNINITIALIZED_GUID='00000000-0000-4000-a000-000000000001' -# On RHEL 8 the version of lsblk doesn't have PTUUID. Let's detect -# if lsblk supports it. In the future we can remove the 'if' and -# just use the 'else'. -if ! lsblk --help | grep -q PTUUID; then - # Get the PKNAME - eval $(lsblk --output PKNAME --pairs --paths --nodeps "$1") - # Get the PTUUID - eval $(blkid -o export $PKNAME) +# If it's on multipath, get the parent device from udev properties. +DM_MPATH=$(eval $(udevadm info --query property --export "$1") && echo "${DM_MPATH:-}") + +if [ -n "${DM_MPATH:-}" ]; then + PKNAME=/dev/mapper/$DM_MPATH + PTUUID=$(eval $(udevadm info --query property --export "$PKNAME") && echo "${ID_PART_TABLE_UUID:-}") else - # PTUUID is the disk guid, PKNAME is the parent kernel name - eval $(lsblk --output PTUUID,PKNAME --pairs --paths --nodeps "$1") + # On RHEL 8 the version of lsblk doesn't have PTUUID. Let's detect + # if lsblk supports it. In the future we can remove the 'if' and + # just use the 'else'. + if ! lsblk --help | grep -q PTUUID; then + # Get the PKNAME + eval $(lsblk --output PKNAME --pairs --paths --nodeps "$1") + # Get the PTUUID + eval $(blkid -o export $PKNAME) + else + # PTUUID is the disk guid, PKNAME is the parent kernel name + eval $(lsblk --output PTUUID,PKNAME --pairs --paths --nodeps "$1") + fi fi # Skip in the following two cases: From 8796041ac8284818edb3b8d42fece5f2e0f7fdca Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 13 May 2021 11:14:56 -0400 Subject: [PATCH 257/489] ignition-ostree-growfs: add support for multipath We need special handling here to grow multipathed devices. The `sfdisk` line is the same as was added in #392. --- .../40ignition-ostree/ignition-ostree-growfs.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh index 9b629b0194..2dfaf13d00 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh @@ -68,9 +68,16 @@ while true; do MAJMIN=$(echo $(lsblk -dno MAJ:MIN "${NAME}")) case "${TYPE}" in part) - partnum=$(cat "/sys/dev/block/${MAJMIN}/partition") - # XXX: ideally this'd be idempotent and we wouldn't `|| :` - growpart "${PKNAME}" "${partnum}" || : + eval $(udevadm info --query property --export "${current_blkdev}" | grep ^DM_ || :) + if [ -n "${DM_MPATH:-}" ]; then + # Since growpart does not understand device mapper, we have to use sfdisk. + echo ", +" | sfdisk --no-reread --no-tell-kernel --force -N "${DM_PART}" "/dev/mapper/${DM_MPATH}" + udevadm settle # Wait for udev-triggered kpartx to update mappings + else + partnum=$(cat "/sys/dev/block/${MAJMIN}/partition") + # XXX: ideally this'd be idempotent and we wouldn't `|| :` + growpart "${PKNAME}" "${partnum}" || : + fi ;; crypt) # XXX: yuck... we need to expose this sanely in clevis From 0d85ee2d942409410e7f88dfeeafb23dba9aa46e Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 21 May 2021 13:41:44 -0400 Subject: [PATCH 258/489] udev/90-coreos-device-mapper: ignore DM_ACTIVATION We shouldn't conditionalize on `DM_ACTIVATION` here. It's used by device mapper to differentiate between different types of events, but it doesn't mean the device isn't active. For example, in a multipath "reload" event, `DM_ACTIVATION` will be 0, and the symlinks shouldn't flicker through this. This fixes udev CHANGE events (e.g. from a partition table reread) sometimes causing our multipath symlinks to go away even if the multipath devices themselves are completely fine. See: https://sourceware.org/git/?p=lvm2.git;a=blob;f=udev/10-dm.rules.in;h=b4fa52ab766effb04fc198fd52e6181ad5758eef;hb=HEAD#l91 See: https://github.com/opensvc/multipath-tools/blob/23a01fa679481ff1144139222fbd2c4c863b78f8/multipath/11-dm-mpath.rules#L49 --- .../05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules | 1 - 1 file changed, 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules b/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules index e2413c3746..385f262437 100644 --- a/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules +++ b/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules @@ -6,7 +6,6 @@ SUBSYSTEM!="block", GOTO="dm_label_end" KERNEL!="dm-*", GOTO="dm_label_end" # Ensure that the device mapper target is active -ENV{DM_ACTIVATION}!="1", GOTO="dm_label_end" ENV{DM_SUSPENDED}=="1", GOTO="dm_label_end" # Only act on filesystems. This should prevent layered devices From 35b1a3a445fc9b8dda051265db33d1d2508eff99 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 27 May 2021 09:42:46 -0400 Subject: [PATCH 259/489] ci: abbreviate testiso directory and artifacts By design, `kola testiso` exercises the metal path. So adding "metal" to the filenames of things is redundant. --- .cci.jenkinsfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index 5e7f1a6c29..ff9ab8578f 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -38,10 +38,10 @@ cosaPod { stage("Test ISO") { shwrap("cd /srv/fcos && cosa buildextend-live") try { - shwrap("cd /srv/fcos && kola testiso -S --scenarios pxe-install,pxe-offline-install,iso-install,iso-offline-install --output-dir tmp/kola-testiso-metal") + shwrap("cd /srv/fcos && kola testiso -S --scenarios pxe-install,pxe-offline-install,iso-install,iso-offline-install --output-dir tmp/kola-testiso") } finally { - shwrap("cd /srv/fcos && tar -cf - tmp/kola-testiso-metal/ | xz -c9 > ${env.WORKSPACE}/kola-testiso-metal.tar.xz") - archiveArtifacts allowEmptyArchive: true, artifacts: 'kola-testiso-metal.tar.xz' + shwrap("cd /srv/fcos && tar -cf - tmp/kola-testiso/ | xz -c9 > ${env.WORKSPACE}/kola-testiso.tar.xz") + archiveArtifacts allowEmptyArchive: true, artifacts: 'kola-testiso.tar.xz' } } From cf0e29e14f708d4cc401a3d01411f4b05d82474c Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 27 May 2021 09:44:19 -0400 Subject: [PATCH 260/489] ci: run iso-offline-install using --qemu-multipath This exercises the new support for multipath on firstboot: https://github.com/coreos/fedora-coreos-config/pull/1011 --- .cci.jenkinsfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index ff9ab8578f..0c5ffc4eac 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -38,9 +38,10 @@ cosaPod { stage("Test ISO") { shwrap("cd /srv/fcos && cosa buildextend-live") try { - shwrap("cd /srv/fcos && kola testiso -S --scenarios pxe-install,pxe-offline-install,iso-install,iso-offline-install --output-dir tmp/kola-testiso") + shwrap("cd /srv/fcos && kola testiso -S --scenarios pxe-install,pxe-offline-install,iso-install --output-dir tmp/kola-testiso") + shwrap("cd /srv/fcos && kola testiso -S --scenarios iso-offline-install --qemu-multipath --output-dir tmp/kola-testiso-mpath") } finally { - shwrap("cd /srv/fcos && tar -cf - tmp/kola-testiso/ | xz -c9 > ${env.WORKSPACE}/kola-testiso.tar.xz") + shwrap("cd /srv/fcos && tar -cf - tmp/kola-testiso/ tmp/kola-testiso-mpath/ | xz -c9 > ${env.WORKSPACE}/kola-testiso.tar.xz") archiveArtifacts allowEmptyArchive: true, artifacts: 'kola-testiso.tar.xz' } } From 1a7a533e473f620fcdcc43880a47d47c5406c696 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 27 May 2021 21:21:44 +0000 Subject: [PATCH 261/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/311/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index bdf37a8b15..1c7753f6f0 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -403,7 +403,7 @@ "evra": "3.23-4.fc34.x86_64" }, "ignition": { - "evra": "2.10.1-1.fc34.x86_64" + "evra": "2.10.1-3.fc34.x86_64" }, "inih": { "evra": "49-3.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-26T20:53:30Z", + "generated": "2021-05-27T20:55:03Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-25T01:53:18Z" + "generated": "2021-05-27T14:45:44Z" }, "fedora-updates": { - "generated": "2021-05-26T00:54:05Z" + "generated": "2021-05-27T00:27:13Z" } } } From 289534726678ba9ad8db572d599bb44ba0e94618 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 28 May 2021 21:19:18 +0000 Subject: [PATCH 262/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/312/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 1c7753f6f0..6f6aafb693 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -178,7 +178,7 @@ "evra": "1:2.3.3op2-7.fc34.x86_64" }, "curl": { - "evra": "7.76.1-2.fc34.x86_64" + "evra": "7.76.1-3.fc34.x86_64" }, "cyrus-sasl-gssapi": { "evra": "2.1.27-8.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.12.6-300.fc34.x86_64" + "evra": "5.12.7-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.12.6-300.fc34.x86_64" + "evra": "5.12.7-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.12.6-300.fc34.x86_64" + "evra": "5.12.7-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -481,10 +481,10 @@ "evra": "1.6.1-2.fc34.x86_64" }, "kmod": { - "evra": "28-2.fc34.x86_64" + "evra": "29-2.fc34.x86_64" }, "kmod-libs": { - "evra": "28-2.fc34.x86_64" + "evra": "29-2.fc34.x86_64" }, "kpartx": { "evra": "0.8.5-4.fc34.x86_64" @@ -541,7 +541,7 @@ "evra": "1.45.6-5.fc34.x86_64" }, "libcurl": { - "evra": "7.76.1-2.fc34.x86_64" + "evra": "7.76.1-3.fc34.x86_64" }, "libdaemon": { "evra": "0.14-21.fc34.x86_64" @@ -556,7 +556,7 @@ "evra": "0.3.8-5.fc34.x86_64" }, "libedit": { - "evra": "3.1-36.20210419cvs.fc34.x86_64" + "evra": "3.1-37.20210522cvs.fc34.x86_64" }, "libevent": { "evra": "2.1.12-3.fc34.x86_64" @@ -589,7 +589,7 @@ "evra": "236-1.fc34.x86_64" }, "libgusb": { - "evra": "0.3.6-1.fc34.x86_64" + "evra": "0.3.7-1.fc34.x86_64" }, "libibverbs": { "evra": "35.0-1.fc34.x86_64" @@ -694,7 +694,7 @@ "evra": "1.14.0-1.fc34.x86_64" }, "libreport-filesystem": { - "evra": "2.14.0-17.fc34.noarch" + "evra": "2.15.1-1.fc34.noarch" }, "libseccomp": { "evra": "2.5.0-4.fc34.x86_64" @@ -808,7 +808,7 @@ "evra": "2.9.12-2.fc34.x86_64" }, "libxmlb": { - "evra": "0.3.0-1.fc34.x86_64" + "evra": "0.3.2-1.fc34.x86_64" }, "libyaml": { "evra": "0.2.5-5.fc34.x86_64" @@ -868,7 +868,7 @@ "evra": "78.10.0-1.fc34.x86_64" }, "mpfr": { - "evra": "4.1.0-6.fc34.x86_64" + "evra": "4.1.0-7.fc34.x86_64" }, "ncurses": { "evra": "6.2-4.20200222.fc34.x86_64" @@ -1042,10 +1042,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.7-1.fc34.noarch" + "evra": "34.8-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.7-1.fc34.noarch" + "evra": "34.8-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1193,7 +1193,7 @@ } }, "metadata": { - "generated": "2021-05-27T20:55:03Z", + "generated": "2021-05-28T20:53:48Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1202,7 +1202,7 @@ "generated": "2021-05-27T14:45:44Z" }, "fedora-updates": { - "generated": "2021-05-27T00:27:13Z" + "generated": "2021-05-28T00:52:10Z" } } } From adb618327f29f113214a7769186fcb681b11186d Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 29 May 2021 21:19:40 +0000 Subject: [PATCH 263/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/313/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 6f6aafb693..1a43545b8b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1180,7 +1180,7 @@ "evra": "2.1.0-16.fc34.x86_64" }, "zchunk-libs": { - "evra": "1.1.11-1.fc34.x86_64" + "evra": "1.1.14-1.fc34.x86_64" }, "zincati": { "evra": "0.0.21-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-28T20:53:48Z", + "generated": "2021-05-29T20:53:20Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-27T14:45:44Z" + "generated": "2021-05-28T21:27:46Z" }, "fedora-updates": { - "generated": "2021-05-28T00:52:10Z" + "generated": "2021-05-29T00:50:08Z" } } } From e377a1b82a4452cd686ea1cd097d1c59beb9c12b Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 2 Jun 2021 02:57:09 -0500 Subject: [PATCH 264/489] overrides: drop graduated overrides --- manifest-lock.overrides.yaml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 3548cf3136..73b05dbca8 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -5,20 +5,6 @@ packages: evr: 053-5.fc34 dracut-network: evr: 053-5.fc34 - # Fast-track crun-0.19.1-3.fc34 It was erroneously downgraded in Fedora. - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-316efff8f2 - crun: - evr: 0.19.1-3.fc34 - # Fast-track new coreos-installer release - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-46c72bed26 - coreos-installer: - evr: 0.9.1-1.fc34 - coreos-installer-bootinfra: - evr: 0.9.1-1.fc34 - # For CVE-2021-30465 (symlink exchange attack) - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-0440f235a0 - runc: - evr: 2:1.0.0-378.rc95.fc34 # For firstboot multipath # https://bodhi.fedoraproject.org/updates/FEDORA-2021-123bd6e0dc ignition: From 826658a13a2eb9dfce9fba4af2dce20d4acb2055 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 2 Jun 2021 09:44:10 -0400 Subject: [PATCH 265/489] tests/kdump: New kdump test We should have done this from the very start. I hit a few issues here: - Docs are missing the requirement for a `root` karg - cosa needs patching to ignore the crash on the console --- tests/kola/kdump/test.sh | 50 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100755 tests/kola/kdump/test.sh diff --git a/tests/kola/kdump/test.sh b/tests/kola/kdump/test.sh new file mode 100755 index 0000000000..6f46278580 --- /dev/null +++ b/tests/kola/kdump/test.sh @@ -0,0 +1,50 @@ +#!/bin/bash +set -xeuo pipefail +# https://docs.fedoraproject.org/en-US/fedora-coreos/debugging-kernel-crashes/ +# kola: {"minMemory": 4096, "tags": "skip-base-checks"} + +fatal() { + echo "$@" >&2 + exit 1 +} + +case "${AUTOPKGTEST_REBOOT_MARK:-}" in + "") + rhelver=$(. /etc/os-release && echo ${RHEL_VERSION:-}) + if test -n "${rhelver}"; then + rhelminor=$(echo "${rhelver}" | cut -f 2 -d '.') + if test '!' -w /boot && test "${rhelminor}" -lt "5"; then + mkdir -p /etc/systemd/system/kdump.service.d + cat > /etc/systemd/system/kdump.service.d/rw.conf << 'EOF' +[Service] +ExecStartPre=mount -o remount,rw /boot +EOF + fi + fi + rpm-ostree kargs --append='crashkernel=300M' + systemctl enable kdump.service + /tmp/autopkgtest-reboot setcrashkernel + ;; + setcrashkernel) + /tmp/autopkgtest-reboot-prepare aftercrash + echo "Triggering sysrq" + sync + echo 1 > /proc/sys/kernel/sysrq + # This one will trigger kdump, which will write the kernel core, then reboot. + echo c > /proc/sysrq-trigger + # We shouldn't reach this point + sleep 5 + fatal "failed to invoke sysrq" + ;; + aftercrash) + kcore=$(find /var/crash -type f -name vmcore) + if test -z "${kcore}"; then + fatal "No kcore found in /var/crash" + fi + info=$(file ${kcore}) + if ! [[ "${info}" =~ 'vmcore: Kdump'.*'system Linux' ]]; then + fatal "vmcore does not appear to be a Kdump?" + fi + ;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; +esac From 5e71732655611384d77c150cd9bf4bde5bf1a2b6 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sun, 6 Jun 2021 14:32:13 -0400 Subject: [PATCH 266/489] overrides: freeze on selinux-policy-34.8-1.fc34 The new one causes issues and has taken too long to get a fix. https://github.com/coreos/fedora-coreos-tracker/issues/850 Let's unblock the lockfile bumper. --- manifest-lock.overrides.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 73b05dbca8..50fe1498fa 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -5,6 +5,12 @@ packages: evr: 053-5.fc34 dracut-network: evr: 053-5.fc34 + # Freeze selinux-policy so we can unblock bumping lockfiles + # https://github.com/coreos/fedora-coreos-tracker/issues/850 + selinux-policy: + evra: 34.8-1.fc34.noarch + selinux-policy-targeted: + evra: 34.8-1.fc34.noarch # For firstboot multipath # https://bodhi.fedoraproject.org/updates/FEDORA-2021-123bd6e0dc ignition: From 025c1248e2b18c71e29b9c54d18b138c2b38e526 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sun, 6 Jun 2021 14:33:14 -0400 Subject: [PATCH 267/489] bump lockfile with latest rpm content This allows us to skip a cycle and get the content faster than waiting on the bot to do it. --- manifest-lock.x86_64.json | 54 +++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 1a43545b8b..005c927bb0 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -127,7 +127,7 @@ "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.162.1-3.fc34.noarch" + "evra": "2:2.162.2-1.fc34.noarch" }, "containerd": { "evra": "1.5.0~rc.1-1.fc34.x86_64" @@ -169,10 +169,10 @@ "evra": "20210213-1.git5c710c0.fc34.noarch" }, "cryptsetup": { - "evra": "2.3.5-2.fc34.x86_64" + "evra": "2.3.6-1.fc34.x86_64" }, "cryptsetup-libs": { - "evra": "2.3.5-2.fc34.x86_64" + "evra": "2.3.6-1.fc34.x86_64" }, "cups-libs": { "evra": "1:2.3.3op2-7.fc34.x86_64" @@ -250,13 +250,13 @@ "evra": "37-15.fc34.x86_64" }, "elfutils-default-yama-scope": { - "evra": "0.183-1.fc34.noarch" + "evra": "0.185-2.fc34.noarch" }, "elfutils-libelf": { - "evra": "0.183-1.fc34.x86_64" + "evra": "0.185-2.fc34.x86_64" }, "elfutils-libs": { - "evra": "0.183-1.fc34.x86_64" + "evra": "0.185-2.fc34.x86_64" }, "ethtool": { "evra": "2:5.12-1.fc34.x86_64" @@ -304,7 +304,7 @@ "evra": "1:4.8.0-2.fc34.x86_64" }, "firewalld-filesystem": { - "evra": "0.9.3-2.fc34.noarch" + "evra": "0.9.3-3.fc34.noarch" }, "flatpak-session-helper": { "evra": "1.10.2-3.fc34.x86_64" @@ -355,13 +355,13 @@ "evra": "2.68.2-1.fc34.x86_64" }, "glibc": { - "evra": "2.33-8.fc34.x86_64" + "evra": "2.33-14.fc34.x86_64" }, "glibc-common": { - "evra": "2.33-8.fc34.x86_64" + "evra": "2.33-14.fc34.x86_64" }, "glibc-minimal-langpack": { - "evra": "2.33-8.fc34.x86_64" + "evra": "2.33-14.fc34.x86_64" }, "gmp": { "evra": "1:6.2.0-6.fc34.x86_64" @@ -370,7 +370,7 @@ "evra": "2.2.27-4.fc34.x86_64" }, "gnutls": { - "evra": "3.7.1-2.fc34.x86_64" + "evra": "3.7.2-1.fc34.x86_64" }, "gpgme": { "evra": "1.15.1-2.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.12.7-300.fc34.x86_64" + "evra": "5.12.8-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.12.7-300.fc34.x86_64" + "evra": "5.12.8-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.12.7-300.fc34.x86_64" + "evra": "5.12.8-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -574,13 +574,13 @@ "evra": "1.4-4.fc34.x86_64" }, "libgcc": { - "evra": "11.1.1-1.fc34.x86_64" + "evra": "11.1.1-3.fc34.x86_64" }, "libgcrypt": { "evra": "1.9.3-2.fc34.x86_64" }, "libgomp": { - "evra": "11.1.1-1.fc34.x86_64" + "evra": "11.1.1-3.fc34.x86_64" }, "libgpg-error": { "evra": "1.42-1.fc34.x86_64" @@ -751,7 +751,7 @@ "evra": "2.5.0-2.fc34.x86_64" }, "libstdc++": { - "evra": "11.1.1-1.fc34.x86_64" + "evra": "11.1.1-3.fc34.x86_64" }, "libtalloc": { "evra": "2.3.2-2.fc34.x86_64" @@ -805,7 +805,7 @@ "evra": "4.4.20-2.fc34.x86_64" }, "libxml2": { - "evra": "2.9.12-2.fc34.x86_64" + "evra": "2.9.12-4.fc34.x86_64" }, "libxmlb": { "evra": "0.3.2-1.fc34.x86_64" @@ -913,13 +913,13 @@ "evra": "2.4.57-3.fc34.x86_64" }, "openssh": { - "evra": "8.5p1-2.fc34.x86_64" + "evra": "8.6p1-3.fc34.x86_64" }, "openssh-clients": { - "evra": "8.5p1-2.fc34.x86_64" + "evra": "8.6p1-3.fc34.x86_64" }, "openssh-server": { - "evra": "8.5p1-2.fc34.x86_64" + "evra": "8.6p1-3.fc34.x86_64" }, "openssl": { "evra": "1:1.1.1k-1.fc34.x86_64" @@ -1066,7 +1066,7 @@ "evra": "15.4-4.x86_64" }, "skopeo": { - "evra": "1:1.2.3-1.fc34.x86_64" + "evra": "1:1.3.0-1.fc34.x86_64" }, "slang": { "evra": "2.3.2-9.fc34.x86_64" @@ -1144,7 +1144,7 @@ "evra": "0.0.99.1-1.fc34.x86_64" }, "tpm2-tools": { - "evra": "5.0-2.fc34.x86_64" + "evra": "5.1-1.fc34.x86_64" }, "tpm2-tss": { "evra": "3.1.0-1.fc34.x86_64" @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2879-1.fc34.x86_64" + "evra": "2:8.2.2932-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-05-29T20:53:20Z", + "generated": "2021-06-06T18:29:13Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-28T21:27:46Z" + "generated": "2021-05-29T21:25:40Z" }, "fedora-updates": { - "generated": "2021-05-29T00:50:08Z" + "generated": "2021-06-06T00:48:39Z" } } } From dac777a1f4172c980bc97c17c8b4d9263825361f Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 7 Jun 2021 18:15:54 +0000 Subject: [PATCH 268/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/323/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 005c927bb0..983baa90b3 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -865,7 +865,7 @@ "evra": "2:0.4.0-4.fc34.x86_64" }, "mozjs78": { - "evra": "78.10.0-1.fc34.x86_64" + "evra": "78.11.0-1.fc34.x86_64" }, "mpfr": { "evra": "4.1.0-7.fc34.x86_64" @@ -979,10 +979,10 @@ "evra": "3.2-1.fc34.x86_64" }, "polkit": { - "evra": "0.117-3.fc34.x86_64" + "evra": "0.117-3.fc34.1.x86_64" }, "polkit-libs": { - "evra": "0.117-3.fc34.x86_64" + "evra": "0.117-3.fc34.1.x86_64" }, "polkit-pkla-compat": { "evra": "0.1-19.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-06T18:29:13Z", + "generated": "2021-06-07T17:34:27Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-05-29T21:25:40Z" + "generated": "2021-06-07T13:18:30Z" }, "fedora-updates": { - "generated": "2021-06-06T00:48:39Z" + "generated": "2021-06-07T01:11:58Z" } } } From 12281740c215db9b08713de8301c9c958175e923 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 7 Jun 2021 13:20:26 -0400 Subject: [PATCH 269/489] overrides: fast-track selinux-policy-34.10-1.fc34 Closes: https://github.com/coreos/fedora-coreos-tracker/issues/850 --- manifest-lock.overrides.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 50fe1498fa..5ef8ed5d0a 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -5,13 +5,13 @@ packages: evr: 053-5.fc34 dracut-network: evr: 053-5.fc34 - # Freeze selinux-policy so we can unblock bumping lockfiles - # https://github.com/coreos/fedora-coreos-tracker/issues/850 - selinux-policy: - evra: 34.8-1.fc34.noarch - selinux-policy-targeted: - evra: 34.8-1.fc34.noarch - # For firstboot multipath + # Fast-track for firstboot multipath # https://bodhi.fedoraproject.org/updates/FEDORA-2021-123bd6e0dc ignition: evr: 2.10.1-3.fc34 + # Fast-track for https://github.com/coreos/fedora-coreos-tracker/issues/850 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-f014ca8326 + selinux-policy: + evra: 34.10-1.fc34.noarch + selinux-policy-targeted: + evra: 34.10-1.fc34.noarch From 2020aa459a0effa4dd1bff1b32b2734826cbe4c7 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 7 Jun 2021 11:16:47 -0400 Subject: [PATCH 270/489] overlay: initramfs teardown: delete compat code for hostname propagation Everything is now newer than the minimimum requirement of NetworkManager 1.26.0. --- .../coreos-teardown-initramfs.sh | 37 ------------------- 1 file changed, 37 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh index 8bcac9e3c9..c64d4b846f 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh @@ -106,43 +106,6 @@ propagate_initramfs_hostname() { return 0 fi - # COMPAT: keep two code paths, one for older NetworkManager and - # one for newer NetworkManager that supports writing to - # /run/NetworkManager/initrd/hostname. We can delete this - # block once RHCOS and FCOS minimum NM version is >= 1.26.0 - # See https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/ff70adf - barrierversion='1.26.0' - nmversion=$(/usr/sbin/NetworkManager --version) - sorted=$((echo $barrierversion; echo $nmversion) | sort -V | tail -n 1) - if [ $sorted == $barrierversion ]; then - # The version of NM on the system is older than we need - # execute compat code in this block. - echo "info: NM version is older than $barrierversion. Executing compat code path." - - # Detect if any hostname was provided via static ip= kargs - # run in a subshell so we don't pollute our environment - hostnamefile=$(mktemp) - ( - last_nonempty_hostname='' - # Inspired from ifup.sh from the 40network dracut module. Note that - # $hostname from ip_to_var will only be nonempty for static networking. - for iparg in $(dracut_func getargs ip=); do - dracut_func ip_to_var $iparg - [ -n "${hostname:-}" ] && last_nonempty_hostname="$hostname" - done - echo -n "$last_nonempty_hostname" > $hostnamefile - ) - hostname=$(<$hostnamefile); rm $hostnamefile - if [ -n "$hostname" ]; then - echo "info: propagating initramfs hostname (${hostname}) to the real root" - echo $hostname > /sysroot/etc/hostname - coreos-relabel /etc/hostname - else - echo "info: no initramfs hostname information to propagate" - fi - return 0 - fi - # If any hostname was provided NetworkManager will write it out to # /run/NetworkManager/initrd/hostname. See # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/481 From 0488b7aef824dc0feb1d4b494f8435a2619fc6bd Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 7 Jun 2021 11:49:27 -0400 Subject: [PATCH 271/489] overlay: initramfs teardown: add support for coreos.force_persist_ip karg This karg will override the check to see if Networking Configuration is in the real root (i.e. written by Ignition most likely) and force propagation of initramfs networking anyway. It should only be used in cases where you know exactly what you are doing. For example, in the problem described in https://bugzilla.redhat.com/show_bug.cgi?id=1958930 the networking configs didn't conflict at all, thus this could be used safely. This option will help users who get stuck like they were in that bug to get unstuck easily and then change their strategy later. Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/853 --- .../coreos-teardown-initramfs.sh | 25 ++++++++++++++++--- tests/manual/coreos-network-testing.sh | 11 ++++++++ 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh index c64d4b846f..8fea202022 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh @@ -70,14 +70,33 @@ are_default_NM_configs() { # # See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721173 propagate_initramfs_networking() { - # Check the two locations where a user could have provided network configuration - # On FCOS we only support keyfiles, but on RHCOS we support keyfiles and ifcfg + # Check for any real root config in the two locations where a user could have + # provided network configuration. On FCOS we only support keyfiles, but on RHCOS + # we support keyfiles and ifcfg if [ -n "$(ls -A /sysroot/etc/NetworkManager/system-connections/)" -o \ -n "$(ls -A /sysroot/etc/sysconfig/network-scripts/)" ]; then echo "info: networking config is defined in the real root" - echo "info: will not attempt to propagate initramfs networking" + realrootconfig=1 else echo "info: no networking config is defined in the real root" + realrootconfig=0 + fi + + # Did the user tell us to force initramfs networking config + # propagation even if real root networking config exists? + # Hopefully we only need this in rare circumstances. + # https://github.com/coreos/fedora-coreos-tracker/issues/853 + forcepropagate=0 + if dracut_func getargbool 0 'coreos.force_persist_ip'; then + forcepropagate=1 + echo "info: coreos.force_persist_ip detected: will force network config propagation" + fi + + if [ $realrootconfig == 1 -a $forcepropagate == 0 ]; then + echo "info: will not attempt to propagate initramfs networking" + fi + + if [ $realrootconfig == 0 -o $forcepropagate == 1 ]; then if [ -n "$(ls -A /run/NetworkManager/system-connections/)" ]; then if are_default_NM_configs; then echo "info: skipping propagation of default networking configs" diff --git a/tests/manual/coreos-network-testing.sh b/tests/manual/coreos-network-testing.sh index 2ebbdd5fea..1110b9efac 100755 --- a/tests/manual/coreos-network-testing.sh +++ b/tests/manual/coreos-network-testing.sh @@ -607,6 +607,17 @@ EOF check_vm 'dhcp' 2 0 $ip $nic0 'n/a' $nameserverdhcp $sshkeyfile destroy_vm + # Do a `coreos.force_persist_ip` check. In this case we won't pass any networking + # configuration via Ignition either, so we'll just end up with DHCP and a + # static hostname that is unset (`n/a`). + echo -e "\n###### Testing coreos.force_persist_ip forces initramfs propagation\n" + create_ignition_file "$fcct_static_nic0" $ignitionfile + start_vm $qcow $ignitionfile $kernel $initramfs "${initramfs_static_bond0} coreos.force_persist_ip" + check_vm 'none' 1 3 $ip bond0 $ignitionhostname $nameserverstatic $sshkeyfile + reboot_vm + check_vm 'none' 1 3 $ip bond0 $ignitionhostname $nameserverstatic $sshkeyfile + destroy_vm + # Do a check for the `nameserver=` initramfs arg. Need to test along with # the $initramfs_dhcp_nic0nic1 because that brings up more than one # interface and is one that doesn't specify the nameserver as part of the From b38d597102cfb832b13427fd41d8584060890770 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 1 Jun 2021 16:13:32 +0200 Subject: [PATCH 272/489] overlay.d/README: Remove duplicated 20platform-chrony entry --- overlay.d/README.md | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/overlay.d/README.md b/overlay.d/README.md index 1784ca51b9..384112faec 100644 --- a/overlay.d/README.md +++ b/overlay.d/README.md @@ -22,14 +22,6 @@ Warning about `/etc/sysconfig`. Disables the Red Hat Linux legacy `ifcfg` format. -20platform-chrony ------------------ - -Add static chrony configuration for NTP servers provided on platforms -such as `azure`, `aws`, `gcp`. The chrony config for these NTP servers -should override other chrony configuration (e.g. DHCP-provided) -configuration. - 15fcos ------ @@ -45,4 +37,7 @@ Things that are more closely "Fedora CoreOS": 20platform-chrony ----------------- -Platform aware timeserver setup for chrony daemon. +Add static chrony configuration for NTP servers provided on platforms +such as `azure`, `aws`, `gcp`. The chrony config for these NTP servers +should override other chrony configuration (e.g. DHCP-provided) +configuration. From 73145e08b856ec59906e2256e200d626eba75097 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 1 Jun 2021 16:13:47 +0200 Subject: [PATCH 273/489] overlay.d/09misc: Fix mode for some files in /etc Fix mode for existing system on bootup via a tmpfiles config. This is a nop for new systems. Workaround for https://github.com/coreos/fedora-coreos-tracker/issues/829 --- .../usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf | 11 +++++++++++ overlay.d/README.md | 3 ++- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf diff --git a/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf b/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf new file mode 100644 index 0000000000..3415d220f6 --- /dev/null +++ b/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf @@ -0,0 +1,11 @@ +# Workaround for https://github.com/coreos/fedora-coreos-tracker/issues/829 +# Fix mode (chmod g-w) for existing files on the system during boot +z /etc/crypto-policies/state/current 644 root root +z /etc/group 644 root root +z /etc/group- 644 root root +z /etc/iscsi/initiatorname.iscsi 644 root root +z /etc/passwd 644 root root +z /etc/passwd- 644 root root +z /etc/selinux/config 644 root root +z /etc/ssh/sshd_config.d/40-disable-passwords.conf 644 root root +z /etc/systemd/dont-synthesize-nobody 644 root root diff --git a/overlay.d/README.md b/overlay.d/README.md index 384112faec..0dbe9031a1 100644 --- a/overlay.d/README.md +++ b/overlay.d/README.md @@ -15,7 +15,8 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1700056 09misc ------ -Warning about `/etc/sysconfig`. +* Warning about `/etc/sysconfig`. +* Temporary systemd-tpmfiles.d config to fix ownership and permissions in /etc 14NetworkManager-plugins ------------------------ From 5633091c05d5e559d109c5720ecb776f324059ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Wed, 12 May 2021 13:57:42 +0200 Subject: [PATCH 274/489] tests/misc-ro: Check mode for files in /etc - Do not allow others or group writable files in /etc - Extended ownership (root:root) & mode (644) checks for /etc/{passwd,group} Test for https://github.com/coreos/fedora-coreos-tracker/issues/829 --- tests/kola/misc-ro | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index b30542d356..06694f682b 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -155,3 +155,18 @@ fi if [[ $sys_fs_cgroup_source != cgroup2 ]]; then fatal "/sys/fs/cgroup is not cgroup2" fi + +for perms in 'o+w' 'g+w'; do + list="$(find /etc -type f -perm /${perms})" + if [[ -n "${list}" ]]; then + fatal "found files with ${perms}:\n${list}" + fi +done +ok "no files with o+w or g+w found in /etc" + +for f in '/etc/passwd' '/etc/group'; do + if [[ $(stat --format="%a %u %g" "${f}") != "644 0 0" ]]; then + fatal "found incorrect permissions for ${f}" + fi +done +ok "correct ownership and mode on /etc/passwd & /etc/group" From a2303045cca4f310b11c4cca6b5558cfc806d6f6 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 10 Jun 2021 14:43:58 +0000 Subject: [PATCH 275/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/325/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 44 +++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 983baa90b3..0810bc3be0 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -52,13 +52,13 @@ "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.16.15-1.fc34.x86_64" + "evra": "32:9.16.16-1.fc34.x86_64" }, "bind-license": { - "evra": "32:9.16.15-1.fc34.noarch" + "evra": "32:9.16.16-1.fc34.noarch" }, "bind-utils": { - "evra": "32:9.16.15-1.fc34.x86_64" + "evra": "32:9.16.16-1.fc34.x86_64" }, "bootupd": { "evra": "0.2.5-3.fc34.x86_64" @@ -178,7 +178,7 @@ "evra": "1:2.3.3op2-7.fc34.x86_64" }, "curl": { - "evra": "7.76.1-3.fc34.x86_64" + "evra": "7.76.1-4.fc34.x86_64" }, "cyrus-sasl-gssapi": { "evra": "2.1.27-8.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.12.8-300.fc34.x86_64" + "evra": "5.12.9-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.12.8-300.fc34.x86_64" + "evra": "5.12.9-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.12.8-300.fc34.x86_64" + "evra": "5.12.9-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -541,7 +541,7 @@ "evra": "1.45.6-5.fc34.x86_64" }, "libcurl": { - "evra": "7.76.1-3.fc34.x86_64" + "evra": "7.76.1-4.fc34.x86_64" }, "libdaemon": { "evra": "0.14-21.fc34.x86_64" @@ -694,7 +694,7 @@ "evra": "1.14.0-1.fc34.x86_64" }, "libreport-filesystem": { - "evra": "2.15.1-1.fc34.noarch" + "evra": "2.15.2-2.fc34.noarch" }, "libseccomp": { "evra": "2.5.0-4.fc34.x86_64" @@ -721,7 +721,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "libsmbclient": { - "evra": "2:4.14.4-0.fc34.x86_64" + "evra": "2:4.14.5-0.fc34.x86_64" }, "libsmbios": { "evra": "2.4.3-2.fc34.x86_64" @@ -799,7 +799,7 @@ "evra": "0.3.2-1.fc34.x86_64" }, "libwbclient": { - "evra": "2:4.14.4-0.fc34.x86_64" + "evra": "2:4.14.5-0.fc34.x86_64" }, "libxcrypt": { "evra": "4.4.20-2.fc34.x86_64" @@ -856,7 +856,7 @@ "evra": "4.1-7.fc34.x86_64" }, "microcode_ctl": { - "evra": "2:2.1-45.fc34.x86_64" + "evra": "2:2.1-46.fc34.x86_64" }, "moby-engine": { "evra": "20.10.6-1.fc34.x86_64" @@ -1030,22 +1030,22 @@ "evra": "2:1.0.0-378.rc95.fc34.x86_64" }, "samba-client-libs": { - "evra": "2:4.14.4-0.fc34.x86_64" + "evra": "2:4.14.5-0.fc34.x86_64" }, "samba-common": { - "evra": "2:4.14.4-0.fc34.noarch" + "evra": "2:4.14.5-0.fc34.noarch" }, "samba-common-libs": { - "evra": "2:4.14.4-0.fc34.x86_64" + "evra": "2:4.14.5-0.fc34.x86_64" }, "sed": { "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.8-1.fc34.noarch" + "evra": "34.10-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.8-1.fc34.noarch" + "evra": "34.10-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2932-1.fc34.x86_64" + "evra": "2:8.2.2956-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1180,7 +1180,7 @@ "evra": "2.1.0-16.fc34.x86_64" }, "zchunk-libs": { - "evra": "1.1.14-1.fc34.x86_64" + "evra": "1.1.15-1.fc34.x86_64" }, "zincati": { "evra": "0.0.21-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-07T17:34:27Z", + "generated": "2021-06-10T14:09:30Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-07T13:18:30Z" + "generated": "2021-06-07T21:49:00Z" }, "fedora-updates": { - "generated": "2021-06-07T01:11:58Z" + "generated": "2021-06-10T00:55:40Z" } } } From f902bb033159b70e7dc7e9652ce13090d308b966 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 10 Jun 2021 13:26:20 -0400 Subject: [PATCH 276/489] overrides: fast-track selinux-policy-34.11-1.fc34 See https://github.com/coreos/fedora-coreos-tracker/issues/850#issuecomment-856736597 --- manifest-lock.overrides.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 5ef8ed5d0a..3f00ba75fd 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -10,8 +10,8 @@ packages: ignition: evr: 2.10.1-3.fc34 # Fast-track for https://github.com/coreos/fedora-coreos-tracker/issues/850 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-f014ca8326 + # https://bodhi.fedoraproject.org/updates/FEDORA-2021-d8e34dbd6e selinux-policy: - evra: 34.10-1.fc34.noarch + evra: 34.11-1.fc34.noarch selinux-policy-targeted: - evra: 34.10-1.fc34.noarch + evra: 34.11-1.fc34.noarch From 16bd7413e80d4b7c7b807be7dde2ea59a189c5dc Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 10 Jun 2021 21:21:57 +0000 Subject: [PATCH 277/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/326/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 0810bc3be0..71c4704650 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1042,10 +1042,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.10-1.fc34.noarch" + "evra": "34.11-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.10-1.fc34.noarch" + "evra": "34.11-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1193,13 +1193,13 @@ } }, "metadata": { - "generated": "2021-06-10T14:09:30Z", + "generated": "2021-06-10T20:52:43Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-07T21:49:00Z" + "generated": "2021-06-10T18:40:56Z" }, "fedora-updates": { "generated": "2021-06-10T00:55:40Z" From 35b54400b459ab15b04cacc75f19f187d47347a8 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 10 Jun 2021 09:39:44 -0400 Subject: [PATCH 278/489] tests: add test for enabling systemd instance unit --- .../systemd-enable-instance-unit/config.fcc | 14 ++++++++++ .../systemd-enable-instance-unit/test.sh | 27 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 tests/kola/ignition/systemd-enable-instance-unit/config.fcc create mode 100755 tests/kola/ignition/systemd-enable-instance-unit/test.sh diff --git a/tests/kola/ignition/systemd-enable-instance-unit/config.fcc b/tests/kola/ignition/systemd-enable-instance-unit/config.fcc new file mode 100644 index 0000000000..0d39eac884 --- /dev/null +++ b/tests/kola/ignition/systemd-enable-instance-unit/config.fcc @@ -0,0 +1,14 @@ +variant: fcos +version: 1.3.0 +systemd: + units: + - name: echo@.service + contents: | + [Service] + Type=oneshot + ExecStart=/bin/echo %i + RemainAfterExit=yes + [Install] + WantedBy=multi-user.target + - name: echo@foo.service + enabled: true diff --git a/tests/kola/ignition/systemd-enable-instance-unit/test.sh b/tests/kola/ignition/systemd-enable-instance-unit/test.sh new file mode 100755 index 0000000000..6b577df42b --- /dev/null +++ b/tests/kola/ignition/systemd-enable-instance-unit/test.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -xeuo pipefail + +# This test makes sure that ignition is able to enable instance units. +# https://github.com/coreos/ignition/issues/586 +# https://github.com/systemd/systemd/pull/9901 + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +# make sure the presets worked and the instantiated unit is enabled +if [ $(systemctl is-enabled echo@foo.service) != 'enabled' ]; then + fatal "echo@foo.service systemd unit should be enabled" +fi +ok "echo@foo.service systemd unit is enabled" + +# make sure the unit ran and wrote 'foo' to the journal +if [ $(journalctl -o cat -u echo@foo.service | sed -n 2p) != 'foo' ]; then + fatal "echo@foo.service did not write 'foo' to journal" +fi +ok "echo@foo.service ran and wrote 'foo' to the journal" From 18a4c1617924ec7cf61828468ed296b0161adb47 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 10 Jun 2021 16:35:41 -0400 Subject: [PATCH 279/489] tests: limit a few ignition systemd tests to a single platform If they pass once they'll pass everywhere. No need to run them in all places. --- tests/kola/ignition/systemd-enable-instance-unit/test.sh | 4 ++++ tests/kola/ignition/systemd-unmasking/test.sh | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/tests/kola/ignition/systemd-enable-instance-unit/test.sh b/tests/kola/ignition/systemd-enable-instance-unit/test.sh index 6b577df42b..0a3b09ac05 100755 --- a/tests/kola/ignition/systemd-enable-instance-unit/test.sh +++ b/tests/kola/ignition/systemd-enable-instance-unit/test.sh @@ -5,6 +5,10 @@ set -xeuo pipefail # https://github.com/coreos/ignition/issues/586 # https://github.com/systemd/systemd/pull/9901 +# We don't need to test this on every platform. If it passes in +# one place it will pass everywhere. +# kola: { "platforms": "qemu-unpriv" } + ok() { echo "ok" "$@" } diff --git a/tests/kola/ignition/systemd-unmasking/test.sh b/tests/kola/ignition/systemd-unmasking/test.sh index 77c5e8f4be..272f521295 100755 --- a/tests/kola/ignition/systemd-unmasking/test.sh +++ b/tests/kola/ignition/systemd-unmasking/test.sh @@ -5,6 +5,10 @@ set -xeuo pipefail # It just so happens we have masked dnsmasq in FCOS so we can # test this by unmasking it. +# We don't need to test this on every platform. If it passes in +# one place it will pass everywhere. +# kola: { "platforms": "qemu-unpriv" } + ok() { echo "ok" "$@" } From f634cb32a4ff81b2cec3f38975df6781782a72a8 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 8 Jun 2021 17:29:27 -0400 Subject: [PATCH 280/489] repos: drop `failovermethod` key This isn't supported by `dnf`. `libdnf` will parse it but it's not actually hooked up to anything. Recent repo files no longer use this key. So just nuke it. See: https://bugzilla.redhat.com/show_bug.cgi?id=1653831 --- fedora-next.repo | 5 ----- fedora.repo | 5 ----- 2 files changed, 10 deletions(-) diff --git a/fedora-next.repo b/fedora-next.repo index 49f684cbf1..a7bb4a23d5 100644 --- a/fedora-next.repo +++ b/fedora-next.repo @@ -3,7 +3,6 @@ [fedora-next] name=Fedora $releasever - $basearch -failovermethod=priority baseurl=https://dl.fedoraproject.org/pub/fedora/linux/development/$releasever/Everything/$basearch/os/ https://dl.fedoraproject.org/pub/fedora-secondary/development/$releasever/Everything/$basearch/os/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch @@ -17,7 +16,6 @@ skip_if_unavailable=False [fedora-next-updates] name=Fedora $releasever - $basearch - Updates -failovermethod=priority baseurl=https://dl.fedoraproject.org/pub/fedora/linux/updates/$releasever/Everything/$basearch/ https://dl.fedoraproject.org/pub/fedora-secondary/updates/$releasever/Everything/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch @@ -31,7 +29,6 @@ skip_if_unavailable=False [fedora-next-updates-testing] name=Fedora $releasever - $basearch - Test Updates -failovermethod=priority baseurl=https://dl.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/Everything/$basearch/ https://dl.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/Everything/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch @@ -56,7 +53,6 @@ skip_if_unavailable=False [fedora-next-updates-modular] name=Fedora Modular $releasever - $basearch - Updates -failovermethod=priority baseurl=https://dl.fedoraproject.org/pub/fedora/linux/updates/$releasever/Modular/$basearch/ https://dl.fedoraproject.org/pub/fedora-secondary/updates/$releasever/Modular/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch @@ -70,7 +66,6 @@ skip_if_unavailable=False [fedora-next-updates-testing-modular] name=Fedora Modular $releasever - $basearch - Test Updates -failovermethod=priority baseurl=https://dl.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/Modular/$basearch/ https://dl.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/Modular/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch diff --git a/fedora.repo b/fedora.repo index 4a94919a7f..c4bc1c81bd 100644 --- a/fedora.repo +++ b/fedora.repo @@ -3,7 +3,6 @@ [fedora] name=Fedora $releasever - $basearch -failovermethod=priority baseurl=https://dl.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/ https://dl.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/os/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch @@ -17,7 +16,6 @@ skip_if_unavailable=False [fedora-updates] name=Fedora $releasever - $basearch - Updates -failovermethod=priority baseurl=https://dl.fedoraproject.org/pub/fedora/linux/updates/$releasever/Everything/$basearch/ https://dl.fedoraproject.org/pub/fedora-secondary/updates/$releasever/Everything/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch @@ -31,7 +29,6 @@ skip_if_unavailable=False [fedora-updates-testing] name=Fedora $releasever - $basearch - Test Updates -failovermethod=priority baseurl=https://dl.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/Everything/$basearch/ https://dl.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/Everything/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch @@ -56,7 +53,6 @@ skip_if_unavailable=False [fedora-updates-modular] name=Fedora Modular $releasever - $basearch - Updates -failovermethod=priority baseurl=https://dl.fedoraproject.org/pub/fedora/linux/updates/$releasever/Modular/$basearch/ https://dl.fedoraproject.org/pub/fedora-secondary/updates/$releasever/Modular/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch @@ -70,7 +66,6 @@ skip_if_unavailable=False [fedora-updates-testing-modular] name=Fedora Modular $releasever - $basearch - Test Updates -failovermethod=priority baseurl=https://dl.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/Modular/$basearch/ https://dl.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/Modular/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch From 1e707cd85761a81f022f437de4dc0938732c1fc3 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 10 Jun 2021 22:49:39 -0400 Subject: [PATCH 281/489] tests/kdump: disable test It's a new test, and is broken on three cloud platforms plus Ignition upstream CI. https://github.com/coreos/fedora-coreos-config/pull/1043#issuecomment-859028582 --- tests/kola/kdump/test.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/kola/kdump/test.sh b/tests/kola/kdump/test.sh index 6f46278580..f6ece82706 100755 --- a/tests/kola/kdump/test.sh +++ b/tests/kola/kdump/test.sh @@ -3,6 +3,11 @@ set -xeuo pipefail # https://docs.fedoraproject.org/en-US/fedora-coreos/debugging-kernel-crashes/ # kola: {"minMemory": 4096, "tags": "skip-base-checks"} +# ===== FIXME: Disabled due to broken CI +echo "Test disabled" +exit 0 +# ===== + fatal() { echo "$@" >&2 exit 1 From 8a9a10894dbefb264c352ed45d989fa97adf517f Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 8 Jun 2021 17:54:22 -0400 Subject: [PATCH 282/489] misc-ro: Validate aleph version is present and is valid JSON I was idly thinking about deduplication between cosa and osbuild, and this is a good example of a detail we should keep. Let's test it's present. --- tests/kola/misc-ro | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 06694f682b..9141255c41 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -89,6 +89,10 @@ if ! test -f /usr/share/licenses/fedora-coreos-config/LICENSE; then fi ok LICENSE +# Defined in https://github.com/coreos/fedora-coreos-tracker/blob/master/internals/README-internals.md#aleph-version +jq < /sysroot/.coreos-aleph-version.json >/dev/null +ok aleph + case "$(arch)" in x86_64|aarch64) # This is just a basic sanity check; at some point we From c730db2d15874b74ddb1ef73490979e4f44ba7c7 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 11 Jun 2021 10:04:55 -0400 Subject: [PATCH 283/489] ci: add GitHub Action to automatically graduate overrides Currently, we have to manually check if fast-tracked packages have made it into the Fedora repos and drop them. This GitHub Action automates this process. It also formalizes the process of pinning packages a bit by adding guidelines for metadata keys overrides should use to be more explicit. --- .../workflows/remove-graduated-overrides.yml | 45 +++++++ README.md | 60 +++++++-- ci/remove-graduated-overrides.py | 125 ++++++++++++++++++ manifest-lock.overrides.yaml | 53 +++++--- manifest.yaml | 5 +- 5 files changed, 262 insertions(+), 26 deletions(-) create mode 100644 .github/workflows/remove-graduated-overrides.yml create mode 100755 ci/remove-graduated-overrides.py diff --git a/.github/workflows/remove-graduated-overrides.yml b/.github/workflows/remove-graduated-overrides.yml new file mode 100644 index 0000000000..f30a2b2711 --- /dev/null +++ b/.github/workflows/remove-graduated-overrides.yml @@ -0,0 +1,45 @@ +name: remove-graduated-overrides + +on: + schedule: + - cron: '0 */6 * * *' + +jobs: + remove-graduated-overrides: + name: Remove graduated overrides + runs-on: ubuntu-latest + # TODO: use cosa directly here + # https://github.com/coreos/coreos-assembler/issues/2223 + container: quay.io/coreos-assembler/fcos-buildroot:testing-devel + strategy: + matrix: + branch: + - testing-devel + - next-devel + steps: + - run: dnf install -y rpm-ostree # see related TODO above + - name: Checkout + uses: actions/checkout@v2 + with: + ref: ${{ matrix.branch }} + - name: Remove graduated overrides + run: | + git config user.name 'CoreOS Bot' + git config user.email coreosbot@fedoraproject.org + ci/remove-graduated-overrides.py + - name: Open pull request + run: | + if ! git diff --quiet --exit-code; then + git commit -am "lockfiles: drop graduated overrides 🎓" \ + -m "Triggered by remove-graduated-overrides GitHub Action." + fi + - name: Open pull request + uses: peter-evans/create-pull-request@v3.8.2 + with: + token: ${{ secrets.COREOSBOT_RELENG_TOKEN }} + branch: ${{ matrix.branch }}-graduation + push-to-fork: coreosbot-releng/fedora-coreos-config + title: "lockfiles: drop graduated overrides 🎓" + body: "Triggered by remove-graduated-overrides GitHub Action." + committer: "CoreOS Bot " + author: "CoreOS Bot " diff --git a/README.md b/README.md index 19e81652d0..5c8b31e9bc 100644 --- a/README.md +++ b/README.md @@ -50,19 +50,63 @@ By default, all packages for FCOS come from the stable Fedora repos. However, it is sometimes necessary to either hold back some packages, or pull in fixes ahead of Bodhi. To add such overrides, one needs to add the packages to -`manifest-lock.overrides.$basearch.yaml`. E.g.: +`manifest-lock.overrides.yaml` (there are also arch-specific +variants of these files for the rare occasions the override +should only apply to a specific arch). + +Note that comments are not preserved in these files. The +lockfile supports arbitrary keys under the `metadata` key to +carry information. Some keys are semantically meaningful to +humans or other tools. + +### Fast-tracking + +Example: ```yaml packages: - # document reason here and link to any Bodhi update - foobar: - evra: 1.2.3-1.fc31.x86_64 + selinux-policy: + evra: 34.10-1.fc34.noarch + metadata: + type: fast-track + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f014ca8326 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/850 + selinux-policy-targeted: + evra: 34.10-1.fc34.noarch + metadata: + type: fast-track + # you don't have to repeat the other keys for related packages +``` + +Whenever possible, it is important that the package be +submitted as an update to Bodhi so that we don't have to +carry the override for a long time. + +Fast-tracked packages will automatically be removed by the +`remove-graduated-overrides` GitHub Action in this repo once +they reach the stable Fedora repos (or newer versions). They +are detected by the `type: fast-track` key. + +### Pinning + +Example: + +``` +packages: + dracut: + evr: 053-5.fc34 + metadata: + type: pin + reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 + dracut-network: + evr: 053-5.fc34 + metadata: + type: pin + reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 ``` -Whenever possible, in the case of pulling in a newer -package, it is important that the package be submitted as an -update to Bodhi so that we don't have to carry the override -forever. +All pinned packages *must* have a `reason` key containing +more information about why the pin is necessary. Once an override PR is merged, [`coreos-koji-tagger`](https://github.com/coreos/fedora-coreos-releng-automation/tree/main/coreos-koji-tagger) diff --git a/ci/remove-graduated-overrides.py b/ci/remove-graduated-overrides.py new file mode 100755 index 0000000000..0734174796 --- /dev/null +++ b/ci/remove-graduated-overrides.py @@ -0,0 +1,125 @@ +#!/usr/bin/python3 + +import os +import sys +import json +import yaml +import subprocess + +import dnf +import hawkey + +ARCHES = ['s390x', 'x86_64', 'ppc64le', 'aarch64'] + +OVERRIDES_HEADER = """ +# This lockfile should be used to pin to a package version (`type: pin`) or to +# fast-track packages ahead of Bodhi (`type: fast-track`). Fast-tracked +# packages will automatically be removed once they are in the stable repos. +# +# IMPORTANT: YAML comments *will not* be preserved. All `pin` overrides *must* +# include a URL in the `metadata.reason` key. Overrides of type `fast-track` +# *should* include a URL in the `metadata.reason` key, though it's acceptable to +# omit one for FCOS-specific packages (e.g. ignition, afterburn, etc...). +""" + + +def main(): + treefile = get_treefile() + base = get_dnf_base(treefile) + setup_repos(base, treefile) + + for fn in get_lockfiles(): + update_lockfile(base, fn) + + +def get_treefile(): + treefile = subprocess.check_output(['rpm-ostree', 'compose', 'tree', + '--print-only', 'manifest.yaml']) + return json.loads(treefile) + + +def get_dnf_base(treefile): + base = dnf.Base() + base.conf.reposdir = "." + base.conf.releasever = treefile['releasever'] + base.read_all_repos() + return base + + +def setup_repos(base, treefile): + for repo in base.repos.values(): + repo.disable() + + print("Enabled repos:") + for repo in treefile['repos']: + base.repos[repo].enable() + print(f"- {repo}") + + print("Downloading metadata") + base.fill_sack(load_system_repo=False) + + +def get_lockfiles(): + lockfiles = ['manifest-lock.overrides.yaml'] + # TODO: for now, we only support the archless variant; supporting + # arch-specific lockfiles will require making dnf fetch metadata not just + # for the basearch on which we're running + # lockfiles += [f'manifest-lock.overrides.{arch}.yaml' for arch in ARCHES] + return lockfiles + + +def update_lockfile(base, fn): + if not os.path.exists(fn): + return + + with open(fn) as f: + lockfile = yaml.load(f) + if 'packages' not in lockfile: + return + + new_packages = {} + for name, lock in lockfile['packages'].items(): + if ('metadata' not in lock or + lock['metadata'].get('type') != "fast-track"): + new_packages[name] = lock + continue + + if 'evra' in lock: + nevra = f"{name}-{lock['evra']}" + else: + # it applies to all arches, so we can just check our arch (see + # related TODO above) + nevra = f"{name}-{lock['evr']}.{base.conf.basearch}" + graduated = sack_has_nevra_greater_or_equal(base, nevra) + if not graduated: + new_packages[name] = lock + else: + print(f"{fn}: {nevra} has graduated") + + if lockfile['packages'] != new_packages: + lockfile['packages'] = new_packages + with open(fn, 'w') as f: + f.write(OVERRIDES_HEADER.strip()) + f.write('\n\n') + yaml.dump(lockfile, f) + else: + print(f"{fn}: no packages graduated") + + +def sack_has_nevra_greater_or_equal(base, nevra): + nevra = hawkey.split_nevra(nevra) + pkgs = base.sack.query().filterm(name=nevra.name).latest().run() + + if len(pkgs) == 0: + # Odd... the only way I can imagine this happen is if we fast-track a + # brand new package from Koji which hasn't hit the updates repo yet. + # Corner-case, but let's be nice. + print(f"couldn't find package {nevra.name}; assuming not graduated") + return False + + nevra_latest = hawkey.split_nevra(str(pkgs[0])) + return nevra_latest >= nevra + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 3f00ba75fd..8b764b7787 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -1,17 +1,38 @@ +# This lockfile should be used to pin to a package version (`type: pin`) or to +# fast-track packages ahead of Bodhi (`type: fast-track`). Fast-tracked +# packages will automatically be removed once they are in the stable repos. +# +# IMPORTANT: YAML comments *will not* be preserved. All `pin` overrides *must* +# include a URL in the `metadata.reason` key. Overrides of type `fast-track` +# *should* include a URL in the `metadata.reason` key, though it's acceptable to +# omit one for FCOS-specific packages (e.g. ignition, afterburn, etc...). + packages: - # Freeze dracut on 053. We need to investigate NetworkManager systemd changes. - # https://github.com/coreos/fedora-coreos-tracker/issues/842 - dracut: - evr: 053-5.fc34 - dracut-network: - evr: 053-5.fc34 - # Fast-track for firstboot multipath - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-123bd6e0dc - ignition: - evr: 2.10.1-3.fc34 - # Fast-track for https://github.com/coreos/fedora-coreos-tracker/issues/850 - # https://bodhi.fedoraproject.org/updates/FEDORA-2021-d8e34dbd6e - selinux-policy: - evra: 34.11-1.fc34.noarch - selinux-policy-targeted: - evra: 34.11-1.fc34.noarch + dracut: + evr: 053-5.fc34 + metadata: + type: pin + reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 + dracut-network: + evr: 053-5.fc34 + metadata: + type: pin + reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 + ignition: + evr: 2.10.1-3.fc34 + metadata: + type: fast-track + reason: https://github.com/coreos/fedora-coreos-config/pull/1011 + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-123bd6e0dc + selinux-policy: + evra: 34.11-1.fc34.noarch + metadata: + type: fast-track + reason: https://github.com/coreos/fedora-coreos-tracker/issues/850 + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-d8e34dbd6e + selinux-policy-targeted: + evra: 34.11-1.fc34.noarch + metadata: + type: fast-track + reason: https://github.com/coreos/fedora-coreos-tracker/issues/850 + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-d8e34dbd6e diff --git a/manifest.yaml b/manifest.yaml index f2141b1297..213cb88408 100644 --- a/manifest.yaml +++ b/manifest.yaml @@ -9,9 +9,10 @@ rojig: summary: Fedora CoreOS testing-devel repos: - # these repos are there to make it easier to add new packages to the OS and to + # These repos are there to make it easier to add new packages to the OS and to # use `cosa fetch --update-lockfile`; but note that all package versions are - # still pinned + # still pinned. These repos are also used by the remove-graduated-overrides + # GitHub Action. - fedora - fedora-updates From d963f9734c7ff34909ca7dbbc780f8f841507d62 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 11 Jun 2021 21:23:46 +0000 Subject: [PATCH 284/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/327/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 71c4704650..de2836d99b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -133,10 +133,10 @@ "evra": "1.5.0~rc.1-1.fc34.x86_64" }, "containernetworking-plugins": { - "evra": "1.0.0-0.1.rc1.fc34.x86_64" + "evra": "1.0.0-0.2.rc1.fc34.x86_64" }, "containers-common": { - "evra": "4:1-16.fc34.noarch" + "evra": "4:1-19.fc34.noarch" }, "coreos-installer": { "evra": "0.9.1-1.fc34.x86_64" @@ -145,10 +145,10 @@ "evra": "0.9.1-1.fc34.x86_64" }, "coreutils": { - "evra": "8.32-26.fc34.x86_64" + "evra": "8.32-27.fc34.x86_64" }, "coreutils-common": { - "evra": "8.32-26.fc34.x86_64" + "evra": "8.32-27.fc34.x86_64" }, "cpio": { "evra": "2.13-10.fc34.x86_64" @@ -163,7 +163,7 @@ "evra": "3.15-3.fc34.x86_64" }, "crun": { - "evra": "0.19.1-3.fc34.x86_64" + "evra": "0.20.1-1.fc34.x86_64" }, "crypto-policies": { "evra": "20210213-1.git5c710c0.fc34.noarch" @@ -355,13 +355,13 @@ "evra": "2.68.2-1.fc34.x86_64" }, "glibc": { - "evra": "2.33-14.fc34.x86_64" + "evra": "2.33-15.fc34.x86_64" }, "glibc-common": { - "evra": "2.33-14.fc34.x86_64" + "evra": "2.33-15.fc34.x86_64" }, "glibc-minimal-langpack": { - "evra": "2.33-14.fc34.x86_64" + "evra": "2.33-15.fc34.x86_64" }, "gmp": { "evra": "1:6.2.0-6.fc34.x86_64" @@ -970,10 +970,10 @@ "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "3:3.1.2-3.fc34.x86_64" + "evra": "3:3.2.0-5.fc34.x86_64" }, "podman-plugins": { - "evra": "3:3.1.2-3.fc34.x86_64" + "evra": "3:3.2.0-5.fc34.x86_64" }, "policycoreutils": { "evra": "3.2-1.fc34.x86_64" @@ -1193,7 +1193,7 @@ } }, "metadata": { - "generated": "2021-06-10T20:52:43Z", + "generated": "2021-06-11T20:52:36Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1202,7 +1202,7 @@ "generated": "2021-06-10T18:40:56Z" }, "fedora-updates": { - "generated": "2021-06-10T00:55:40Z" + "generated": "2021-06-11T00:54:44Z" } } } From 9b637c055bf5fd58225120db481b8af9fda707c5 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sat, 12 Jun 2021 23:00:02 -0400 Subject: [PATCH 285/489] tests/kola/chrony: move container in test to F34 --- tests/kola/chrony/dhcp-propagation | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/kola/chrony/dhcp-propagation b/tests/kola/chrony/dhcp-propagation index 018af69677..fcb579df1a 100755 --- a/tests/kola/chrony/dhcp-propagation +++ b/tests/kola/chrony/dhcp-propagation @@ -32,7 +32,7 @@ test_setup() { pushd $(mktemp -d) NTPHOSTIP=$(getent hosts time-c-g.nist.gov | cut -d ' ' -f 1) cat <Dockerfile -FROM registry.fedoraproject.org/fedora:33 +FROM registry.fedoraproject.org/fedora:34 RUN dnf -y install systemd dnsmasq iproute iputils \ && dnf clean all \ && systemctl enable dnsmasq From bed3837a49d8ddbf149f52bc8cb654796243e104 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sat, 12 Jun 2021 23:01:48 -0400 Subject: [PATCH 286/489] tests/kola/chrony: hardcode NTP server address for now DNS for time-c-g.nist.gov is not resolving right now in CentOS CI and this test is failing in CI as a result: ``` Jun 12 21:00:52 qemu0 kola-runext-dhcp-propagation[1293]: ++ getent hosts time-c-g.nist.gov Jun 12 21:01:11 qemu0 kola-runext-dhcp-propagation[1280]: + NTPHOSTIP= Jun 12 21:01:11 qemu0 systemd[1]: kola-runext.service: Main process exited, code=exited, status=2/INVALIDARGUMENT ``` Opened an issue for the DNS issue over at https://pagure.io/centos-infra/issue/356 --- tests/kola/chrony/dhcp-propagation | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/kola/chrony/dhcp-propagation b/tests/kola/chrony/dhcp-propagation index fcb579df1a..a097364b0f 100755 --- a/tests/kola/chrony/dhcp-propagation +++ b/tests/kola/chrony/dhcp-propagation @@ -30,7 +30,10 @@ test_setup() { # run podman commands to set up dnsmasq server pushd $(mktemp -d) - NTPHOSTIP=$(getent hosts time-c-g.nist.gov | cut -d ' ' -f 1) + # XXX: hardcode IP for now until can resolve in CentOS CI again + # https://pagure.io/centos-infra/issue/356 + #NTPHOSTIP=$(getent hosts time-c-g.nist.gov | cut -d ' ' -f 1) + NTPHOSTIP='129.6.15.30' cat <Dockerfile FROM registry.fedoraproject.org/fedora:34 RUN dnf -y install systemd dnsmasq iproute iputils \ From facac1e9f972a4155603145bf47b555a866c001c Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 12 Jun 2021 12:21:22 +0000 Subject: [PATCH 287/489] =?UTF-8?q?lockfiles:=20drop=20graduated=20overrid?= =?UTF-8?q?es=20=F0=9F=8E=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Triggered by remove-graduated-overrides GitHub Action. --- manifest-lock.overrides.yaml | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 8b764b7787..2b3b40b760 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -11,28 +11,10 @@ packages: dracut: evr: 053-5.fc34 metadata: - type: pin reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 + type: pin dracut-network: evr: 053-5.fc34 metadata: - type: pin reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 - ignition: - evr: 2.10.1-3.fc34 - metadata: - type: fast-track - reason: https://github.com/coreos/fedora-coreos-config/pull/1011 - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-123bd6e0dc - selinux-policy: - evra: 34.11-1.fc34.noarch - metadata: - type: fast-track - reason: https://github.com/coreos/fedora-coreos-tracker/issues/850 - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-d8e34dbd6e - selinux-policy-targeted: - evra: 34.11-1.fc34.noarch - metadata: - type: fast-track - reason: https://github.com/coreos/fedora-coreos-tracker/issues/850 - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-d8e34dbd6e + type: pin From d5b99be33fc09a35bb0e9443d4dcb7424d356ab4 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 14 Jun 2021 15:57:11 +0000 Subject: [PATCH 288/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/330/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index de2836d99b..0ded7504fb 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -16,7 +16,7 @@ "evra": "1:1.30.4-1.fc34.x86_64" }, "WALinuxAgent-udev": { - "evra": "2.2.52-5.fc34.noarch" + "evra": "2.2.54.2-1.fc34.noarch" }, "acl": { "evra": "2.3.1-1.fc34.x86_64" @@ -292,10 +292,10 @@ "evra": "34-2.noarch" }, "file": { - "evra": "5.39-5.fc34.x86_64" + "evra": "5.39-6.fc34.x86_64" }, "file-libs": { - "evra": "5.39-5.fc34.x86_64" + "evra": "5.39-6.fc34.x86_64" }, "filesystem": { "evra": "3.14-5.fc34.x86_64" @@ -355,13 +355,13 @@ "evra": "2.68.2-1.fc34.x86_64" }, "glibc": { - "evra": "2.33-15.fc34.x86_64" + "evra": "2.33-16.fc34.x86_64" }, "glibc-common": { - "evra": "2.33-15.fc34.x86_64" + "evra": "2.33-16.fc34.x86_64" }, "glibc-minimal-langpack": { - "evra": "2.33-15.fc34.x86_64" + "evra": "2.33-16.fc34.x86_64" }, "gmp": { "evra": "1:6.2.0-6.fc34.x86_64" @@ -910,7 +910,7 @@ "evra": "6.9.7.1-1.fc34.x86_64" }, "openldap": { - "evra": "2.4.57-3.fc34.x86_64" + "evra": "2.4.57-4.fc34.x86_64" }, "openssh": { "evra": "8.6p1-3.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-11T20:52:36Z", + "generated": "2021-06-14T14:47:16Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-10T18:40:56Z" + "generated": "2021-06-14T12:21:25Z" }, "fedora-updates": { - "generated": "2021-06-11T00:54:44Z" + "generated": "2021-06-14T00:54:59Z" } } } From c4d47315b8d669686e5ebb70d9a12cbd263d5f01 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 14 Jun 2021 08:42:22 -0400 Subject: [PATCH 289/489] ci/remove-graduated-overrides: don't fail-fast in matrix job If e.g. the `next-devel` branch of the job failed, don't stop the `testing-devel` branch. --- .github/workflows/remove-graduated-overrides.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/remove-graduated-overrides.yml b/.github/workflows/remove-graduated-overrides.yml index f30a2b2711..6472cb335c 100644 --- a/.github/workflows/remove-graduated-overrides.yml +++ b/.github/workflows/remove-graduated-overrides.yml @@ -16,6 +16,7 @@ jobs: branch: - testing-devel - next-devel + fail-fast: false steps: - run: dnf install -y rpm-ostree # see related TODO above - name: Checkout From dd186ad4980e730703034f6ab860352a085e2830 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 11 Jun 2021 16:18:19 -0400 Subject: [PATCH 290/489] overlay: ignition-ostree-firstboot-uuid: use metadata_csum_seed fs feature We're hitting issues in some cases where users are seeing the `tune2fs -U random` on the /boot filesystem fail even though it's ran directly after an `e2fsck`. To prevent needing a filesystem check at all let's store the metadata checksum seed in the superblock which will allow us to change the UUID without needing any filesystem checks. This was not possible before but we recently got a grub fix so that having this filesystem feature enabled wouldn't cause grub2 to throw an error. - https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00031.html Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/735 --- .../40ignition-ostree/ignition-ostree-firstboot-uuid | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid index 0027bed357..0eed19db06 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid @@ -27,10 +27,7 @@ esac if [ "${TYPE}" == "${orig_type}" ] && [ "${UUID}" == "${orig_uuid}" ]; then case "${TYPE}" in - # For now we need to fsck first, see https://github.com/coreos/coreos-assembler/pull/1452 - # Basically we're not passing `metadata_csum_seed` as a mkfs.ext4 option - # because grub2 barfs on it. - ext4) e2fsck -fy "${target}" && tune2fs -U random "${target}" ;; + ext4) tune2fs -O metadata_csum_seed -U random "${target}" ;; xfs) xfs_admin -U generate "${target}" ;; *) echo "unexpected filesystem type ${TYPE}" 1>&2; exit 1 ;; esac From da83a0aa8d9cadad4ee132e7a7af1f9e88d08b59 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 14 Jun 2021 18:19:14 -0400 Subject: [PATCH 291/489] overlay: ignition-ostree-firstboot-uuid: add workaround for FS without metadata_csum_seed It will be some time before we can support metadata_csum_seed in grub on all our target platforms. This commit adds a workaround for the case where grub doesn't support it yet. We specifically workaround the behavior of tune2fs that isn't sensitive to timing inconsistencies. See https://github.com/coreos/fedora-coreos-tracker/issues/735#issuecomment-859605953 Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/735 --- .../ignition-ostree-firstboot-uuid | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid index 0eed19db06..0318471354 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid @@ -27,7 +27,37 @@ esac if [ "${TYPE}" == "${orig_type}" ] && [ "${UUID}" == "${orig_uuid}" ]; then case "${TYPE}" in - ext4) tune2fs -O metadata_csum_seed -U random "${target}" ;; + ext4) + # If the filesystem supports metadata_csum_seed then the UUID is stored + # in the superblock and there is no need to worry with an fsck. For the + # boot filesystem this FS feature wasn't supported by GRUB until recently. + # https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00031.html + # Once grub is updated in all systems we care about we can standardize + # on the metadata_csum_seed and delete the `else` code block. + if tune2fs -l ${target} | grep 'metadata_csum_seed'; then + tune2fs -U random "${target}" + else + # Run an fsck since tune2fs -U requires the FS to be clean + e2fsck -fy "${target}" + # We just ran an fsck, but there is a bug where tune2fs -U will still + # complain. It will still error if the last checked timestamp (just + # set by the e2fsck above) is older than the last mount timestamp (happens + # on systems with out of date or non-functioning hardware clocks). + # See https://github.com/coreos/fedora-coreos-tracker/issues/735#issuecomment-859605953 + # Potentially fixed in future by: https://www.spinics.net/lists/linux-ext4/msg78012.html + tune2fsinfo="$(tune2fs -l ${target})" + lastmount=$(echo "$tune2fsinfo" | grep '^Last mount time:' | cut -d ':' -f 2,3,4) + lastfsck=$(echo "$tune2fsinfo" | grep '^Last checked:' | cut -d ':' -f 2,3,4) + lastmountsse=$(date --date="$lastmount" +%s) + lastfscksse=$(date --date="$lastfsck" +%s) + if (( lastfscksse < lastmountsse )); then + echo "Detected timestamp of last fsck is older than timestamp of last mount." + echo "Setting "${target}" timestamp of last fsck to same time as last mount." + tune2fs -T $(date --date="$lastmount" +%Y%m%d%H%M%S) "${target}" + fi + # Finally, we can randomize the UUID + tune2fs -U random "${target}" + fi ;; xfs) xfs_admin -U generate "${target}" ;; *) echo "unexpected filesystem type ${TYPE}" 1>&2; exit 1 ;; esac From 7361a9c1cfc131176b7c3dd72c875b66fff1ef86 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 15 Jun 2021 21:22:12 +0000 Subject: [PATCH 292/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/332/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 42 +++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 0ded7504fb..2e196585d8 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -37,7 +37,7 @@ "evra": "2.5.1-1.fc34.x86_64" }, "audit-libs": { - "evra": "3.0.1-2.fc34.x86_64" + "evra": "3.0.2-1.fc34.x86_64" }, "avahi-libs": { "evra": "0.8-9.fc34.x86_64" @@ -262,7 +262,7 @@ "evra": "2:5.12-1.fc34.x86_64" }, "expat": { - "evra": "2.2.10-2.fc34.x86_64" + "evra": "2.4.1-1.fc34.x86_64" }, "fedora-coreos-pinger": { "evra": "0.0.4-9.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.12.9-300.fc34.x86_64" + "evra": "5.12.10-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.12.9-300.fc34.x86_64" + "evra": "5.12.10-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.12.9-300.fc34.x86_64" + "evra": "5.12.10-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -604,7 +604,7 @@ "evra": "1.3.1-47.fc34.x86_64" }, "libipa_hbac": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "libjcat": { "evra": "0.1.6-1.fc34.x86_64" @@ -739,16 +739,16 @@ "evra": "0.9.5-2.fc34.noarch" }, "libsss_certmap": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "libsss_idmap": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "libsss_nss_idmap": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "libsss_sudo": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "libstdc++": { "evra": "11.1.1-3.fc34.x86_64" @@ -1087,28 +1087,28 @@ "evra": "0.1.2-7.fc34.x86_64" }, "sssd-ad": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "sssd-client": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "sssd-common": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "sssd-common-pac": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "sssd-ipa": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "sssd-krb5": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "sssd-krb5-common": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "sssd-ldap": { - "evra": "2.5.0-2.fc34.x86_64" + "evra": "2.5.1-1.fc34.x86_64" }, "stalld": { "evra": "1.10-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-14T14:47:16Z", + "generated": "2021-06-15T20:52:38Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-14T12:21:25Z" + "generated": "2021-06-14T16:18:50Z" }, "fedora-updates": { - "generated": "2021-06-14T00:54:59Z" + "generated": "2021-06-15T00:57:18Z" } } } From 6f39113b0bd0e40d783edcfedc69b93b0492b096 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 16 Jun 2021 21:27:10 +0000 Subject: [PATCH 293/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/333/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2e196585d8..400b138866 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -334,7 +334,7 @@ "evra": "3.10.3-1.fc34.x86_64" }, "fwupd": { - "evra": "1.5.9-2.fc34.x86_64" + "evra": "1.5.10-1.fc34.x86_64" }, "gawk": { "evra": "5.1.0-3.fc34.x86_64" @@ -379,22 +379,22 @@ "evra": "3.6-2.fc34.x86_64" }, "grub2-common": { - "evra": "1:2.06~rc1-4.fc34.noarch" + "evra": "1:2.06-2.fc34.noarch" }, "grub2-efi-x64": { - "evra": "1:2.06~rc1-4.fc34.x86_64" + "evra": "1:2.06-2.fc34.x86_64" }, "grub2-pc": { - "evra": "1:2.06~rc1-4.fc34.x86_64" + "evra": "1:2.06-2.fc34.x86_64" }, "grub2-pc-modules": { - "evra": "1:2.06~rc1-4.fc34.noarch" + "evra": "1:2.06-2.fc34.noarch" }, "grub2-tools": { - "evra": "1:2.06~rc1-4.fc34.x86_64" + "evra": "1:2.06-2.fc34.x86_64" }, "grub2-tools-minimal": { - "evra": "1:2.06~rc1-4.fc34.x86_64" + "evra": "1:2.06-2.fc34.x86_64" }, "gzip": { "evra": "1.10-4.fc34.x86_64" @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2956-1.fc34.x86_64" + "evra": "2:8.2.2956-2.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-15T20:52:38Z", + "generated": "2021-06-16T20:55:33Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-14T16:18:50Z" + "generated": "2021-06-15T21:30:11Z" }, "fedora-updates": { - "generated": "2021-06-15T00:57:18Z" + "generated": "2021-06-16T20:37:44Z" } } } From 975f0dc68cd597893bd1b9b817eac72f0ef9598c Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 19 Jun 2021 21:20:20 +0000 Subject: [PATCH 294/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/336/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 400b138866..8e2dd6ca3e 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -82,7 +82,7 @@ "evra": "1.17.1-2.fc34.x86_64" }, "ca-certificates": { - "evra": "2020.2.41-7.fc34.noarch" + "evra": "2021.2.50-1.0.fc34.noarch" }, "catatonit": { "evra": "0.1.5-4.fc34.x86_64" @@ -316,7 +316,7 @@ "evra": "2.9.9-11.fc34.x86_64" }, "fuse-common": { - "evra": "3.10.3-1.fc34.x86_64" + "evra": "3.10.4-1.fc34.x86_64" }, "fuse-libs": { "evra": "2.9.9-11.fc34.x86_64" @@ -325,13 +325,13 @@ "evra": "1.5.0-1.fc34.x86_64" }, "fuse-sshfs": { - "evra": "3.7.1-2.fc34.x86_64" + "evra": "3.7.2-1.fc34.x86_64" }, "fuse3": { - "evra": "3.10.3-1.fc34.x86_64" + "evra": "3.10.4-1.fc34.x86_64" }, "fuse3-libs": { - "evra": "3.10.3-1.fc34.x86_64" + "evra": "3.10.4-1.fc34.x86_64" }, "fwupd": { "evra": "1.5.10-1.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.12.10-300.fc34.x86_64" + "evra": "5.12.11-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.12.10-300.fc34.x86_64" + "evra": "5.12.11-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.12.10-300.fc34.x86_64" + "evra": "5.12.11-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -676,7 +676,7 @@ "evra": "0.2.1-47.fc34.x86_64" }, "libpcap": { - "evra": "14:1.10.0-1.fc34.x86_64" + "evra": "14:1.10.1-1.fc34.x86_64" }, "libpkgconf": { "evra": "1.7.3-6.fc34.x86_64" @@ -691,7 +691,7 @@ "evra": "0.1.5-47.fc34.x86_64" }, "librepo": { - "evra": "1.14.0-1.fc34.x86_64" + "evra": "1.14.1-1.fc34.x86_64" }, "libreport-filesystem": { "evra": "2.15.2-2.fc34.noarch" @@ -883,7 +883,7 @@ "evra": "2.0-0.59.20160912git.fc34.x86_64" }, "nettle": { - "evra": "3.7.2-1.fc34.x86_64" + "evra": "3.7.3-1.fc34.x86_64" }, "newt": { "evra": "0.52.21-9.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-16T20:55:33Z", + "generated": "2021-06-19T20:52:33Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-15T21:30:11Z" + "generated": "2021-06-16T21:34:37Z" }, "fedora-updates": { - "generated": "2021-06-16T20:37:44Z" + "generated": "2021-06-19T00:57:18Z" } } } From 4c3bd966f6743a42ae41303c017f825a0bc5beb5 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 20 Jun 2021 21:20:25 +0000 Subject: [PATCH 295/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/337/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 8e2dd6ca3e..f09770dd9c 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -127,7 +127,7 @@ "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.162.2-1.fc34.noarch" + "evra": "2:2.163.0-1.fc34.noarch" }, "containerd": { "evra": "1.5.0~rc.1-1.fc34.x86_64" @@ -355,13 +355,13 @@ "evra": "2.68.2-1.fc34.x86_64" }, "glibc": { - "evra": "2.33-16.fc34.x86_64" + "evra": "2.33-18.fc34.x86_64" }, "glibc-common": { - "evra": "2.33-16.fc34.x86_64" + "evra": "2.33-18.fc34.x86_64" }, "glibc-minimal-langpack": { - "evra": "2.33-16.fc34.x86_64" + "evra": "2.33-18.fc34.x86_64" }, "gmp": { "evra": "1:6.2.0-6.fc34.x86_64" @@ -970,10 +970,10 @@ "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "3:3.2.0-5.fc34.x86_64" + "evra": "3:3.2.1-1.fc34.x86_64" }, "podman-plugins": { - "evra": "3:3.2.0-5.fc34.x86_64" + "evra": "3:3.2.1-1.fc34.x86_64" }, "policycoreutils": { "evra": "3.2-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-19T20:52:33Z", + "generated": "2021-06-20T20:52:34Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-16T21:34:37Z" + "generated": "2021-06-19T21:27:10Z" }, "fedora-updates": { - "generated": "2021-06-19T00:57:18Z" + "generated": "2021-06-20T00:55:51Z" } } } From d498325f2502ca0aaa71c0e5c8376d95f7541c14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C4=8Cajka?= Date: Fri, 18 Jun 2021 14:52:07 +0200 Subject: [PATCH 296/489] tests/kola/toolbox: Run only on x86_64 and aarch64 Toolbox container is currently missing on ppc64le and s390x in Fedora. --- tests/kola/toolbox/test.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/kola/toolbox/test.sh b/tests/kola/toolbox/test.sh index db5bc1f4b5..bde7235d74 100755 --- a/tests/kola/toolbox/test.sh +++ b/tests/kola/toolbox/test.sh @@ -12,7 +12,8 @@ # ensure that previous commands were successful. # Only run on QEMU to reduce CI costs as nothing is platform specific here. -# kola: { "tags": "needs-internet", "platforms": "qemu-unpriv" } +# Toolbox container is currently available only for x86_64 and aarch64 in Fedora +# kola: { "tags": "needs-internet", "platforms": "qemu-unpriv", "architectures": "x86_64 aarch64" } set -xeuo pipefail From d389fd1bd46d374736632763c97276f37f638f1f Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 24 Jun 2021 21:14:19 +0000 Subject: [PATCH 297/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/343/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index f09770dd9c..2ea671e6d6 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -16,7 +16,7 @@ "evra": "1:1.30.4-1.fc34.x86_64" }, "WALinuxAgent-udev": { - "evra": "2.2.54.2-1.fc34.noarch" + "evra": "2.3.0.2-1.fc34.noarch" }, "acl": { "evra": "2.3.1-1.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.12.11-300.fc34.x86_64" + "evra": "5.12.12-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.12.11-300.fc34.x86_64" + "evra": "5.12.12-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.12.11-300.fc34.x86_64" + "evra": "5.12.12-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-20T20:52:34Z", + "generated": "2021-06-24T20:49:09Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-19T21:27:10Z" + "generated": "2021-06-20T21:29:27Z" }, "fedora-updates": { - "generated": "2021-06-20T00:55:51Z" + "generated": "2021-06-24T16:32:58Z" } } } From 3105a4a18c10878cfa55de629a0d076d5c51c513 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 26 Jun 2021 01:47:59 +0000 Subject: [PATCH 298/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/348/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2ea671e6d6..6b4f97393f 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -190,7 +190,7 @@ "evra": "1:1.12.20-3.fc34.x86_64" }, "dbus-broker": { - "evra": "28-3.fc34.x86_64" + "evra": "29-1.fc34.x86_64" }, "dbus-common": { "evra": "1:1.12.20-3.fc34.noarch" @@ -802,7 +802,7 @@ "evra": "2:4.14.5-0.fc34.x86_64" }, "libxcrypt": { - "evra": "4.4.20-2.fc34.x86_64" + "evra": "4.4.22-2.fc34.x86_64" }, "libxml2": { "evra": "2.9.12-4.fc34.x86_64" @@ -943,7 +943,7 @@ "evra": "0.23.22-3.fc34.x86_64" }, "pam": { - "evra": "1.5.1-5.fc34.x86_64" + "evra": "1.5.1-6.fc34.x86_64" }, "passwd": { "evra": "0.80-10.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-24T20:49:09Z", + "generated": "2021-06-26T01:16:31Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-20T21:29:27Z" + "generated": "2021-06-24T21:24:51Z" }, "fedora-updates": { - "generated": "2021-06-24T16:32:58Z" + "generated": "2021-06-26T00:53:13Z" } } } From 6ecb69bb51ca8efdec4f828f457a22bf466a3944 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sun, 27 Jun 2021 14:04:00 -0400 Subject: [PATCH 299/489] tests: temporarily drop kargs test for spec stabilization --- tests/kola/ignition/kargs/config.ign | 9 --------- tests/kola/ignition/kargs/test.sh | 19 ------------------- 2 files changed, 28 deletions(-) delete mode 100644 tests/kola/ignition/kargs/config.ign delete mode 100755 tests/kola/ignition/kargs/test.sh diff --git a/tests/kola/ignition/kargs/config.ign b/tests/kola/ignition/kargs/config.ign deleted file mode 100644 index fb9fa01a5a..0000000000 --- a/tests/kola/ignition/kargs/config.ign +++ /dev/null @@ -1,9 +0,0 @@ -{ - "ignition": { - "version": "3.3.0-experimental" - }, - "kernelArguments": { - "shouldExist": ["foobar"], - "shouldNotExist": ["mitigations=auto,nosmt"] - } -} diff --git a/tests/kola/ignition/kargs/test.sh b/tests/kola/ignition/kargs/test.sh deleted file mode 100755 index a7535254f8..0000000000 --- a/tests/kola/ignition/kargs/test.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -set -xeuo pipefail - -ok() { - echo "ok" "$@" -} - -fatal() { - echo "$@" >&2 - exit 1 -} - -if ! grep foobar /proc/cmdline; then - fatal "missing foobar in kernel cmdline" -fi -if grep mitigations /proc/cmdline; then - fatal "found mitigations in kernel cmdline" -fi -ok "Ignition kargs" From 455eb6644f91c3c2f36ceaa904b5605ca563de76 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 25 Jun 2021 23:24:49 -0400 Subject: [PATCH 300/489] overrides: fast-track Ignition 2.11.0-1.fc34 --- manifest-lock.overrides.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 2b3b40b760..e9e8d7a2c5 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -18,3 +18,7 @@ packages: metadata: reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 type: pin + ignition: + evr: 2.11.0-1.fc34 + metadata: + type: fast-track From a2aa6183b457f9bd7de64ccec843e7b19e6e16c6 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sun, 27 Jun 2021 16:48:59 -0400 Subject: [PATCH 301/489] Revert "tests: temporarily drop kargs test for spec stabilization" This reverts commit 6ecb69bb51ca8efdec4f828f457a22bf466a3944. --- tests/kola/ignition/kargs/config.ign | 9 +++++++++ tests/kola/ignition/kargs/test.sh | 19 +++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 tests/kola/ignition/kargs/config.ign create mode 100755 tests/kola/ignition/kargs/test.sh diff --git a/tests/kola/ignition/kargs/config.ign b/tests/kola/ignition/kargs/config.ign new file mode 100644 index 0000000000..fb9fa01a5a --- /dev/null +++ b/tests/kola/ignition/kargs/config.ign @@ -0,0 +1,9 @@ +{ + "ignition": { + "version": "3.3.0-experimental" + }, + "kernelArguments": { + "shouldExist": ["foobar"], + "shouldNotExist": ["mitigations=auto,nosmt"] + } +} diff --git a/tests/kola/ignition/kargs/test.sh b/tests/kola/ignition/kargs/test.sh new file mode 100755 index 0000000000..a7535254f8 --- /dev/null +++ b/tests/kola/ignition/kargs/test.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -xeuo pipefail + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +if ! grep foobar /proc/cmdline; then + fatal "missing foobar in kernel cmdline" +fi +if grep mitigations /proc/cmdline; then + fatal "found mitigations in kernel cmdline" +fi +ok "Ignition kargs" From 9e6e621aa06af552c8c2e41fa9b84cf6d96f6f77 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sun, 27 Jun 2021 16:49:44 -0400 Subject: [PATCH 302/489] tests/kola/ignition/kargs: stabilize Ignition spec 3.3.0 --- tests/kola/ignition/kargs/config.ign | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/kola/ignition/kargs/config.ign b/tests/kola/ignition/kargs/config.ign index fb9fa01a5a..00816dc153 100644 --- a/tests/kola/ignition/kargs/config.ign +++ b/tests/kola/ignition/kargs/config.ign @@ -1,6 +1,6 @@ { "ignition": { - "version": "3.3.0-experimental" + "version": "3.3.0" }, "kernelArguments": { "shouldExist": ["foobar"], From fffae203a834fc325cbd8e6ddd8a585e2d9df21d Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 28 Jun 2021 08:54:01 -0400 Subject: [PATCH 303/489] 35coreos-ignition: use cp instead of mv We can't `mv` out of the module directory since `/usr` is mounted read-only in the dracut container when rpm-ostree runs it. Follow up to #938. Reported-by: Luca BRUNO --- .../usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh index c874f1e160..94895b9882 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh @@ -43,7 +43,7 @@ install() { # dracut inst_script doesn't allow overwrites and we are replacing # the default script placed by Ignition binpath="/usr/sbin/ignition-kargs-helper" - mv "$moddir/coreos-kargs.sh" "$initdir$binpath" + cp "$moddir/coreos-kargs.sh" "$initdir$binpath" install_ignition_unit coreos-kargs-reboot.service inst_script "$moddir/coreos-boot-edit.sh" \ From 05a6946eefbcd1cac565de535cd7408d8e974dc9 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 28 Jun 2021 21:23:00 +0000 Subject: [PATCH 304/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/351/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 6b4f97393f..d99b75ec24 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -403,7 +403,7 @@ "evra": "3.23-4.fc34.x86_64" }, "ignition": { - "evra": "2.10.1-3.fc34.x86_64" + "evra": "2.11.0-1.fc34.x86_64" }, "inih": { "evra": "49-3.fc34.x86_64" @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.2956-2.fc34.x86_64" + "evra": "2:8.2.3046-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-26T01:16:31Z", + "generated": "2021-06-28T20:53:49Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-24T21:24:51Z" + "generated": "2021-06-27T21:38:00Z" }, "fedora-updates": { - "generated": "2021-06-26T00:53:13Z" + "generated": "2021-06-28T01:23:25Z" } } } From 4d96eaaaffdf96e8cc9a0282bbc200487b1c619a Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 28 Jun 2021 12:02:49 -0400 Subject: [PATCH 305/489] coreos-propagate-multipath-conf: trigger emergency.target on failure We have this in all our units right now we consider critical. This is one of them. Related: https://bugzilla.redhat.com/show_bug.cgi?id=1974411 --- .../35coreos-multipath/coreos-propagate-multipath-conf.service | 3 +++ 1 file changed, 3 insertions(+) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service index 271fdf81fd..978fc56c4e 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service @@ -5,6 +5,9 @@ Before=initrd.target ConditionKernelCommandLine=rd.multipath=default +OnFailure=emergency.target +OnFailureJobMode=isolate + [Service] Type=oneshot ExecStart=/usr/sbin/coreos-propagate-multipath-conf From 1c0ca68427db763d3f6bff78f43c64c8b9a6bca1 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 28 Jun 2021 12:06:46 -0400 Subject: [PATCH 306/489] coreos-propagate-multipath-conf: run After=initrd-root-fs.target We should only copy to the sysroot's `/etc` after we're sure it's all set up. This is marked by `initrd-root-fs.target`. Related: https://bugzilla.redhat.com/show_bug.cgi?id=1974411 --- .../coreos-propagate-multipath-conf.service | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service index 978fc56c4e..c475eaa6c5 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service @@ -1,8 +1,10 @@ [Unit] Description=CoreOS Propagate Multipath Configuration -After=ostree-prepare-root.service Before=initrd.target +# we write to the rootfs, so run after it's ready +After=initrd-root-fs.target + ConditionKernelCommandLine=rd.multipath=default OnFailure=emergency.target From e0d33028848a64e1c13272543edc95432de8de34 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 30 Jun 2021 20:54:38 +0000 Subject: [PATCH 307/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/353/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index d99b75ec24..d7ddb4cf41 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.12.12-300.fc34.x86_64" + "evra": "5.12.13-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.12.12-300.fc34.x86_64" + "evra": "5.12.13-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.12.12-300.fc34.x86_64" + "evra": "5.12.13-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -910,7 +910,7 @@ "evra": "6.9.7.1-1.fc34.x86_64" }, "openldap": { - "evra": "2.4.57-4.fc34.x86_64" + "evra": "2.4.57-5.fc34.x86_64" }, "openssh": { "evra": "8.6p1-3.fc34.x86_64" @@ -1042,10 +1042,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.11-1.fc34.noarch" + "evra": "34.12-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.11-1.fc34.noarch" + "evra": "34.12-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1144,7 +1144,7 @@ "evra": "0.0.99.1-1.fc34.x86_64" }, "tpm2-tools": { - "evra": "5.1-1.fc34.x86_64" + "evra": "5.1.1-1.fc34.x86_64" }, "tpm2-tss": { "evra": "3.1.0-1.fc34.x86_64" @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3046-1.fc34.x86_64" + "evra": "2:8.2.3070-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-28T20:53:49Z", + "generated": "2021-06-30T20:04:21Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-27T21:38:00Z" + "generated": "2021-06-28T21:32:38Z" }, "fedora-updates": { - "generated": "2021-06-28T01:23:25Z" + "generated": "2021-06-30T00:54:00Z" } } } From 4e335e4de185aa3f8494789494739a39563347a2 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 15 Jun 2021 17:15:38 -0400 Subject: [PATCH 308/489] image-base.yaml: set bootfs_metadata_csum_seed to true This will tell COSA to set the metadata_csum_seed filesystem feature for the boot filesystem. This helps us not have to run a filesystem check before running tune2fs to randomize the filesystem UUID on first boot. See https://github.com/coreos/fedora-coreos-tracker/issues/735 for more context. Depends on https://github.com/coreos/coreos-assembler/pull/2228 --- image-base.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/image-base.yaml b/image-base.yaml index 1aabf6ace6..3d9e1d5d1b 100644 --- a/image-base.yaml +++ b/image-base.yaml @@ -21,6 +21,15 @@ ostree-remote: fedora # https://github.com/ostreedev/ostree/issues/1265 sysroot-readonly: true +# opt in to using the `metadata_csum_seed` feature of the ext4 filesystem +# for the /boot filesystem. Support for this was only recently added to grub +# and isn't available everywhere yet so we'll gate it behind this image.yaml +# knob. It should be easy to know when RHEL/RHCOS supports this by just flipping +# this to `true` and doing a build. It should error when building the disk +# images if grub doesn't support it. +# https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00031.html +bootfs_metadata_csum_seed: true + # After this, we plan to add support for the Ignition # storage/filesystems sections. (Although one can do # that on boot as well) From 6a8be3c91342fa71977677a4788956594cbf504e Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 2 Jul 2021 01:04:00 +0000 Subject: [PATCH 309/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/356/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 46 +++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index d7ddb4cf41..1d5feea9f4 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -52,13 +52,13 @@ "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.16.16-1.fc34.x86_64" + "evra": "32:9.16.18-1.fc34.x86_64" }, "bind-license": { - "evra": "32:9.16.16-1.fc34.noarch" + "evra": "32:9.16.18-1.fc34.noarch" }, "bind-utils": { - "evra": "32:9.16.16-1.fc34.x86_64" + "evra": "32:9.16.18-1.fc34.x86_64" }, "bootupd": { "evra": "0.2.5-3.fc34.x86_64" @@ -340,7 +340,7 @@ "evra": "5.1.0-3.fc34.x86_64" }, "gdisk": { - "evra": "1.0.7-1.fc34.x86_64" + "evra": "1.0.8-1.fc34.x86_64" }, "gettext": { "evra": "0.21-4.fc34.x86_64" @@ -577,7 +577,7 @@ "evra": "11.1.1-3.fc34.x86_64" }, "libgcrypt": { - "evra": "1.9.3-2.fc34.x86_64" + "evra": "1.9.3-3.fc34.x86_64" }, "libgomp": { "evra": "11.1.1-3.fc34.x86_64" @@ -604,7 +604,7 @@ "evra": "1.3.1-47.fc34.x86_64" }, "libipa_hbac": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "libjcat": { "evra": "0.1.6-1.fc34.x86_64" @@ -739,16 +739,16 @@ "evra": "0.9.5-2.fc34.noarch" }, "libsss_certmap": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "libsss_idmap": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "libsss_nss_idmap": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "libsss_sudo": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "libstdc++": { "evra": "11.1.1-3.fc34.x86_64" @@ -781,7 +781,7 @@ "evra": "1.0.24-2.fc34.x86_64" }, "libuser": { - "evra": "0.63-3.fc34.x86_64" + "evra": "0.63-4.fc34.x86_64" }, "libutempter": { "evra": "1.2.1-4.fc34.x86_64" @@ -802,7 +802,7 @@ "evra": "2:4.14.5-0.fc34.x86_64" }, "libxcrypt": { - "evra": "4.4.22-2.fc34.x86_64" + "evra": "4.4.23-1.fc34.x86_64" }, "libxml2": { "evra": "2.9.12-4.fc34.x86_64" @@ -1087,28 +1087,28 @@ "evra": "0.1.2-7.fc34.x86_64" }, "sssd-ad": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "sssd-client": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "sssd-common": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "sssd-common-pac": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "sssd-ipa": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "sssd-krb5": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "sssd-krb5-common": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "sssd-ldap": { - "evra": "2.5.1-1.fc34.x86_64" + "evra": "2.5.1-2.fc34.x86_64" }, "stalld": { "evra": "1.10-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-06-30T20:04:21Z", + "generated": "2021-07-02T00:36:22Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-28T21:32:38Z" + "generated": "2021-06-30T21:03:30Z" }, "fedora-updates": { - "generated": "2021-06-30T00:54:00Z" + "generated": "2021-07-01T00:58:53Z" } } } From 76586f014f96fa72e2b5eefa9b40655fc170be5e Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 1 Jul 2021 14:52:50 -0400 Subject: [PATCH 310/489] Revert "kola-denylist.yaml: add ext.config.podman.rootless-systemd" Kernel 5.11+ seems to fix this based on the comments in https://github.com/containers/buildah/issues/3071#issuecomment-806072194 Indeed, when I run the test against a rawhide build it passes. This reverts commit f12a5132ebe169ad643dab5b7fe028889c77a386. --- kola-denylist.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/kola-denylist.yaml b/kola-denylist.yaml index 5c0edff573..cf3a3d8c88 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -5,8 +5,3 @@ tracker: https://github.com/coreos/coreos-assembler/pull/1478 - pattern: podman.workflow tracker: https://github.com/coreos/coreos-assembler/pull/1478 -- pattern: ext.config.podman.rootless-systemd - tracker: https://github.com/containers/buildah/issues/3071 - streams: - - branched - - rawhide From a29bcfa8bce5be8a73502612babc869ee1307fb3 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 2 Jul 2021 21:22:55 +0000 Subject: [PATCH 311/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/357/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 1d5feea9f4..8b3850ff9b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -304,7 +304,7 @@ "evra": "1:4.8.0-2.fc34.x86_64" }, "firewalld-filesystem": { - "evra": "0.9.3-3.fc34.noarch" + "evra": "0.9.4-1.fc34.noarch" }, "flatpak-session-helper": { "evra": "1.10.2-3.fc34.x86_64" @@ -1015,10 +1015,10 @@ "evra": "4.16.1.3-1.fc34.x86_64" }, "rpm-ostree": { - "evra": "2021.5-1.fc34.x86_64" + "evra": "2021.6-2.fc34.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.5-1.fc34.x86_64" + "evra": "2021.6-2.fc34.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.3-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-02T00:36:22Z", + "generated": "2021-07-02T20:53:09Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-06-30T21:03:30Z" + "generated": "2021-07-02T01:15:32Z" }, "fedora-updates": { - "generated": "2021-07-01T00:58:53Z" + "generated": "2021-07-02T00:57:13Z" } } } From 9d56ef722ae3d15895ea49ab7dd7d65c47bb0c3e Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 3 Jul 2021 21:21:56 +0000 Subject: [PATCH 312/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/358/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 8b3850ff9b..634cc10170 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -145,10 +145,10 @@ "evra": "0.9.1-1.fc34.x86_64" }, "coreutils": { - "evra": "8.32-27.fc34.x86_64" + "evra": "8.32-28.fc34.x86_64" }, "coreutils-common": { - "evra": "8.32-27.fc34.x86_64" + "evra": "8.32-28.fc34.x86_64" }, "cpio": { "evra": "2.13-10.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-02T20:53:09Z", + "generated": "2021-07-03T20:54:49Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-02T01:15:32Z" + "generated": "2021-07-02T21:35:18Z" }, "fedora-updates": { - "generated": "2021-07-02T00:57:13Z" + "generated": "2021-07-03T01:17:26Z" } } } From 698f5086e2fbe998559abcc9d06039308d9c3702 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 4 Jul 2021 21:21:39 +0000 Subject: [PATCH 313/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/359/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 634cc10170..1326f2baa5 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -136,7 +136,7 @@ "evra": "1.0.0-0.2.rc1.fc34.x86_64" }, "containers-common": { - "evra": "4:1-19.fc34.noarch" + "evra": "4:1-20.fc34.noarch" }, "coreos-installer": { "evra": "0.9.1-1.fc34.x86_64" @@ -715,7 +715,7 @@ "evra": "2.13-2.fc34.x86_64" }, "libslirp": { - "evra": "4.4.0-2.fc34.x86_64" + "evra": "4.4.0-4.fc34.x86_64" }, "libsmartcols": { "evra": "2.36.2-1.fc34.x86_64" @@ -970,10 +970,10 @@ "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "3:3.2.1-1.fc34.x86_64" + "evra": "3:3.2.2-1.fc34.x86_64" }, "podman-plugins": { - "evra": "3:3.2.1-1.fc34.x86_64" + "evra": "3:3.2.2-1.fc34.x86_64" }, "policycoreutils": { "evra": "3.2-1.fc34.x86_64" @@ -1189,20 +1189,20 @@ "evra": "1.2.11-26.fc34.x86_64" }, "zram-generator": { - "evra": "0.3.2-3.fc34.x86_64" + "evra": "0.3.2-4.fc34.x86_64" } }, "metadata": { - "generated": "2021-07-03T20:54:49Z", + "generated": "2021-07-04T20:53:03Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-02T21:35:18Z" + "generated": "2021-07-03T21:30:49Z" }, "fedora-updates": { - "generated": "2021-07-03T01:17:26Z" + "generated": "2021-07-04T00:55:20Z" } } } From 413bf20df500a1a3cabaa8055140d0c0bba9991b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 5 Jul 2021 06:18:10 +0000 Subject: [PATCH 314/489] =?UTF-8?q?lockfiles:=20drop=20graduated=20overrid?= =?UTF-8?q?es=20=F0=9F=8E=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Triggered by remove-graduated-overrides GitHub Action. --- manifest-lock.overrides.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index e9e8d7a2c5..2b3b40b760 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -18,7 +18,3 @@ packages: metadata: reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 type: pin - ignition: - evr: 2.11.0-1.fc34 - metadata: - type: fast-track From fc4c9b49b2200c2a278feaa0be917c9827333717 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 5 Jul 2021 21:23:59 +0000 Subject: [PATCH 315/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/360/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 1326f2baa5..8c7bd69968 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -655,7 +655,7 @@ "evra": "1.0.1-19.fc34.x86_64" }, "libnfsidmap": { - "evra": "1:2.5.3-3.rc2.fc34.x86_64" + "evra": "1:2.5.4-0.fc34.x86_64" }, "libnftnl": { "evra": "1.1.9-2.fc34.x86_64" @@ -889,7 +889,7 @@ "evra": "0.52.21-9.fc34.x86_64" }, "nfs-utils-coreos": { - "evra": "1:2.5.3-3.rc2.fc34.x86_64" + "evra": "1:2.5.4-0.fc34.x86_64" }, "nftables": { "evra": "1:0.9.8-2.fc34.x86_64" @@ -1141,7 +1141,7 @@ "evra": "1.31-3.fc34.x86_64" }, "toolbox": { - "evra": "0.0.99.1-1.fc34.x86_64" + "evra": "0.0.99.2-1.fc34.x86_64" }, "tpm2-tools": { "evra": "5.1.1-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-04T20:53:03Z", + "generated": "2021-07-05T20:53:39Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-03T21:30:49Z" + "generated": "2021-07-04T21:31:20Z" }, "fedora-updates": { - "generated": "2021-07-04T00:55:20Z" + "generated": "2021-07-05T01:22:13Z" } } } From 1fe884335ba7caa75815374dd1382a2b42a29675 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 5 Jul 2021 14:00:24 -0400 Subject: [PATCH 316/489] 40ignition-ostree: explicitly add zram kmod in initrd We were relying on the zram kmod already being in the initramfs so far, though that assumption for whatever reason is now incorrect in rawhide, causing rootfs reprovisioning related tests to fail. Anyway, we should be more explicit here about what our requirements are. --- .../lib/dracut/modules.d/40ignition-ostree/module-setup.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh index 99796ebf4b..bf9a7872ab 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh @@ -15,6 +15,11 @@ install_ignition_unit() { systemctl -q --root="$initdir" add-requires "ignition-${target}.target" "$unit" || exit 1 } +installkernel() { + # Used by ignition-ostree-transposefs + instmods -c zram +} + install() { inst_multiple \ realpath \ From 3568dc2e7f691ed6abf8a37242a616b9eaf9ba5b Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 6 Jul 2021 11:21:09 -0400 Subject: [PATCH 317/489] ci/buildroot: bump nocache hack to defeat Quay.io caching The images are being built, but the contents at this point are almost a month out of date. If there's no sustainable way to work around this, we should probably just move it to e.g. openshift/release and have it push to Quay.io. See: https://github.com/coreos/fedora-coreos-tracker/issues/890 --- ci/buildroot/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/buildroot/Dockerfile b/ci/buildroot/Dockerfile index 154a16efe5..135644f473 100644 --- a/ci/buildroot/Dockerfile +++ b/ci/buildroot/Dockerfile @@ -7,4 +7,4 @@ # Ignition, rpm-ostree, ostree, coreos-installer, etc... FROM registry.fedoraproject.org/fedora:34 COPY . /src -RUN ./src/install-buildroot.sh && yum clean all && rm /src -rf # nocache 20210426 +RUN ./src/install-buildroot.sh && yum clean all && rm /src -rf # nocache 20210706 From 4b896a4110c9a0fe06a6c0c5e564b31f40d153a5 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 6 Jul 2021 14:53:47 -0400 Subject: [PATCH 318/489] 05core: add coreos-ignition-firstboot-complete.service This is mostly a mechanical move of ignition-firstboot-complete.service to this repo. The only differences are tweaking the service unit name and the Description and Documentation keys. Prompted by tweaks we'd like to do here, and possibly eventually moving it to the initramfs fully (merging it with coreos-boot-edit.service). The renaming also allows us to loosen the order of operation in which this is done, so that we can get this in to enable the new unit, while keeping the old unit disabled, without necessarily waiting for the original unit file itself to drop out of the `ignition` package. For background, see: https://github.com/coreos/ignition/issues/1125 --- .../systemd/system-preset/40-coreos.preset | 4 +-- ...coreos-ignition-firstboot-complete.service | 31 +++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service diff --git a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset index 871d19565e..a3ea8b5485 100644 --- a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset +++ b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset @@ -5,8 +5,8 @@ enable console-login-helper-messages-gensnippet-os-release.service enable console-login-helper-messages-gensnippet-ssh-keys.service # CA certs (probably to add to base fedora eventually) enable coreos-update-ca-trust.service -# This one is from https://github.com/coreos/ignition-dracut -enable ignition-firstboot-complete.service +# https://github.com/coreos/ignition/issues/1125 +enable coreos-ignition-firstboot-complete.service # Boot checkin services for cloud providers. enable afterburn-checkin.service enable afterburn-firstboot-checkin.service diff --git a/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service b/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service new file mode 100644 index 0000000000..02edcf886d --- /dev/null +++ b/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service @@ -0,0 +1,31 @@ +[Unit] +Description=CoreOS Mark Ignition Boot Complete +Documentation=https://docs.fedoraproject.org/en-US/fedora-coreos/ +ConditionKernelCommandLine=ignition.firstboot +ConditionPathExists=!/run/ostree-live +RequiresMountsFor=/boot + +[Service] +Type=oneshot +RemainAfterExit=yes +# The MountFlags=slave is so we remount /boot temporarily writable; +# see https://github.com/ostreedev/ostree/issues/1265 for the bigger picture. +# This option creates a new mount namespace; from the point of view of +# everything else, /boot stays readonly. We only have a transient writable mount +# for the lifetime of the unit. +# +# Also regarding the lack of `-f` for rm ; we should have only run if GRUB +# detected this file. Fail if we are unable to remove it, rather than risking +# rerunning Ignition at next boot. +MountFlags=slave +# It is better to have a separate script to do this but it might be polluting +# the target system with some script in i.e. /usr/sbin/firstboot-complete +# The retval code is still respected with having this if-else block. +ExecStart=/bin/sh -c \ + 'mount -o remount,rw /boot && \ + if [[ $(uname -m) = s390x ]]; then zipl; fi && \ + rm /boot/ignition.firstboot' + +[Install] +# Part of basic.target so this happens early on in firstboot +WantedBy=basic.target From f0a3cd55b8a01dba9a6aa298a612f4c9280b8467 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 7 Jul 2021 21:22:23 +0000 Subject: [PATCH 319/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/362/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 8c7bd69968..ce97cb7772 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1042,10 +1042,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.12-1.fc34.noarch" + "evra": "34.13-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.12-1.fc34.noarch" + "evra": "34.13-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-05T20:53:39Z", + "generated": "2021-07-07T20:53:22Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-04T21:31:20Z" + "generated": "2021-07-05T21:32:50Z" }, "fedora-updates": { - "generated": "2021-07-05T01:22:13Z" + "generated": "2021-07-07T01:37:53Z" } } } From 5c05b84fcbba26c5150c0f80e344965b0696319a Mon Sep 17 00:00:00 2001 From: Ben Howard Date: Wed, 7 Jul 2021 16:54:03 -0600 Subject: [PATCH 320/489] Buildroot: add golang Adding golang means that we can start using a common build root for Prow, Jenkins and as the seed image for COSA. --- ci/buildroot/buildroot-reqs.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/buildroot/buildroot-reqs.txt b/ci/buildroot/buildroot-reqs.txt index 9fa769516c..0568b79a14 100644 --- a/ci/buildroot/buildroot-reqs.txt +++ b/ci/buildroot/buildroot-reqs.txt @@ -34,6 +34,9 @@ ostree # A super common tool jq +# For golang projects like mantle and gangplank +golang + # Used by ostree/rpm-ostree CI (TODO: add to something like TestBuildRequires in spec files) attr rsync From d682520dd6dd763361c05a8f9bf7cbeeb945a805 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 7 Jul 2021 18:25:36 -0400 Subject: [PATCH 321/489] dracut: drop references to ignition-setup-base.service It was dropped in Ignition 2.8.0 (e2d3fa3a61b3). --- .../dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service | 2 +- .../40ignition-ostree/ignition-ostree-uuid-boot.service | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service index b9fad50ce7..18cc4fb18a 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service @@ -25,7 +25,7 @@ After=coreos-multipath-wait.target # Run before services that use device nodes, preventing them from racing # with udev activity generated by sgdisk -Before=ignition-setup-base.service ignition-setup-user.service ignition-disks.service +Before=ignition-setup-user.service ignition-disks.service OnFailure=emergency.target OnFailureJobMode=isolate diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service index 6805127e83..ff083239d3 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service @@ -7,7 +7,6 @@ ConditionPathExists=!/run/ostree-live # We run pretty early Before=coreos-copy-firstboot-network.service Before=ignition-fetch.service -Before=ignition-setup-base.service Before=ignition-setup-user.service # Any services looking at mounts need to order after this # because it causes device re-probing. From 6e178e717e1d20336ef285b2612428960854a600 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 7 Jul 2021 21:37:07 -0400 Subject: [PATCH 322/489] overlay: remove /boot/ignition on upgrade if present On subsequent boots, if /boot/ignition is present, remove it. This fixes up old nodes with a world-readable Ignition config in /boot. https://github.com/coreos/fedora-coreos-tracker/issues/889 --- .../lib/systemd/system-preset/45-fcos.preset | 3 ++ .../coreos-cleanup-ignition-config.service | 20 ++++++++++++ .../libexec/coreos-cleanup-ignition-config | 10 ++++++ tests/kola/migration/installer-cleanup | 32 +++++++++++++++++++ 4 files changed, 65 insertions(+) create mode 100644 overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service create mode 100755 overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config create mode 100755 tests/kola/migration/installer-cleanup diff --git a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset index d153b69b73..ad40cb9d2c 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset +++ b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset @@ -5,3 +5,6 @@ enable coreos-check-ignition-config.service enable coreos-check-ssh-keys.service # Check if cgroupsv1 is still being used enable coreos-check-cgroups.service +# Clean up injected Ignition config in /boot on upgrade +# https://github.com/coreos/fedora-coreos-tracker/issues/889 +enable coreos-cleanup-ignition-config.service diff --git a/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service b/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service new file mode 100644 index 0000000000..2df7e2db1a --- /dev/null +++ b/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service @@ -0,0 +1,20 @@ +[Unit] +Description=Clean Up Injected Ignition Config in /boot +Documentation=https://github.com/coreos/fedora-coreos-tracker/issues/889 +# Newer Ignition will handle this on first boot; we only want to clean up +# leftover configs on upgrade. Disambiguate those two code paths for tests. +ConditionKernelCommandLine=!ignition.firstboot +RequiresMountsFor=/boot +ConditionPathExists=/boot/ignition +# We ship a kdump.service dropin that remounts /boot rw; avoid conflicts +Before=kdump.service + +[Service] +Type=oneshot +ExecStart=/usr/libexec/coreos-cleanup-ignition-config +RemainAfterExit=yes +# MountFlags=slave ensures the rw mount of /boot is private to the unit +MountFlags=slave + +[Install] +WantedBy=multi-user.target diff --git a/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config b/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config new file mode 100755 index 0000000000..ee76687c0a --- /dev/null +++ b/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config @@ -0,0 +1,10 @@ +#!/usr/bin/bash +# +# Clean up existing nodes that have a world-readable /boot/ignition/config.ign. +# Remove this after the next barrier release on all streams. +# https://github.com/coreos/fedora-coreos-tracker/issues/889 + +set -euo pipefail + +mount -o remount,rw /boot +rm -rf /boot/ignition diff --git a/tests/kola/migration/installer-cleanup b/tests/kola/migration/installer-cleanup new file mode 100755 index 0000000000..81dc015788 --- /dev/null +++ b/tests/kola/migration/installer-cleanup @@ -0,0 +1,32 @@ +#!/bin/bash +# Old instances might have a leftover Ignition config in /boot/ignition on +# upgrade. Manually create one, reboot, and ensure that it's correctly +# cleaned up. +# https://github.com/coreos/fedora-coreos-tracker/issues/889 + +set -xeuo pipefail + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +case "${AUTOPKGTEST_REBOOT_MARK:-}" in +"") + sudo mount -o remount,rw /boot + sudo mkdir -p /boot/ignition + sudo touch /boot/ignition/config.ign + /tmp/autopkgtest-reboot rebooted + ;; +rebooted) + [[ ! -e /boot/ignition ]] + ok "/boot/ignition was removed" + ;; +*) + fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}" + ;; +esac From aaa09be0091dd5eab79e3ca6bc8538781c90f568 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 6 Jul 2021 12:31:57 -0400 Subject: [PATCH 323/489] 15fcos: add missing dash in "user provided" --- overlay.d/15fcos/usr/libexec/coreos-check-ignition-config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config.sh b/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config.sh index 819a79b8d1..93093bdba0 100755 --- a/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config.sh +++ b/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config.sh @@ -16,7 +16,7 @@ nc='\033[0m' output=$(journalctl -o json-pretty MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb | jq -s '.[] | select(.IGNITION_CONFIG_TYPE == "user")'| wc -l) if [[ $output -gt 0 ]];then - echo "Ignition: user provided config was applied" > /etc/issue.d/30_ignition_config_info.issue + echo "Ignition: user-provided config was applied" > /etc/issue.d/30_ignition_config_info.issue else echo -e "${warn}Ignition: no config provided by user${nc}" > /etc/issue.d/30_ignition_config_info.issue fi From b380c9708216211b8502de4d7cd2f667aadf25de Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 6 Jul 2021 12:32:32 -0400 Subject: [PATCH 324/489] 15fcos: make "ssh" all caps The SSH host keys are also being printed in the issue, and there it's all caps, so let's be consistent with that. --- overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys.sh b/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys.sh index f59d2c064c..1cc4fba975 100755 --- a/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys.sh +++ b/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys.sh @@ -38,7 +38,7 @@ main() { if [ -n "$output" ]; then echo "$output" > /etc/issue.d/30_ssh_authorized_keys.issue else - echo -e "${warn}No ssh authorized keys provided by Ignition or Afterburn${nc}" \ + echo -e "${warn}No SSH authorized keys provided by Ignition or Afterburn${nc}" \ > /etc/issue.d/30_ssh_authorized_keys.issue fi From 596e95b83ed7bc002058746356cc76457c52ddd1 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 6 Jul 2021 15:52:52 -0400 Subject: [PATCH 325/489] 05core: move coreos-ignition-firstboot-complete logic to separate script We want to expand on it and it's awkward to do it in a systemd unit. No change to the logic itself. --- .../coreos-ignition-firstboot-complete.service | 12 +----------- .../libexec/coreos-ignition-firstboot-complete.sh | 13 +++++++++++++ 2 files changed, 14 insertions(+), 11 deletions(-) create mode 100755 overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete.sh diff --git a/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service b/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service index 02edcf886d..63af75ca44 100644 --- a/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service +++ b/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service @@ -13,18 +13,8 @@ RemainAfterExit=yes # This option creates a new mount namespace; from the point of view of # everything else, /boot stays readonly. We only have a transient writable mount # for the lifetime of the unit. -# -# Also regarding the lack of `-f` for rm ; we should have only run if GRUB -# detected this file. Fail if we are unable to remove it, rather than risking -# rerunning Ignition at next boot. MountFlags=slave -# It is better to have a separate script to do this but it might be polluting -# the target system with some script in i.e. /usr/sbin/firstboot-complete -# The retval code is still respected with having this if-else block. -ExecStart=/bin/sh -c \ - 'mount -o remount,rw /boot && \ - if [[ $(uname -m) = s390x ]]; then zipl; fi && \ - rm /boot/ignition.firstboot' +ExecStart=/usr/libexec/coreos-ignition-firstboot-complete.sh [Install] # Part of basic.target so this happens early on in firstboot diff --git a/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete.sh b/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete.sh new file mode 100755 index 0000000000..0735c8fbcc --- /dev/null +++ b/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete.sh @@ -0,0 +1,13 @@ +#!/bin/bash +set -euo pipefail + +mount -o remount,rw /boot + +if [[ $(uname -m) = s390x ]]; then + zipl +fi + +# Regarding the lack of `-f` for rm ; we should have only run if GRUB detected +# this file. Fail if we are unable to remove it, rather than risking rerunning +# Ignition at next boot. +rm /boot/ignition.firstboot From 11595c2da9a6d7ed5b34ac59f56c9417316ee5bf Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 7 Jul 2021 14:48:54 -0400 Subject: [PATCH 326/489] overlay.d: drop .sh extensions on /usr/libexec shell scripts I personally don't like including the .sh extension on installed executable scripts because it "leaks" that it's a shell script, whereas all we should care about is that it's an executable. --- .../systemd/system/coreos-ignition-firstboot-complete.service | 2 +- ...firstboot-complete.sh => coreos-ignition-firstboot-complete} | 0 .../15fcos/usr/lib/systemd/system/coreos-check-cgroups.service | 2 +- .../usr/lib/systemd/system/coreos-check-ignition-config.service | 2 +- .../15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service | 2 +- .../libexec/{coreos-check-cgroups.sh => coreos-check-cgroups} | 0 ...os-check-ignition-config.sh => coreos-check-ignition-config} | 0 .../libexec/{coreos-check-ssh-keys.sh => coreos-check-ssh-keys} | 0 8 files changed, 4 insertions(+), 4 deletions(-) rename overlay.d/05core/usr/libexec/{coreos-ignition-firstboot-complete.sh => coreos-ignition-firstboot-complete} (100%) rename overlay.d/15fcos/usr/libexec/{coreos-check-cgroups.sh => coreos-check-cgroups} (100%) rename overlay.d/15fcos/usr/libexec/{coreos-check-ignition-config.sh => coreos-check-ignition-config} (100%) rename overlay.d/15fcos/usr/libexec/{coreos-check-ssh-keys.sh => coreos-check-ssh-keys} (100%) diff --git a/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service b/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service index 63af75ca44..42adf1e6b0 100644 --- a/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service +++ b/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service @@ -14,7 +14,7 @@ RemainAfterExit=yes # everything else, /boot stays readonly. We only have a transient writable mount # for the lifetime of the unit. MountFlags=slave -ExecStart=/usr/libexec/coreos-ignition-firstboot-complete.sh +ExecStart=/usr/libexec/coreos-ignition-firstboot-complete [Install] # Part of basic.target so this happens early on in firstboot diff --git a/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete.sh b/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete similarity index 100% rename from overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete.sh rename to overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete diff --git a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service index ceeb3edd64..18e4b85ad7 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service +++ b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service @@ -5,7 +5,7 @@ Description=Check if cgroupsv1 is still being used ConditionControlGroupController=v1 [Service] Type=oneshot -ExecStart=/usr/libexec/coreos-check-cgroups.sh +ExecStart=/usr/libexec/coreos-check-cgroups RemainAfterExit=yes [Install] WantedBy=multi-user.target diff --git a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service index 3b73e3d176..1a91853d6b 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service +++ b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service @@ -10,7 +10,7 @@ Description=Check if Ignition config is provided ConditionKernelCommandLine=ignition.firstboot [Service] Type=oneshot -ExecStart=/usr/libexec/coreos-check-ignition-config.sh +ExecStart=/usr/libexec/coreos-check-ignition-config RemainAfterExit=yes [Install] WantedBy=multi-user.target diff --git a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service index 3536f52900..c11047bc9b 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service +++ b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service @@ -16,7 +16,7 @@ ConditionKernelCommandLine=ignition.firstboot [Service] Type=oneshot ProtectHome=read-only -ExecStart=/usr/libexec/coreos-check-ssh-keys.sh +ExecStart=/usr/libexec/coreos-check-ssh-keys RemainAfterExit=yes [Install] WantedBy=multi-user.target diff --git a/overlay.d/15fcos/usr/libexec/coreos-check-cgroups.sh b/overlay.d/15fcos/usr/libexec/coreos-check-cgroups similarity index 100% rename from overlay.d/15fcos/usr/libexec/coreos-check-cgroups.sh rename to overlay.d/15fcos/usr/libexec/coreos-check-cgroups diff --git a/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config.sh b/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config similarity index 100% rename from overlay.d/15fcos/usr/libexec/coreos-check-ignition-config.sh rename to overlay.d/15fcos/usr/libexec/coreos-check-ignition-config diff --git a/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys.sh b/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys similarity index 100% rename from overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys.sh rename to overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys From 4719415a4749454068408adf2fdf213a927f6df8 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 7 Jul 2021 14:53:40 -0400 Subject: [PATCH 327/489] 05core/firstboot-complete: also delete /boot/ignition if it exists Once we're done provisioning, nuke any baked Ignition config since it may contain secrets. We nuke the whole dir in the name of keeping `/boot` neat and tidy. Part of https://github.com/coreos/fedora-coreos-tracker/issues/889. --- .../05core/usr/libexec/coreos-ignition-firstboot-complete | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete b/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete index 0735c8fbcc..3973d11e04 100755 --- a/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete +++ b/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete @@ -7,6 +7,11 @@ if [[ $(uname -m) = s390x ]]; then zipl fi +# We're done provisioning. Remove the whole /boot/ignition directory if present, +# which may include a baked Ignition config. See +# https://github.com/coreos/fedora-coreos-tracker/issues/889. +rm -rf /boot/ignition + # Regarding the lack of `-f` for rm ; we should have only run if GRUB detected # this file. Fail if we are unable to remove it, rather than risking rerunning # Ignition at next boot. From dd54e8cb1aa93420cbdd714dcd2376962c5b86a3 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 7 Jul 2021 11:07:48 -0400 Subject: [PATCH 328/489] 35coreos-live: stop overriding NetworkManager-wait-online timeout to 5s We originally did this in #326 because we wanted to support booting the live ISO without networking. This was solved on the initramfs side by the conditional networking work (#426). But for the real root, this was still useful because if booting the ISO interactively on a system without any network, or a non-DHCP network, we didn't want the user to have to wait until the service timed out before getting a shell. The core issue however is that we're requesting `network-online.target` at all. It's an "active unit" which means that it's only pulled in the transaction, possibly delaying boot, if another systemd unit needs it. And ideally, no service would need it as per: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ In our case, this unit was fedora-coreos-pinger. We drop that requirement here: https://github.com/coreos/fedora-coreos-pinger/pull/41 With that, we no longer pull in `network-online.target` and so no longer delay reaching the console even if NetworkManager isn't able to get an active connection for whatever reason. This matches how it works on traditional Fedora as well. Having a short timeout actually also had a counterproductive effect in the automated install case. There, `coreos-installer.service` does pull in `network-online.target` (which with https://github.com/coreos/coreos-installer/pull/565 we could consider dropping as advised by systemd, though we probably should bump the number of retries some more in that case), but because of the short timeout, we genuinely may not yet have the network fully up before we run (see https://bugzilla.redhat.com/show_bug.cgi?id=1967483). --- ...liveiso-reconfigure-nm-wait-online.service | 23 ------------------- .../modules.d/35coreos-live/live-generator | 2 -- .../modules.d/35coreos-live/module-setup.sh | 3 --- tests/kola/misc-ro | 8 +++++++ 4 files changed, 8 insertions(+), 28 deletions(-) delete mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-reconfigure-nm-wait-online.service diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-reconfigure-nm-wait-online.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-reconfigure-nm-wait-online.service deleted file mode 100644 index 1c910a2eeb..0000000000 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-reconfigure-nm-wait-online.service +++ /dev/null @@ -1,23 +0,0 @@ -# Configure NetworkManager-wait-online in the real root for the -# Live ISO to timeout quicker and also not explicitly fail since -# booting the Live ISO without network is a valid use case. -# -# Doing this improves the user experience when booting the -# Live ISO without network. - -[Unit] -Description=Reconfigure NetworkManager-wait-online service -DefaultDependencies=no -# Make sure we are in the initramfs and we are booted to the live ISO -ConditionPathExists=/usr/lib/initrd-release -ConditionKernelCommandLine=coreos.liveiso -ConditionPathExists=/run/ostree-live - -[Service] -Type=oneshot -RemainAfterExit=yes -# Note keep this in sync with NetworkManager-wait-online.service -# Right now we are keeping the same ExecStart but we are making it -# OK to fail (`-`) and timeout sooner (5 seconds vs 30). -ExecStartPre=/usr/bin/mkdir -p /run/systemd/system/NetworkManager-wait-online.service.d -ExecStart=/bin/bash -c 'echo -e "[Service]\nExecStart=\nExecStart=-/usr/bin/nm-online -s -q --timeout=5" > /run/systemd/system/NetworkManager-wait-online.service.d/liveiso.conf' diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator index 3cdd88fd2a..560b0b6af5 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator @@ -31,8 +31,6 @@ add_requires sysroot.mount initrd-root-fs.target add_requires sysroot-etc.mount initrd-root-fs.target add_requires sysroot-var.mount initrd-root-fs.target -add_requires coreos-liveiso-reconfigure-nm-wait-online.service initrd.target - mkdir -p "${UNIT_DIR}/ostree-prepare-root.service.d" cat > "${UNIT_DIR}/ostree-prepare-root.service.d/10-live.conf" < Date: Thu, 8 Jul 2021 13:34:55 -0400 Subject: [PATCH 329/489] overrides: fast-track fedora-coreos-pinger-0.0.4-11.fc34 Contains https://github.com/coreos/fedora-coreos-pinger/pull/41 for https://github.com/coreos/fedora-coreos-config/pull/1088. --- manifest-lock.overrides.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 2b3b40b760..62e78369e6 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -18,3 +18,9 @@ packages: metadata: reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 type: pin + fedora-coreos-pinger: + evr: 0.0.4-11.fc34 + metadata: + type: fast-track + reason: https://github.com/coreos/fedora-coreos-config/pull/1088 + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9d4c3ddc8a From c84da092010100cd64f6807e80db8ccb1fb63dc8 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 9 Jul 2021 10:57:17 +0000 Subject: [PATCH 330/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/364/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index ce97cb7772..76dc6e723a 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -265,7 +265,7 @@ "evra": "2.4.1-1.fc34.x86_64" }, "fedora-coreos-pinger": { - "evra": "0.0.4-9.fc34.x86_64" + "evra": "0.0.4-11.fc34.x86_64" }, "fedora-gpg-keys": { "evra": "34-2.noarch" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.12.13-300.fc34.x86_64" + "evra": "5.12.14-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.12.13-300.fc34.x86_64" + "evra": "5.12.14-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.12.13-300.fc34.x86_64" + "evra": "5.12.14-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1183,7 +1183,7 @@ "evra": "1.1.15-1.fc34.x86_64" }, "zincati": { - "evra": "0.0.21-1.fc34.x86_64" + "evra": "0.0.21-2.fc34.x86_64" }, "zlib": { "evra": "1.2.11-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-07T20:53:22Z", + "generated": "2021-07-09T10:30:29Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-05T21:32:50Z" + "generated": "2021-07-08T20:43:32Z" }, "fedora-updates": { - "generated": "2021-07-07T01:37:53Z" + "generated": "2021-07-09T00:50:04Z" } } } From c2dd8ebd6f14ee7377bd103d7eda5f1041413f39 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 8 Jul 2021 16:24:12 -0400 Subject: [PATCH 331/489] 35coreos-ignition: depend on coreos-live; assume is-live-image exists Upstream Ignition can't assume is-live-image exists, because the distro may not have provided it. But we know the coreos-live module is providing it, so drop the check. --- .../dracut/modules.d/35coreos-ignition/coreos-diskful-generator | 2 +- .../usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator index 852cdc34aa..caea175701 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator @@ -45,7 +45,7 @@ if ! $(cmdline_bool 'ignition.firstboot' 0); then exit 0 fi -if ! command -v is-live-image >/dev/null || ! is-live-image; then +if ! is-live-image; then # ignition-setup-user.service should depend on the boot device node # only on diskful boots mkdir -p "${UNIT_DIR}/ignition-setup-user.service.d" diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh index 94895b9882..a2c7ea2a35 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh @@ -3,7 +3,7 @@ # ex: ts=8 sw=4 sts=4 et filetype=sh depends() { - echo systemd network ignition + echo systemd network ignition coreos-live } install_ignition_unit() { From 6a624277d2a0f6ec9c7bcfb3a06a90bdf56f56df Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 8 Jul 2021 15:57:57 -0400 Subject: [PATCH 332/489] 35coreos-ignition: add ignition-setup-user.service from Ignition repo The service contains distro-specific assumptions, so move it out of the upstream Ignition repo. This commit is a straight `cp`. --- .../ignition-setup-user.service | 23 +++++++++++++ .../35coreos-ignition/ignition-setup-user.sh | 32 +++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.service create mode 100755 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.service new file mode 100644 index 0000000000..40c53dd1ab --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.service @@ -0,0 +1,23 @@ +[Unit] +Description=Ignition (setup user config) +Documentation=https://github.com/coreos/ignition +ConditionPathExists=/etc/initrd-release +DefaultDependencies=false +Before=ignition-complete.target + +OnFailure=emergency.target +OnFailureJobMode=isolate + +# Stage order: setup -> fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. +Before=ignition-fetch-offline.service + +# On diskful boots, ignition-generator adds Requires/After on +# dev-disk-by\x2dlabel-boot.device + +[Service] +Type=oneshot +RemainAfterExit=yes +# The MountFlags=slave is so the umount of /boot is guaranteed to happen +# /boot will only be mounted for the lifetime of the unit. +MountFlags=slave +ExecStart=/usr/sbin/ignition-setup-user diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.sh new file mode 100755 index 0000000000..e0f3c4e2fc --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.sh @@ -0,0 +1,32 @@ +#!/bin/bash +set -euo pipefail + +copy_file_if_exists() { + src="${1}"; dst="${2}" + if [ -f "${src}" ]; then + echo "Copying ${src} to ${dst}" + cp "${src}" "${dst}" + else + echo "File ${src} does not exist.. Skipping copy" + fi +} + +destination=/usr/lib/ignition +mkdir -p $destination + +if command -v is-live-image >/dev/null && is-live-image; then + # Live image. If the user has supplied a config.ign via an appended + # initrd, put it in the right place. + copy_file_if_exists "/config.ign" "${destination}/user.ign" +else + # We will support a user embedded config in the boot partition + # under $bootmnt/ignition/config.ign. Note that we mount /boot + # but we don't unmount boot because we are run in a systemd unit + # with MountFlags=slave so it is unmounted for us. + bootmnt=/mnt/boot_partition + mkdir -p $bootmnt + # mount as read-only since we don't strictly need write access and we may be + # running alongside other code that also has it mounted ro + mount -o ro /dev/disk/by-label/boot $bootmnt + copy_file_if_exists "${bootmnt}/ignition/config.ign" "${destination}/user.ign" +fi From 04146467485247bbedc79d6fa75bad34e4f2f517 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 8 Jul 2021 16:47:36 -0400 Subject: [PATCH 333/489] 35coreos-ignition: update ignition-setup-user for this repo --- .../35coreos-ignition/coreos-diskful-generator | 9 ++++++--- .../35coreos-ignition/coreos-gpt-setup.service | 2 +- ...ervice => coreos-ignition-setup-user.service} | 16 ++++++++-------- ...tup-user.sh => coreos-ignition-setup-user.sh} | 2 +- .../modules.d/35coreos-ignition/module-setup.sh | 4 ++++ .../coreos-multipath-wait.target | 6 +++--- .../ignition-ostree-uuid-boot.service | 2 +- 7 files changed, 24 insertions(+), 17 deletions(-) rename overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/{ignition-setup-user.service => coreos-ignition-setup-user.service} (55%) rename overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/{ignition-setup-user.sh => coreos-ignition-setup-user.sh} (94%) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator index caea175701..8c41621331 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator @@ -46,11 +46,14 @@ if ! $(cmdline_bool 'ignition.firstboot' 0); then fi if ! is-live-image; then - # ignition-setup-user.service should depend on the boot device node + # coreos-ignition-setup-user.service should depend on the boot device node # only on diskful boots - mkdir -p "${UNIT_DIR}/ignition-setup-user.service.d" - cat > "${UNIT_DIR}/ignition-setup-user.service.d/diskful-gpt.conf" < "${UNIT_DIR}/coreos-ignition-setup-user.service.d/diskful.conf" < fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. -Before=ignition-fetch-offline.service - -# On diskful boots, ignition-generator adds Requires/After on -# dev-disk-by\x2dlabel-boot.device +# On diskful boots, coreos-diskful-generator adds Requires/After on +# dev-disk-by\x2dlabel-boot.device and coreos-gpt-setup.service [Service] Type=oneshot @@ -20,4 +20,4 @@ RemainAfterExit=yes # The MountFlags=slave is so the umount of /boot is guaranteed to happen # /boot will only be mounted for the lifetime of the unit. MountFlags=slave -ExecStart=/usr/sbin/ignition-setup-user +ExecStart=/usr/sbin/coreos-ignition-setup-user diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh similarity index 94% rename from overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.sh rename to overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh index e0f3c4e2fc..efc8cc7612 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/ignition-setup-user.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh @@ -14,7 +14,7 @@ copy_file_if_exists() { destination=/usr/lib/ignition mkdir -p $destination -if command -v is-live-image >/dev/null && is-live-image; then +if is-live-image; then # Live image. If the user has supplied a config.ign via an appended # initrd, put it in the right place. copy_file_if_exists "/config.ign" "${destination}/user.ign" diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh index a2c7ea2a35..a42bcc3724 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh @@ -30,6 +30,9 @@ install() { inst_script "$moddir/coreos-gpt-setup.sh" \ "/usr/sbin/coreos-gpt-setup" + inst_script "$moddir/coreos-ignition-setup-user.sh" \ + "/usr/sbin/coreos-ignition-setup-user" + # For consistency tear down the network and persist multipath between the initramfs and # real root. See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763 inst_script "$moddir/coreos-teardown-initramfs.sh" \ @@ -52,4 +55,5 @@ install() { install_ignition_unit "coreos-boot-edit.service" \ "ignition-diskful.target" + install_ignition_unit coreos-ignition-setup-user.service } diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target index cf24cd6f57..b003f4d94b 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target @@ -8,9 +8,9 @@ After=dev-disk-by\x2dlabel-dm\x2dmpath\x2dboot.device Requires=multipathd.service After=multipathd.service -# This is already enforced transitively by coreos-gpt-setup.service, but since -# it's an external unit, let's be more explicit and list it directly here too. -Before=ignition-setup-user.service +# This is already enforced transitively by coreos-gpt-setup.service, but +# let's be more explicit and list it directly here too. +Before=coreos-ignition-setup-user.service # This is already enforced by coreos-multipath-trigger.service, though ideally # eventually we can get rid of that one and then we *would* need this. diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service index ff083239d3..09fb5e281f 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service @@ -6,8 +6,8 @@ ConditionKernelCommandLine=ostree ConditionPathExists=!/run/ostree-live # We run pretty early Before=coreos-copy-firstboot-network.service +Before=coreos-ignition-setup-user.service Before=ignition-fetch.service -Before=ignition-setup-user.service # Any services looking at mounts need to order after this # because it causes device re-probing. After=coreos-gpt-setup.service From f124289fc96ecfa04f59b1a3ae87b7aec9154071 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 8 Jul 2021 16:49:33 -0400 Subject: [PATCH 334/489] 40ignition-ostree: update an ignition-fetch dep to fetch-offline The fetch-offline stage now exists and runs before fetch, so update the dep. This shouldn't be a functional change. --- .../40ignition-ostree/ignition-ostree-uuid-boot.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service index 09fb5e281f..cde3b16296 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service @@ -7,7 +7,7 @@ ConditionPathExists=!/run/ostree-live # We run pretty early Before=coreos-copy-firstboot-network.service Before=coreos-ignition-setup-user.service -Before=ignition-fetch.service +Before=ignition-fetch-offline.service # Any services looking at mounts need to order after this # because it causes device re-probing. After=coreos-gpt-setup.service From 0954cfb3864166d0a59199d295939e10acf723ce Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 9 Jul 2021 13:58:00 -0400 Subject: [PATCH 335/489] overrides: fast-track Ignition 2.11.0-2.fc34 Move ignition-firstboot-complete and ignition-setup-user services to fedora-coreos-config. --- manifest-lock.overrides.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 62e78369e6..9ec7af26cf 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -24,3 +24,7 @@ packages: type: fast-track reason: https://github.com/coreos/fedora-coreos-config/pull/1088 bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9d4c3ddc8a + ignition: + evr: 2.11.0-2.fc34 + metadata: + type: fast-track From 1aa60d962c7790c6958cff3344161b2b8410b656 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 24 Jun 2021 15:24:58 -0400 Subject: [PATCH 336/489] unfreeze dracut, adapt for NM via systemd in initrd Upstream dracut updated NM to run as a systemd service (with full dbus support) in the initrd in [1]. Adapt our systemd units to handle this case. This should still work fine for RHCOS because we still have `Before=dracut-initqueue.service`, which can be dropped when everyone is on dracut 0.54+. Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/842 --- manifest-lock.overrides.yaml | 10 ---------- .../coreos-copy-firstboot-network.service | 12 ++++++------ .../35coreos-network/coreos-enable-network.service | 4 ++-- 3 files changed, 8 insertions(+), 18 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 9ec7af26cf..86c8e66c42 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -8,16 +8,6 @@ # omit one for FCOS-specific packages (e.g. ignition, afterburn, etc...). packages: - dracut: - evr: 053-5.fc34 - metadata: - reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 - type: pin - dracut-network: - evr: 053-5.fc34 - metadata: - reason: https://github.com/coreos/fedora-coreos-tracker/issues/842 - type: pin fedora-coreos-pinger: evr: 0.0.4-11.fc34 metadata: diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service index e2b8588506..6ba396625b 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service @@ -8,8 +8,8 @@ # - i.e. after /dev/disk/by-label/boot is available # - and after the ignition-dracut GPT generator (see below) # - Need to run before networking is brought up. -# - This is done in nm-run.service [1] -# - i.e. Before=nm-run.service +# - This is done in nm-initrd.service [1] +# - i.e. Before=nm-initrd.service # - Need to make sure karg networking configuration isn't applied # - There are two ways to do this. # - One is to run *before* the nm-config.sh [2] that runs as part of @@ -17,11 +17,11 @@ # - i.e. Before=dracut-cmdline.service # - Another is to run *after* nm-config.sh [2] in dracut-cmdline [3] # and just delete all the files created by nm-initrd-generator. -# - i.e. After=dracut-cmdline.service, but Before=nm-run.service +# - i.e. After=dracut-cmdline.service, but Before=nm-initrd.service # - We'll go with the second option here because the need for the /boot # device (mentioned above) means we can't start before dracut-cmdline.service # -# [1] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-run.service +# [1] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-initrd.service # [2] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-config.sh # [3] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/module-setup.sh#L34 # @@ -30,8 +30,8 @@ Description=Copy CoreOS Firstboot Networking Config ConditionPathExists=/usr/lib/initrd-release DefaultDependencies=false Before=ignition-diskful.target -Before=nm-run.service -# compat: remove when everyone is on dracut 053+ +Before=nm-initrd.service +# compat: remove when everyone is on dracut 054+ Before=dracut-initqueue.service After=dracut-cmdline.service # Any services looking at mounts need to order after this diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service index 42273e5fa6..92c4829cd1 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service @@ -20,8 +20,8 @@ Before=ignition-fetch.service # See hack in coreos-enable-network, as well as coreos-copy-firstboot-network.service. After=dracut-cmdline.service -Before=nm-run.service -# compat: remove when everyone is on dracut 053+ +Before=nm-initrd.service +# compat: remove when everyone is on dracut 054+ Before=dracut-initqueue.service [Service] From 85193e31ab4568e2ab131ec0d16e86143b8fd440 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 9 Jul 2021 11:51:46 -0400 Subject: [PATCH 337/489] overrides: fast-track dracut-055-3.fc34 Contains upstream fixes needed to get NM running via systemd+dbus in the initramfs without issues. - https://github.com/dracutdevs/dracut/pull/1547 - https://github.com/dracutdevs/dracut/pull/1548 - https://github.com/dracutdevs/dracut/pull/1552 Needed to get dracut unfrozen: https://github.com/coreos/fedora-coreos-tracker/issues/842#issuecomment-867900969 --- manifest-lock.overrides.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 86c8e66c42..1f189b926d 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -8,6 +8,18 @@ # omit one for FCOS-specific packages (e.g. ignition, afterburn, etc...). packages: + dracut: + evr: 055-3.fc34 + metadata: + reason: https://github.com/coreos/fedora-coreos-tracker/issues/842#issuecomment-867900969 + type: fast-track + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9d1b72b267 + dracut-network: + evr: 055-3.fc34 + metadata: + reason: https://github.com/coreos/fedora-coreos-tracker/issues/842#issuecomment-867900969 + type: fast-track + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9d1b72b267 fedora-coreos-pinger: evr: 0.0.4-11.fc34 metadata: From 876fda14ab53cc358d52c4f5111d2e59e5777450 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 9 Jul 2021 12:33:14 -0400 Subject: [PATCH 338/489] 35coreos-network: order coreos-copy-firstboot-network before ignition-kargs We've seen races with ignition-kargs.service, which accesses /boot rw. Let's introduce some ordering here. Need to use `Before` because otherwise we get a systemd ordering cycle. Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/883 --- .../35coreos-network/coreos-copy-firstboot-network.service | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service index 6ba396625b..7dfbc59c8a 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service @@ -47,6 +47,10 @@ After=coreos-multipath-wait.target # hook which will generate NM configs from the network kargs, but we want to # have precedence. After=coreos-enable-network.service +# We've seen races with ignition-kargs.service, which accesses /boot rw. +# Let's introduce some ordering here. Need to use `Before` because otherwise +# we get a systemd ordering cycle. https://github.com/coreos/fedora-coreos-tracker/issues/883 +Before=ignition-kargs.service [Service] Type=oneshot From 8b804863c64c3df4f34384019de019c48d18ad5e Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 9 Jul 2021 15:57:17 -0400 Subject: [PATCH 339/489] 35coreos-multipath: add Before=initrd-parse-etc.service in coreos-propagate-multipath-conf.service Otherwise, we'll end up racing with `initrd-cleanup.service` which wants to kill everything. It has `After=initrd.target` and we do have `Before=initrd.target`, but that's not being respected, we think because `initrd-parse-etc.service` does an explicit `systemctl start` on it. Anyway, we need to dig more into this, but for now this will unblock us. --- .../coreos-propagate-multipath-conf.service | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service index c475eaa6c5..27d1d5e7fa 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service @@ -5,6 +5,11 @@ Before=initrd.target # we write to the rootfs, so run after it's ready After=initrd-root-fs.target +# That service starts initrd-cleanup.service which will race with us completing +# before we get nuked. Need to get to the bottom of it, but for now we need +# this (XXX: add link to systemd issue here). +Before=initrd-parse-etc.service + ConditionKernelCommandLine=rd.multipath=default OnFailure=emergency.target From 1c5dffe82891f613fad8d02aeed404d03303684f Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 9 Jul 2021 20:18:47 -0400 Subject: [PATCH 340/489] tests/installer-cleanup: only run on QEMU coreos-installer doesn't usually run on clouds and there's nothing cloud-specific about the cleanup code. Also, rebooting from external tests doesn't seem to work outside of QEMU right now. --- tests/kola/migration/installer-cleanup | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/kola/migration/installer-cleanup b/tests/kola/migration/installer-cleanup index 81dc015788..9069a27de1 100755 --- a/tests/kola/migration/installer-cleanup +++ b/tests/kola/migration/installer-cleanup @@ -4,6 +4,10 @@ # cleaned up. # https://github.com/coreos/fedora-coreos-tracker/issues/889 +# Just run on QEMU. coreos-installer doesn't run in clouds, and rebooting +# doesn't seem to work there currently. +# kola: { "platforms": "qemu-unpriv" } + set -xeuo pipefail ok() { From b83240b921e0ba0a47972b171a99d8eaa3cd8a51 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 10 Jul 2021 16:25:33 +0000 Subject: [PATCH 341/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/366/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 76dc6e723a..249e6d7708 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -145,10 +145,10 @@ "evra": "0.9.1-1.fc34.x86_64" }, "coreutils": { - "evra": "8.32-28.fc34.x86_64" + "evra": "8.32-30.fc34.x86_64" }, "coreutils-common": { - "evra": "8.32-28.fc34.x86_64" + "evra": "8.32-30.fc34.x86_64" }, "cpio": { "evra": "2.13-10.fc34.x86_64" @@ -229,10 +229,10 @@ "evra": "4.2-1.fc34.x86_64" }, "dracut": { - "evra": "053-5.fc34.x86_64" + "evra": "055-3.fc34.x86_64" }, "dracut-network": { - "evra": "053-5.fc34.x86_64" + "evra": "055-3.fc34.x86_64" }, "e2fsprogs": { "evra": "1.45.6-5.fc34.x86_64" @@ -403,7 +403,7 @@ "evra": "3.23-4.fc34.x86_64" }, "ignition": { - "evra": "2.11.0-1.fc34.x86_64" + "evra": "2.11.0-2.fc34.x86_64" }, "inih": { "evra": "49-3.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-09T10:30:29Z", + "generated": "2021-07-10T15:57:35Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-08T20:43:32Z" + "generated": "2021-07-09T21:26:26Z" }, "fedora-updates": { - "generated": "2021-07-09T00:50:04Z" + "generated": "2021-07-10T00:55:35Z" } } } From daf40418f1f517c2628f523d96b62a14e7d69b2f Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 11 Jul 2021 21:18:55 +0000 Subject: [PATCH 342/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/368/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 249e6d7708..d70adfd164 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -259,7 +259,7 @@ "evra": "0.185-2.fc34.x86_64" }, "ethtool": { - "evra": "2:5.12-1.fc34.x86_64" + "evra": "2:5.13-1.fc34.x86_64" }, "expat": { "evra": "2.4.1-1.fc34.x86_64" @@ -553,7 +553,7 @@ "evra": "0.5.0-47.fc34.x86_64" }, "libeconf": { - "evra": "0.3.8-5.fc34.x86_64" + "evra": "0.4.0-1.fc34.x86_64" }, "libedit": { "evra": "3.1-37.20210522cvs.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-10T15:57:35Z", + "generated": "2021-07-11T20:53:14Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-09T21:26:26Z" + "generated": "2021-07-10T16:33:45Z" }, "fedora-updates": { - "generated": "2021-07-10T00:55:35Z" + "generated": "2021-07-11T00:54:43Z" } } } From 62d2330e0aa4e27a28aaf5f5f7db79c4d63131c5 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 12 Jul 2021 00:43:08 +0000 Subject: [PATCH 343/489] =?UTF-8?q?lockfiles:=20drop=20graduated=20overrid?= =?UTF-8?q?es=20=F0=9F=8E=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Triggered by remove-graduated-overrides GitHub Action. --- manifest-lock.overrides.yaml | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 1f189b926d..3af5dab19d 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -8,24 +8,12 @@ # omit one for FCOS-specific packages (e.g. ignition, afterburn, etc...). packages: - dracut: - evr: 055-3.fc34 - metadata: - reason: https://github.com/coreos/fedora-coreos-tracker/issues/842#issuecomment-867900969 - type: fast-track - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9d1b72b267 - dracut-network: - evr: 055-3.fc34 - metadata: - reason: https://github.com/coreos/fedora-coreos-tracker/issues/842#issuecomment-867900969 - type: fast-track - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9d1b72b267 fedora-coreos-pinger: evr: 0.0.4-11.fc34 metadata: - type: fast-track - reason: https://github.com/coreos/fedora-coreos-config/pull/1088 bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9d4c3ddc8a + reason: https://github.com/coreos/fedora-coreos-config/pull/1088 + type: fast-track ignition: evr: 2.11.0-2.fc34 metadata: From cc6e504e28fec00b527d3e2b1ec9c1932b9a34a6 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 9 Jul 2021 19:08:31 -0400 Subject: [PATCH 344/489] ci: encourage adding Bodhi update link to fast-track overrides See discussion in https://github.com/coreos/fedora-coreos-config/pull/1096#pullrequestreview-703323756. --- ci/remove-graduated-overrides.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ci/remove-graduated-overrides.py b/ci/remove-graduated-overrides.py index 0734174796..598891c954 100755 --- a/ci/remove-graduated-overrides.py +++ b/ci/remove-graduated-overrides.py @@ -18,8 +18,9 @@ # # IMPORTANT: YAML comments *will not* be preserved. All `pin` overrides *must* # include a URL in the `metadata.reason` key. Overrides of type `fast-track` -# *should* include a URL in the `metadata.reason` key, though it's acceptable to -# omit one for FCOS-specific packages (e.g. ignition, afterburn, etc...). +# *should* include a Bodhi update URL in the `metadata.bodhi` key and a URL +# in the `metadata.reason` key, though it's acceptable to omit a `reason` +# for FCOS-specific packages (ignition, afterburn, etc.). """ From 49141cc04ce41e70ac3933830b85119c7b59a726 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 13 Jul 2021 13:52:29 -0400 Subject: [PATCH 345/489] overrides: fast-track coreos-installer-0.9.1-2.fc34 Contains backport of https://github.com/coreos/coreos-installer/pull/571 for https://github.com/coreos/fedora-coreos-tracker/issues/889. --- manifest-lock.overrides.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 3af5dab19d..6919231c34 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -18,3 +18,15 @@ packages: evr: 2.11.0-2.fc34 metadata: type: fast-track + coreos-installer: + evr: 0.9.1-2.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-0efb7aefc9 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/889 + type: fast-track + coreos-installer-bootinfra: + evr: 0.9.1-2.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-0efb7aefc9 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/889 + type: fast-track From a9960d5661f979d7522bf3cbcaeb68d7e3bf555b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 13 Jul 2021 21:42:04 +0000 Subject: [PATCH 346/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/370/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index d70adfd164..43052ff4f5 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -139,10 +139,10 @@ "evra": "4:1-20.fc34.noarch" }, "coreos-installer": { - "evra": "0.9.1-1.fc34.x86_64" + "evra": "0.9.1-2.fc34.x86_64" }, "coreos-installer-bootinfra": { - "evra": "0.9.1-1.fc34.x86_64" + "evra": "0.9.1-2.fc34.x86_64" }, "coreutils": { "evra": "8.32-30.fc34.x86_64" @@ -637,7 +637,7 @@ "evra": "1.0.4-13.fc34.x86_64" }, "libmodulemd": { - "evra": "2.12.1-1.fc34.x86_64" + "evra": "2.13.0-1.fc34.x86_64" }, "libmount": { "evra": "2.36.2-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-11T20:53:14Z", + "generated": "2021-07-13T20:53:39Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-10T16:33:45Z" + "generated": "2021-07-13T18:45:12Z" }, "fedora-updates": { - "generated": "2021-07-11T00:54:43Z" + "generated": "2021-07-13T00:53:12Z" } } } From 0ba5d82eeaf735fa57ea82a5cef780848c5d49de Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 13 Jul 2021 17:01:00 -0400 Subject: [PATCH 347/489] 35coreos-live: add requirement on loop kmod For some reason in rawhide this is no longer getting pulled in to the initramfs. Since we require the use of it here then let's be explicit and pull it in. --- .../usr/lib/dracut/modules.d/35coreos-live/module-setup.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh index 65ee50a43f..6a91048d7d 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh @@ -12,6 +12,11 @@ install_and_enable_unit() { systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1 } +installkernel() { + # we do loopmounts + instmods -c loop +} + install() { inst_multiple \ bsdtar \ From 252b00f34be80f6a1a9d748948d9cc1e67f8f4d4 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 13 Jul 2021 22:07:47 -0400 Subject: [PATCH 348/489] ci: don't do a strict build for mechanical streams If we are operating on a mechanical stream then we can pin packages in lockfiles but we don't maintain a full set so we can't do a strict build. --- .cci.jenkinsfile | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index 0c5ffc4eac..aace0afe79 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -4,6 +4,7 @@ cosaPod { checkoutToDir(scm, 'config') def basearch = shwrapCapture("cosa basearch") + def mechanical_streams = ['rawhide'] shwrap("cd config && ci/validate") @@ -27,7 +28,14 @@ cosaPod { parent_commit = meta["ostree-commit"] } - fcosBuild(skipInit: true, extraFetchArgs: '--with-cosa-overrides', extraArgs: parent_arg) + // do a build. If we are operating on a mechanical stream then we + // can pin packages in lockfiles but we don't maintain a full set + // so we can't do a strict build. + def no_strict_build = false + if (env.CHANGE_TARGET in mechanical_streams) { + no_strict_build = true + } + fcosBuild(skipInit: true, noStrict: no_strict_build, extraFetchArgs: '--with-cosa-overrides', extraArgs: parent_arg) parallel metal: { shwrap("cd /srv/fcos && cosa buildextend-metal") From a8ec676641d04d68422ffc73ee47c1195af96e3f Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 14 Jul 2021 10:15:21 -0400 Subject: [PATCH 349/489] manifests: move fedora-coreos-pool to fedora-coreos.yaml This is common to all streams, so we can move it here. I had initially kept it in `manifest.yaml` because of: https://github.com/coreos/fedora-coreos-config/pull/355#issuecomment-620860762 --- manifest.yaml | 6 ------ manifests/fedora-coreos.yaml | 4 ++++ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/manifest.yaml b/manifest.yaml index 213cb88408..2acf1e4979 100644 --- a/manifest.yaml +++ b/manifest.yaml @@ -16,12 +16,6 @@ repos: - fedora - fedora-updates -# All Fedora CoreOS streams share the same pool for locked files. -# This will be in fedora-coreos.yaml in the future so it can be more easily be -# shared between all the streams -lockfile-repos: - - fedora-coreos-pool - add-commit-metadata: fedora-coreos.stream: testing-devel diff --git a/manifests/fedora-coreos.yaml b/manifests/fedora-coreos.yaml index 3da75faf8f..726e0af407 100644 --- a/manifests/fedora-coreos.yaml +++ b/manifests/fedora-coreos.yaml @@ -7,6 +7,10 @@ include: fedora-coreos-base.yaml automatic-version-prefix: "${releasever}..dev" mutate-os-release: "${releasever}" +# All Fedora CoreOS streams share the same pool for locked files. +lockfile-repos: + - fedora-coreos-pool + packages: - fedora-release-coreos - fedora-repos-ostree From 31832a5c6771462d66f71331ee913cb24e3ec651 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 14 Jul 2021 10:54:36 -0400 Subject: [PATCH 350/489] ci: add `branched` to list of mechanical streams We might as well enable overrides support on all mechanical streams while we're at it. Eventually, we should move our stream definitions into coreos-ci-lib to have it in one canonical place. --- .cci.jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index aace0afe79..ec9517e6c3 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -4,7 +4,7 @@ cosaPod { checkoutToDir(scm, 'config') def basearch = shwrapCapture("cosa basearch") - def mechanical_streams = ['rawhide'] + def mechanical_streams = ['branched', 'rawhide'] shwrap("cd config && ci/validate") From f72855e7a364f6a0ca00b89576eb4fe50a33ff82 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 14 Jul 2021 21:29:15 +0000 Subject: [PATCH 351/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/371/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 43052ff4f5..5fc6c9d878 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -355,13 +355,13 @@ "evra": "2.68.2-1.fc34.x86_64" }, "glibc": { - "evra": "2.33-18.fc34.x86_64" + "evra": "2.33-20.fc34.x86_64" }, "glibc-common": { - "evra": "2.33-18.fc34.x86_64" + "evra": "2.33-20.fc34.x86_64" }, "glibc-minimal-langpack": { - "evra": "2.33-18.fc34.x86_64" + "evra": "2.33-20.fc34.x86_64" }, "gmp": { "evra": "1:6.2.0-6.fc34.x86_64" @@ -490,7 +490,7 @@ "evra": "0.8.5-4.fc34.x86_64" }, "krb5-libs": { - "evra": "1.19.1-8.fc34.x86_64" + "evra": "1.19.1-14.fc34.x86_64" }, "less": { "evra": "581.2-1.fc34.x86_64" @@ -766,7 +766,7 @@ "evra": "1.31-3.fc34.x86_64" }, "libtevent": { - "evra": "0.10.2-7.fc34.x86_64" + "evra": "0.11.0-0.fc34.x86_64" }, "libtextstyle": { "evra": "0.21-4.fc34.x86_64" @@ -1117,22 +1117,22 @@ "evra": "1.9.5p2-1.fc34.x86_64" }, "systemd": { - "evra": "248.3-1.fc34.x86_64" + "evra": "248.4-1.fc34.x86_64" }, "systemd-container": { - "evra": "248.3-1.fc34.x86_64" + "evra": "248.4-1.fc34.x86_64" }, "systemd-libs": { - "evra": "248.3-1.fc34.x86_64" + "evra": "248.4-1.fc34.x86_64" }, "systemd-pam": { - "evra": "248.3-1.fc34.x86_64" + "evra": "248.4-1.fc34.x86_64" }, "systemd-rpm-macros": { - "evra": "248.3-1.fc34.noarch" + "evra": "248.4-1.fc34.noarch" }, "systemd-udev": { - "evra": "248.3-1.fc34.x86_64" + "evra": "248.4-1.fc34.x86_64" }, "tar": { "evra": "2:1.34-1.fc34.x86_64" @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3070-1.fc34.x86_64" + "evra": "2:8.2.3154-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1183,7 +1183,7 @@ "evra": "1.1.15-1.fc34.x86_64" }, "zincati": { - "evra": "0.0.21-2.fc34.x86_64" + "evra": "0.0.22-1.fc34.x86_64" }, "zlib": { "evra": "1.2.11-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-13T20:53:39Z", + "generated": "2021-07-14T20:53:20Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-13T18:45:12Z" + "generated": "2021-07-14T13:53:09Z" }, "fedora-updates": { - "generated": "2021-07-13T00:53:12Z" + "generated": "2021-07-14T00:52:10Z" } } } From dba5fd294b28f534353fd0d1369a1c0d959ad380 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 14 Jul 2021 23:08:09 -0400 Subject: [PATCH 352/489] lockfiles: fast-track selinux-policy-34.14-1.fc34 Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/861 --- manifest-lock.overrides.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 6919231c34..402ce35635 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -30,3 +30,15 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-0efb7aefc9 reason: https://github.com/coreos/fedora-coreos-tracker/issues/889 type: fast-track + selinux-policy: + evra: 34.14-1.fc34.noarch + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-119c2c9b63 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/861 + type: fast-track + selinux-policy-targeted: + evra: 34.14-1.fc34.noarch + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-119c2c9b63 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/861 + type: fast-track From 54cacec4936fc8b97fd53ee40de2aa67b5e5a7ee Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 14 Jul 2021 16:19:57 -0400 Subject: [PATCH 353/489] overlay: add empty statoverride files in all overlays This is a no-op, but helps document the functionality. Part of https://github.com/coreos/coreos-assembler/pull/2293. --- overlay.d/05core/statoverride | 2 ++ overlay.d/08nouveau/statoverride | 2 ++ overlay.d/09misc/statoverride | 2 ++ overlay.d/12kdump/statoverride | 2 ++ overlay.d/14NetworkManager-plugins/statoverride | 2 ++ overlay.d/15fcos/statoverride | 2 ++ overlay.d/20platform-chrony/statoverride | 2 ++ 7 files changed, 14 insertions(+) create mode 100644 overlay.d/05core/statoverride create mode 100644 overlay.d/08nouveau/statoverride create mode 100644 overlay.d/09misc/statoverride create mode 100644 overlay.d/12kdump/statoverride create mode 100644 overlay.d/14NetworkManager-plugins/statoverride create mode 100644 overlay.d/15fcos/statoverride create mode 100644 overlay.d/20platform-chrony/statoverride diff --git a/overlay.d/05core/statoverride b/overlay.d/05core/statoverride new file mode 100644 index 0000000000..27a95affe2 --- /dev/null +++ b/overlay.d/05core/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/overlay.d/08nouveau/statoverride b/overlay.d/08nouveau/statoverride new file mode 100644 index 0000000000..27a95affe2 --- /dev/null +++ b/overlay.d/08nouveau/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/overlay.d/09misc/statoverride b/overlay.d/09misc/statoverride new file mode 100644 index 0000000000..27a95affe2 --- /dev/null +++ b/overlay.d/09misc/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/overlay.d/12kdump/statoverride b/overlay.d/12kdump/statoverride new file mode 100644 index 0000000000..27a95affe2 --- /dev/null +++ b/overlay.d/12kdump/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/overlay.d/14NetworkManager-plugins/statoverride b/overlay.d/14NetworkManager-plugins/statoverride new file mode 100644 index 0000000000..27a95affe2 --- /dev/null +++ b/overlay.d/14NetworkManager-plugins/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/overlay.d/15fcos/statoverride b/overlay.d/15fcos/statoverride new file mode 100644 index 0000000000..27a95affe2 --- /dev/null +++ b/overlay.d/15fcos/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/overlay.d/20platform-chrony/statoverride b/overlay.d/20platform-chrony/statoverride new file mode 100644 index 0000000000..27a95affe2 --- /dev/null +++ b/overlay.d/20platform-chrony/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = From 67a70afe3cf82d66a8bee11c7b15208c38102d9a Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 14 Jul 2021 16:25:38 -0400 Subject: [PATCH 354/489] overlay: chmod 600 /etc/sudoers.d/coreos-sudo-group Apparently there are security scanners that object to mode 644. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1981979. --- overlay.d/05core/statoverride | 4 ++++ tests/kola/misc-ro | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/overlay.d/05core/statoverride b/overlay.d/05core/statoverride index 27a95affe2..9769b8ccb0 100644 --- a/overlay.d/05core/statoverride +++ b/overlay.d/05core/statoverride @@ -1,2 +1,6 @@ # Config file for overriding permission bits on overlay files/dirs # Format: = + +# Some security scanners complain if /etc/sudoers.d files have 0044 mode bits +# https://bugzilla.redhat.com/show_bug.cgi?id=1981979 +=384 /etc/sudoers.d/coreos-sudo-group diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index cdf9073e58..0ebfabfa0a 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -64,6 +64,14 @@ if test -d /usr/share/info; then fatal "found /usr/share/info" fi +# Security scanners complain about world-readable files in /etc/sudoers.d. +# Check that there aren't any. +# https://bugzilla.redhat.com/show_bug.cgi?id=1981979 +sudoers_files="$(find /etc/sudoers.d -type f ! -perm 600 2>&1)" +if [ -n "$sudoers_files" ]; then + fatal "Found files in /etc/sudoers.d with unexpected permissions: $sudoers_files" +fi + # See https://github.com/coreos/coreos-assembler/pull/1786 path=/usr/lib/systemd/system-generators/coreos-platform-chrony mode=$(stat -c '%a' ${path}) From 3b7d74c53845d2ff8ee79954e552fc57c39ec8fd Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 15 Jul 2021 14:48:30 -0400 Subject: [PATCH 355/489] lockfiles: fast-track ostree-2021.3-1.fc34 Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/746 --- manifest-lock.overrides.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 402ce35635..696c5238ec 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -42,3 +42,15 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-119c2c9b63 reason: https://github.com/coreos/fedora-coreos-tracker/issues/861 type: fast-track + ostree: + evr: 2021.3-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f5ae883a27 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/746 + type: fast-track + ostree-libs: + evr: 2021.3-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f5ae883a27 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/746 + type: fast-track From f67317aadb647e52ee40988c846039f5659e24d9 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 15 Jul 2021 21:28:02 +0000 Subject: [PATCH 356/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/372/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 5fc6c9d878..c12fe21deb 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.12.14-300.fc34.x86_64" + "evra": "5.12.15-300.fc34.x86_64" }, "kernel-core": { - "evra": "5.12.14-300.fc34.x86_64" + "evra": "5.12.15-300.fc34.x86_64" }, "kernel-modules": { - "evra": "5.12.14-300.fc34.x86_64" + "evra": "5.12.15-300.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -721,7 +721,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "libsmbclient": { - "evra": "2:4.14.5-0.fc34.x86_64" + "evra": "2:4.14.6-0.fc34.x86_64" }, "libsmbios": { "evra": "2.4.3-2.fc34.x86_64" @@ -799,7 +799,7 @@ "evra": "0.3.2-1.fc34.x86_64" }, "libwbclient": { - "evra": "2:4.14.5-0.fc34.x86_64" + "evra": "2:4.14.6-0.fc34.x86_64" }, "libxcrypt": { "evra": "4.4.23-1.fc34.x86_64" @@ -865,7 +865,7 @@ "evra": "2:0.4.0-4.fc34.x86_64" }, "mozjs78": { - "evra": "78.11.0-1.fc34.x86_64" + "evra": "78.12.0-1.fc34.x86_64" }, "mpfr": { "evra": "4.1.0-7.fc34.x86_64" @@ -931,10 +931,10 @@ "evra": "1.77-7.fc34.x86_64" }, "ostree": { - "evra": "2021.2-2.fc34.x86_64" + "evra": "2021.3-1.fc34.x86_64" }, "ostree-libs": { - "evra": "2021.2-2.fc34.x86_64" + "evra": "2021.3-1.fc34.x86_64" }, "p11-kit": { "evra": "0.23.22-3.fc34.x86_64" @@ -1030,22 +1030,22 @@ "evra": "2:1.0.0-378.rc95.fc34.x86_64" }, "samba-client-libs": { - "evra": "2:4.14.5-0.fc34.x86_64" + "evra": "2:4.14.6-0.fc34.x86_64" }, "samba-common": { - "evra": "2:4.14.5-0.fc34.noarch" + "evra": "2:4.14.6-0.fc34.noarch" }, "samba-common-libs": { - "evra": "2:4.14.5-0.fc34.x86_64" + "evra": "2:4.14.6-0.fc34.x86_64" }, "sed": { "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.13-1.fc34.noarch" + "evra": "34.14-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.13-1.fc34.noarch" + "evra": "34.14-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-14T20:53:20Z", + "generated": "2021-07-15T20:53:04Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-14T13:53:09Z" + "generated": "2021-07-15T20:28:37Z" }, "fedora-updates": { - "generated": "2021-07-14T00:52:10Z" + "generated": "2021-07-15T00:52:27Z" } } } From a1ab210d4d5abdc520c4b73c8b4142deac9a5423 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 15 Jun 2021 17:55:38 +0200 Subject: [PATCH 357/489] Revert "overlay.d/09misc: Fix mode for some files in /etc" This is now safe to revert as this has been included in a testing release with a barrier and will thus also be in the next stable release: https://github.com/coreos/fedora-coreos-streams/pull/328 This reverts commit 73145e08b856ec59906e2256e200d626eba75097. --- .../usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf | 11 ----------- overlay.d/README.md | 3 +-- 2 files changed, 1 insertion(+), 13 deletions(-) delete mode 100644 overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf diff --git a/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf b/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf deleted file mode 100644 index 3415d220f6..0000000000 --- a/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf +++ /dev/null @@ -1,11 +0,0 @@ -# Workaround for https://github.com/coreos/fedora-coreos-tracker/issues/829 -# Fix mode (chmod g-w) for existing files on the system during boot -z /etc/crypto-policies/state/current 644 root root -z /etc/group 644 root root -z /etc/group- 644 root root -z /etc/iscsi/initiatorname.iscsi 644 root root -z /etc/passwd 644 root root -z /etc/passwd- 644 root root -z /etc/selinux/config 644 root root -z /etc/ssh/sshd_config.d/40-disable-passwords.conf 644 root root -z /etc/systemd/dont-synthesize-nobody 644 root root diff --git a/overlay.d/README.md b/overlay.d/README.md index 0dbe9031a1..384112faec 100644 --- a/overlay.d/README.md +++ b/overlay.d/README.md @@ -15,8 +15,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1700056 09misc ------ -* Warning about `/etc/sysconfig`. -* Temporary systemd-tpmfiles.d config to fix ownership and permissions in /etc +Warning about `/etc/sysconfig`. 14NetworkManager-plugins ------------------------ From b535894c22a8bb0a19b1aa661713c29749cf5f19 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 15 Jul 2021 15:36:23 -0400 Subject: [PATCH 358/489] tests/manual: silence audit messages to the console Makes poking around on the serial console easier. --- tests/manual/coreos-docs-net-testing.sh | 7 ++++++- tests/manual/coreos-network-testing.sh | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/tests/manual/coreos-docs-net-testing.sh b/tests/manual/coreos-docs-net-testing.sh index ffd4d9db7e..9d3da3006c 100755 --- a/tests/manual/coreos-docs-net-testing.sh +++ b/tests/manual/coreos-docs-net-testing.sh @@ -56,7 +56,12 @@ systemd: ExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM TTYVTDisallocate=no storage: - files:' + files: + - path: /etc/sysctl.d/20-silence-audit.conf + contents: + inline: | + # Raise console message logging level from DEBUG (7) to WARNING (4) + kernel.printk=4' fcct_hostname=' - path: /etc/hostname diff --git a/tests/manual/coreos-network-testing.sh b/tests/manual/coreos-network-testing.sh index 1110b9efac..c8bf50609b 100755 --- a/tests/manual/coreos-network-testing.sh +++ b/tests/manual/coreos-network-testing.sh @@ -45,7 +45,12 @@ storage: contents: source: https://raw.githubusercontent.com/coreos/fedora-coreos-config/8b08bd030ef3968d00d4fea9a0fa3ca3fbabf852/COPYING verification: - hash: sha512-d904690e4fc5defb804c2151e397cbe2aeeea821639995610aa377bb2446214c3433616a8708163776941df585b657648f20955e50d4b011ea2a96e7d8e08c66' + hash: sha512-d904690e4fc5defb804c2151e397cbe2aeeea821639995610aa377bb2446214c3433616a8708163776941df585b657648f20955e50d4b011ea2a96e7d8e08c66 + - path: /etc/sysctl.d/20-silence-audit.conf + contents: + inline: | + # Raise console message logging level from DEBUG (7) to WARNING (4) + kernel.printk=4' ignitionhostname='ignitionhost' fcct_hostname=' From d153b350c77d12b9902142e88a412eca036fdbf1 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 15 Jul 2021 15:39:18 -0400 Subject: [PATCH 359/489] tests/manual: fcct is now known as butane --- tests/manual/coreos-docs-net-testing.sh | 68 ++++++++++++------------- tests/manual/coreos-network-testing.sh | 64 +++++++++++------------ 2 files changed, 66 insertions(+), 66 deletions(-) diff --git a/tests/manual/coreos-docs-net-testing.sh b/tests/manual/coreos-docs-net-testing.sh index 9d3da3006c..5f6438d13d 100755 --- a/tests/manual/coreos-docs-net-testing.sh +++ b/tests/manual/coreos-docs-net-testing.sh @@ -35,7 +35,7 @@ set -eu -o pipefail vmname="coreos-docs-nettest" -fcct_common=\ +butane_common=\ 'variant: fcos version: 1.0.0 passwd: @@ -63,14 +63,14 @@ storage: # Raise console message logging level from DEBUG (7) to WARNING (4) kernel.printk=4' -fcct_hostname=' +butane_hostname=' - path: /etc/hostname mode: 0644 contents: inline: | ${hostname}' -fcct_disable_subnic2=' +butane_disable_subnic2=' - path: /etc/NetworkManager/system-connections/${subnic2}.nmconnection mode: 0600 contents: @@ -84,7 +84,7 @@ fcct_disable_subnic2=' [ipv6] method=disabled' -fcct_staticip=' +butane_staticip=' - path: /etc/NetworkManager/system-connections/${interface}.nmconnection mode: 0600 contents: @@ -101,7 +101,7 @@ fcct_staticip=' may-fail=false method=manual' -fcct_staticbond=' +butane_staticbond=' - path: /etc/NetworkManager/system-connections/${bondname}.nmconnection mode: 0600 contents: @@ -141,7 +141,7 @@ fcct_staticbond=' master=${bondname} slave-type=bond' -fcct_dhcpbridge=' +butane_dhcpbridge=' - path: /etc/NetworkManager/system-connections/${bridgename}.nmconnection mode: 0600 contents: @@ -178,7 +178,7 @@ fcct_dhcpbridge=' slave-type=bridge [bridge-port]' -fcct_dhcpteam=' +butane_dhcpteam=' - path: /etc/NetworkManager/system-connections/${teamname}.nmconnection mode: 0600 contents: @@ -218,7 +218,7 @@ fcct_dhcpteam=' [team-port] config={"prio": 100}' -fcct_staticvlan=' +butane_staticvlan=' - path: /etc/NetworkManager/system-connections/${interface}.${vlanid}.nmconnection mode: 0600 contents: @@ -256,7 +256,7 @@ fcct_staticvlan=' dns-search= method=disabled' -fcct_dhcpvlanbond=' +butane_dhcpvlanbond=' - path: /etc/NetworkManager/system-connections/${bondname}.${vlanid}.nmconnection mode: 0600 contents: @@ -323,7 +323,7 @@ check_requirements() { reqs=( chcon envsubst - fcct + butane jq ssh ssh-keygen @@ -361,11 +361,11 @@ destroy_vm() { } create_ignition_file() { - local fcctconfig=$1 + local butaneconfig=$1 local ignitionfile=$2 # uncomment and use ign-converter instead if on rhcos less than 4.6 - #echo "$fcctconfig" | fcct --strict | ign-converter -downtranslate -output $ignitionfile - echo "$fcctconfig" | fcct --strict --output $ignitionfile + #echo "$butaneconfig" | butane --strict | ign-converter -downtranslate -output $ignitionfile + echo "$butaneconfig" | butane --strict --output $ignitionfile chcon --verbose unconfined_u:object_r:svirt_home_t:s0 $ignitionfile &>/dev/null } @@ -391,7 +391,7 @@ main() { local sshpubkeyfile="${PWD}/coreos-nettest-sshkey.pub" local ignitionfile="${PWD}/coreos-nettest-config.ign" local sshpubkey - local fcct + local butane check_requirements @@ -446,23 +446,23 @@ EOF # in using the envsubst command export ip gateway netmask prefix interface nameserver bondname teamname bridgename subnic1 subnic2 vlanid - fcct_none=$(echo "${fcct_common}" | envsubst) + butane_none=$(echo "${butane_common}" | envsubst) export hostname="staticip" x="${common_args} rd.neednet=1" x+=" ip=${ip}::${gateway}:${netmask}:${hostname}:${interface}:none:${nameserver}" x+=" ip=${subnic2}:off" initramfs_staticip=$x - fcct_initramfs_staticip="${fcct_none}" - fcct_staticip=$(echo "${fcct_common}${fcct_hostname}${fcct_staticip}${fcct_disable_subnic2}" | envsubst) + butane_initramfs_staticip="${butane_none}" + butane_staticip=$(echo "${butane_common}${butane_hostname}${butane_staticip}${butane_disable_subnic2}" | envsubst) export hostname="staticbond" x="${common_args} rd.neednet=1" x+=" ip=${ip}::${gateway}:${netmask}:${hostname}:${bondname}:none:${nameserver}" x+=" bond=${bondname}:${subnic1},${subnic2}:mode=active-backup,miimon=100" initramfs_staticbond=$x - fcct_initramfs_staticbond="${fcct_none}" - fcct_staticbond=$(echo "${fcct_common}${fcct_hostname}${fcct_staticbond}" | envsubst) + butane_initramfs_staticbond="${butane_none}" + butane_staticbond=$(echo "${butane_common}${butane_hostname}${butane_staticbond}" | envsubst) export hostname="dhcpbridge" x="${common_args} rd.neednet=1" @@ -470,8 +470,8 @@ EOF x+=" bridge=${bridgename}:${subnic1},${subnic2}" x+=" nameserver=${nameserver}" initramfs_dhcpbridge=$x - fcct_initramfs_dhcpbridge=$(echo "${fcct_common}${fcct_hostname}" | envsubst) - fcct_dhcpbridge=$(echo "${fcct_common}${fcct_hostname}${fcct_dhcpbridge}" | envsubst) + butane_initramfs_dhcpbridge=$(echo "${butane_common}${butane_hostname}" | envsubst) + butane_dhcpbridge=$(echo "${butane_common}${butane_hostname}${butane_dhcpbridge}" | envsubst) export hostname="dhcpteam" x="${common_args} rd.neednet=1" @@ -479,8 +479,8 @@ EOF x+=" team=${teamname}:${subnic1},${subnic2}" x+=" nameserver=${nameserver}" initramfs_dhcpteam=$x - fcct_initramfs_dhcpteam=$(echo "${fcct_common}${fcct_hostname}" | envsubst) - fcct_dhcpteam=$(echo "${fcct_common}${fcct_hostname}${fcct_dhcpteam}" | envsubst) + butane_initramfs_dhcpteam=$(echo "${butane_common}${butane_hostname}" | envsubst) + butane_dhcpteam=$(echo "${butane_common}${butane_hostname}${butane_dhcpteam}" | envsubst) export hostname="staticvlan" x="${common_args} rd.neednet=1" @@ -488,8 +488,8 @@ EOF x+=" vlan=${interface}.${vlanid}:${interface}" x+=" ip=${subnic2}:off" initramfs_staticvlan=$x - fcct_initramfs_staticvlan="${fcct_none}" - fcct_staticvlan=$(echo "${fcct_common}${fcct_hostname}${fcct_staticvlan}${fcct_disable_subnic2}" | envsubst) + butane_initramfs_staticvlan="${butane_none}" + butane_staticvlan=$(echo "${butane_common}${butane_hostname}${butane_staticvlan}${butane_disable_subnic2}" | envsubst) export hostname="dhcpvlanbond" x="${common_args} rd.neednet=1" @@ -497,8 +497,8 @@ EOF x+=" bond=${bondname}:${subnic1},${subnic2}:mode=active-backup,miimon=100" x+=" vlan=${bondname}.${vlanid}:${bondname}" initramfs_dhcpvlanbond=$x - fcct_initramfs_dhcpvlanbond=$(echo "${fcct_common}${fcct_hostname}" | envsubst) - fcct_dhcpvlanbond=$(echo "${fcct_common}${fcct_hostname}${fcct_dhcpvlanbond}" | envsubst) + butane_initramfs_dhcpvlanbond=$(echo "${butane_common}${butane_hostname}" | envsubst) + butane_dhcpvlanbond=$(echo "${butane_common}${butane_hostname}${butane_dhcpvlanbond}" | envsubst) destroy_vm || true @@ -511,22 +511,22 @@ EOF #dhcpvlanbond # Requires special setup, see top of file comment ) - create_ignition_file "$fcct_none" $ignitionfile + create_ignition_file "$butane_none" $ignitionfile for net in ${loopitems[@]}; do var="initramfs_${net}" kernel_args=${!var} - var="fcct_initramfs_${net}" - fcctconfig=${!var} - create_ignition_file "$fcctconfig" $ignitionfile + var="butane_initramfs_${net}" + butaneconfig=${!var} + create_ignition_file "$butaneconfig" $ignitionfile start_vm $qcow $ignitionfile $kernel $initramfs "${kernel_args}" destroy_vm done for net in ${loopitems[@]}; do - var="fcct_${net}" - fcctconfig=${!var} + var="butane_${net}" + butaneconfig=${!var} kernel_args=${common_args} - create_ignition_file "$fcctconfig" $ignitionfile + create_ignition_file "$butaneconfig" $ignitionfile start_vm $qcow $ignitionfile $kernel $initramfs "${kernel_args}" destroy_vm done diff --git a/tests/manual/coreos-network-testing.sh b/tests/manual/coreos-network-testing.sh index c8bf50609b..bf1268343b 100755 --- a/tests/manual/coreos-network-testing.sh +++ b/tests/manual/coreos-network-testing.sh @@ -13,7 +13,7 @@ set -eu -o pipefail vmname="coreos-nettest" -fcct_common=\ +butane_common=\ 'variant: fcos version: 1.0.0 passwd: @@ -53,14 +53,14 @@ storage: kernel.printk=4' ignitionhostname='ignitionhost' -fcct_hostname=' +butane_hostname=' - path: /etc/hostname mode: 0644 contents: inline: | ${ignitionhostname}' -fcct_static_nic0_ifcfg=' +butane_static_nic0_ifcfg=' - path: /etc/sysconfig/network-scripts/ifcfg-${nic0} mode: 0600 contents: @@ -86,7 +86,7 @@ fcct_static_nic0_ifcfg=' DEVICE=${nic1} ONBOOT=no' -fcct_static_nic0=' +butane_static_nic0=' - path: /etc/NetworkManager/system-connections/${nic0}.nmconnection mode: 0600 contents: @@ -116,7 +116,7 @@ fcct_static_nic0=' [ipv6] method=disabled' -fcct_static_team0=' +butane_static_team0=' - path: /etc/NetworkManager/system-connections/team0.nmconnection mode: 0600 contents: @@ -158,7 +158,7 @@ fcct_static_team0=' [team-port] config={"prio": 100}' -fcct_static_bond0=' +butane_static_bond0=' - path: /etc/NetworkManager/system-connections/bond0.nmconnection mode: 0600 contents: @@ -197,7 +197,7 @@ fcct_static_bond0=' master=bond0 slave-type=bond' -fcct_static_br0=' +butane_static_br0=' - path: /etc/NetworkManager/system-connections/br0.nmconnection mode: 0600 contents: @@ -248,7 +248,7 @@ check_requirements() { reqs=( chcon envsubst - fcct + butane jq ssh ssh-keygen @@ -448,11 +448,11 @@ destroy_vm() { } create_ignition_file() { - local fcctconfig=$1 + local butaneconfig=$1 local ignitionfile=$2 # uncomment and use ign-converter instead if on rhcos less than 4.6 - #echo "$fcctconfig" | fcct --strict | ign-converter -downtranslate -output $ignitionfile - echo "$fcctconfig" | fcct --strict --output $ignitionfile + #echo "$butaneconfig" | butane --strict | ign-converter -downtranslate -output $ignitionfile + echo "$butaneconfig" | butane --strict --output $ignitionfile chcon --verbose unconfined_u:object_r:svirt_home_t:s0 $ignitionfile &>/dev/null } @@ -472,7 +472,7 @@ main() { local sshpubkeyfile="${PWD}/coreos-nettest-sshkey.pub" local ignitionfile="${PWD}/coreos-nettest-config.ign" local sshpubkey - local fcct + local butane check_requirements @@ -578,12 +578,12 @@ EOF # in using the envsubst command export ip prefix nameserverstatic gateway sshpubkey ignitionhostname nic0 nic1 - fcct_none=$(echo "${fcct_common}" | envsubst) - fcct_static_nic0=$(echo "${fcct_common}${fcct_hostname}${fcct_static_nic0}" | envsubst) - fcct_static_bond0=$(echo "${fcct_common}${fcct_hostname}${fcct_static_bond0}" | envsubst) - fcct_static_team0=$(echo "${fcct_common}${fcct_hostname}${fcct_static_team0}" | envsubst) - fcct_static_br0=$(echo "${fcct_common}${fcct_hostname}${fcct_static_br0}" | envsubst) - fcct_static_nic0_ifcfg=$(echo "${fcct_common}${fcct_hostname}${fcct_static_nic0_ifcfg}" | envsubst) + butane_none=$(echo "${butane_common}" | envsubst) + butane_static_nic0=$(echo "${butane_common}${butane_hostname}${butane_static_nic0}" | envsubst) + butane_static_bond0=$(echo "${butane_common}${butane_hostname}${butane_static_bond0}" | envsubst) + butane_static_team0=$(echo "${butane_common}${butane_hostname}${butane_static_team0}" | envsubst) + butane_static_br0=$(echo "${butane_common}${butane_hostname}${butane_static_br0}" | envsubst) + butane_static_nic0_ifcfg=$(echo "${butane_common}${butane_hostname}${butane_static_nic0_ifcfg}" | envsubst) # If the VM is still around for whatever reason, destroy it destroy_vm || true @@ -593,7 +593,7 @@ EOF # networking. Do a ifcfg check to make sure. if [ "$rhcos" == 1 ]; then echo -e "\n###### Testing ifcfg file via Ignition disables initramfs propagation\n" - create_ignition_file "$fcct_static_nic0_ifcfg" $ignitionfile + create_ignition_file "$butane_static_nic0_ifcfg" $ignitionfile start_vm $qcow $ignitionfile $kernel $initramfs "$initramfs_static_bond0" check_vm 'none' 1 0 $ip $nic0 $ignitionhostname $nameserverstatic $sshkeyfile reboot_vm @@ -605,7 +605,7 @@ EOF # configuration via Ignition either, so we'll just end up with DHCP and a # static hostname that is unset (`n/a`). echo -e "\n###### Testing coreos.no_persist_ip disables initramfs propagation\n" - create_ignition_file "$fcct_none" $ignitionfile + create_ignition_file "$butane_none" $ignitionfile start_vm $qcow $ignitionfile $kernel $initramfs "${initramfs_static_nic0} coreos.no_persist_ip" check_vm 'dhcp' 2 0 $ip $nic0 'n/a' $nameserverdhcp $sshkeyfile reboot_vm @@ -616,7 +616,7 @@ EOF # configuration via Ignition either, so we'll just end up with DHCP and a # static hostname that is unset (`n/a`). echo -e "\n###### Testing coreos.force_persist_ip forces initramfs propagation\n" - create_ignition_file "$fcct_static_nic0" $ignitionfile + create_ignition_file "$butane_static_nic0" $ignitionfile start_vm $qcow $ignitionfile $kernel $initramfs "${initramfs_static_bond0} coreos.force_persist_ip" check_vm 'none' 1 3 $ip bond0 $ignitionhostname $nameserverstatic $sshkeyfile reboot_vm @@ -642,7 +642,7 @@ EOF # # [1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/391 echo -e "\n###### Testing initramfs nameserver= option\n" - create_ignition_file "$fcct_none" $ignitionfile + create_ignition_file "$butane_none" $ignitionfile start_vm $qcow $ignitionfile $kernel $initramfs "nameserver=${nameserverstatic} ${initramfs_dhcp_nic0nic1}" check_vm 'dhcp' 2 2 $ip $nic0 'n/a' $nameserverstatic $sshkeyfile reboot_vm @@ -652,7 +652,7 @@ EOF # Do a `net.ifnames=0` check and make sure eth0 is the interface name. # We don't pass any hostname information so it will just be (`n/a`). echo -e "\n###### Testing net.ifnames=0 gives us legacy NIC naming\n" - create_ignition_file "$fcct_none" $ignitionfile + create_ignition_file "$butane_none" $ignitionfile start_vm $qcow $ignitionfile $kernel $initramfs "${initramfs_dhcp_eth0} net.ifnames=0" check_vm 'dhcp' 2 1 $ip 'eth0' 'n/a' $nameserverdhcp $sshkeyfile # Don't reboot and do another check because we didn't persist the net.ifnames=0 karg @@ -667,7 +667,7 @@ EOF static_br0 ) - fcctloop=( + butaneloop=( none static_nic0 static_bond0 @@ -676,11 +676,11 @@ EOF ) for initramfsnet in ${initramfsloop[@]}; do - for fcctnet in ${fcctloop[@]}; do + for butanenet in ${butaneloop[@]}; do method='none'; interfaces=1; nameserver=${nameserverstatic} numkeyfiles=3 - if [ "${fcctnet}" == 'none' ]; then + if [ "${butanenet}" == 'none' ]; then # because we propagate initramfs networking if no real root networking devname=${initramfsnet##*_} hostname=${initramfshostname} @@ -700,24 +700,24 @@ EOF numkeyfiles=2 fi else - devname=${fcctnet##*_} + devname=${butanenet##*_} hostname=${ignitionhostname} # If we're not using a virtual NIC (bond, bridge, team, etc) # then only two keyfiles will be created. - if [ "${fcctnet}" == 'static_nic0' ]; then + if [ "${butanenet}" == 'static_nic0' ]; then numkeyfiles=2 fi fi # If devname=nic0 then replace with ${nic0} variable [ $devname == "nic0" ] && devname=${nic0} - fcctvar="fcct_${fcctnet}" - fcctconfig=${!fcctvar} + butanevar="butane_${butanenet}" + butaneconfig=${!butanevar} initramfsvar="initramfs_${initramfsnet}" kernel_args=${!initramfsvar} - echo -e "\n###### Testing initramfs: ${initramfsnet} + ignition/fcct: ${fcctnet}\n" + echo -e "\n###### Testing initramfs: ${initramfsnet} + ignition/butane: ${butanenet}\n" - create_ignition_file "$fcctconfig" $ignitionfile + create_ignition_file "$butaneconfig" $ignitionfile start_vm $qcow $ignitionfile $kernel $initramfs "${kernel_args}" check_vm $method $interfaces $numkeyfiles $ip $devname $hostname $nameserver $sshkeyfile reboot_vm From a4fb9e264f8fb1f2c7b5e6116d08e9a76dab9130 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 16 Jul 2021 21:19:32 +0000 Subject: [PATCH 360/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/373/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index c12fe21deb..342fd5a516 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -67,7 +67,7 @@ "evra": "3.5.1-2.fc34.x86_64" }, "btrfs-progs": { - "evra": "5.12.1-1.fc34.x86_64" + "evra": "5.13-1.fc34.x86_64" }, "bubblewrap": { "evra": "0.4.1-3.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-15T20:53:04Z", + "generated": "2021-07-16T20:53:01Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-15T20:28:37Z" + "generated": "2021-07-15T21:36:11Z" }, "fedora-updates": { - "generated": "2021-07-15T00:52:27Z" + "generated": "2021-07-16T00:51:31Z" } } } From 589866fb685b02063c7a11fd29647d6df7f1bee0 Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Fri, 18 Jun 2021 16:02:35 -0400 Subject: [PATCH 361/489] tests: add test for watching files labeled kubernetes_file_t Adds a test for the ability of `systemd` to watch files labeled with `kubernetes_file_t`. See: https://github.com/coreos/fedora-coreos-tracker/issues/861 See: https://github.com/containers/container-selinux/issues/135 Co-authored-by: Dusty Mabe --- tests/kola/misc-ign-ro/config.fcc | 33 ++++++++++++++++++++++++++++++- tests/kola/misc-ign-ro/test.sh | 22 +++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/tests/kola/misc-ign-ro/config.fcc b/tests/kola/misc-ign-ro/config.fcc index 7dcb62bf93..2895e7e8c1 100644 --- a/tests/kola/misc-ign-ro/config.fcc +++ b/tests/kola/misc-ign-ro/config.fcc @@ -1,6 +1,12 @@ variant: fcos -version: 1.1.0 +version: 1.2.0 storage: + directories: + # This is for verifying that `kubernetes_file_t` labeled files can be + # watched by systemd + # See: https://github.com/coreos/fedora-coreos-tracker/issues/861 + # See: https://github.com/containers/container-selinux/issues/135 + - path: /etc/kubernetes files: - path: /etc/systemd/zram-generator.conf mode: 0644 @@ -33,3 +39,28 @@ storage: AKbyaAqbChEy9CvDgyv6qxTYU+eeBImLKS3PH2uW5etc/69V/sDojqpH3hEffsOt 9g== -----END CERTIFICATE----- +systemd: + units: + - name: kube-watch.service + # This is for verifying that `kubernetes_file_t` labeled files can be + # watched by systemd + # See: https://github.com/coreos/fedora-coreos-tracker/issues/861 + # See: https://github.com/containers/container-selinux/issues/135 + contents: | + [Service] + ExecStart=/usr/bin/echo "Found it" + RemainAfterExit=yes + Type=oneshot + [Install] + WantedBy=multi-user.target + - name: kube-watch.path + # This is for verifying that `kubernetes_file_t` labeled files can be + # watched by systemd + # See: https://github.com/coreos/fedora-coreos-tracker/issues/861 + # See: https://github.com/containers/container-selinux/issues/135 + enabled: true + contents: | + [Path] + PathExists=/etc/kubernetes/kubeconfig + [Install] + WantedBy=multi-user.target diff --git a/tests/kola/misc-ign-ro/test.sh b/tests/kola/misc-ign-ro/test.sh index 6321fc7207..525e5ba2eb 100755 --- a/tests/kola/misc-ign-ro/test.sh +++ b/tests/kola/misc-ign-ro/test.sh @@ -36,3 +36,25 @@ if [ "$context" != "system_u:object_r:net_conf_t:s0" ]; then fatal "SELinux context on stub-resolv.conf is wrong" fi ok "SELinux context on stub-resolv.conf is correct" + +# This is for verifying that `kubernetes_file_t` labeled files can be +# watched by systemd +# See: https://github.com/coreos/fedora-coreos-tracker/issues/861 +# See: https://github.com/containers/container-selinux/issues/135 +if [ "$(systemctl is-active kube-watch.path)" != "active" ]; then + fatal "kube-watch.path did not activate successfully" +fi +ok "kube-watch.path successfully activated" + +touch /etc/kubernetes/kubeconfig +ok "successfully created /etc/kubernetes/kubeconfig" + +if [ "$(systemctl is-active kube-watch.service)" != "active" ]; then + fatal "kube-watch.service did not successfully activate" +fi +ok "kube-watch.service activated successfully" + +if [ "$(journalctl -o cat -u kube-watch.service | sed -n 2p)" != "Found it" ]; then + fatal "kube-watch.service did not print message to journal" +fi +ok "Found message from kube-watch.service in journal" From ac1eb3b9880d7328d479983d7f663d6561c78a8a Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 17 Jul 2021 06:18:01 +0000 Subject: [PATCH 362/489] =?UTF-8?q?lockfiles:=20drop=20graduated=20overrid?= =?UTF-8?q?es=20=F0=9F=8E=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Triggered by remove-graduated-overrides GitHub Action. --- manifest-lock.overrides.yaml | 39 ++++++++++++++++-------------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 696c5238ec..74ed3a56ba 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -4,20 +4,11 @@ # # IMPORTANT: YAML comments *will not* be preserved. All `pin` overrides *must* # include a URL in the `metadata.reason` key. Overrides of type `fast-track` -# *should* include a URL in the `metadata.reason` key, though it's acceptable to -# omit one for FCOS-specific packages (e.g. ignition, afterburn, etc...). +# *should* include a Bodhi update URL in the `metadata.bodhi` key and a URL +# in the `metadata.reason` key, though it's acceptable to omit a `reason` +# for FCOS-specific packages (ignition, afterburn, etc.). packages: - fedora-coreos-pinger: - evr: 0.0.4-11.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9d4c3ddc8a - reason: https://github.com/coreos/fedora-coreos-config/pull/1088 - type: fast-track - ignition: - evr: 2.11.0-2.fc34 - metadata: - type: fast-track coreos-installer: evr: 0.9.1-2.fc34 metadata: @@ -30,17 +21,9 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-0efb7aefc9 reason: https://github.com/coreos/fedora-coreos-tracker/issues/889 type: fast-track - selinux-policy: - evra: 34.14-1.fc34.noarch - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-119c2c9b63 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/861 - type: fast-track - selinux-policy-targeted: - evra: 34.14-1.fc34.noarch + ignition: + evr: 2.11.0-2.fc34 metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-119c2c9b63 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/861 type: fast-track ostree: evr: 2021.3-1.fc34 @@ -54,3 +37,15 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f5ae883a27 reason: https://github.com/coreos/fedora-coreos-tracker/issues/746 type: fast-track + selinux-policy: + evra: 34.14-1.fc34.noarch + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-119c2c9b63 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/861 + type: fast-track + selinux-policy-targeted: + evra: 34.14-1.fc34.noarch + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-119c2c9b63 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/861 + type: fast-track From ce835a1ace3bbaf3548a2fdfb7f69db3f6dd0845 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 17 Jul 2021 21:20:05 +0000 Subject: [PATCH 363/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/374/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 342fd5a516..7e687de421 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -112,7 +112,7 @@ "evra": "5.2-39.fc34.x86_64" }, "conmon": { - "evra": "2:2.0.27-2.fc34.x86_64" + "evra": "2:2.0.29-2.fc34.x86_64" }, "console-login-helper-messages": { "evra": "0.21.2-1.fc34.noarch" @@ -307,7 +307,7 @@ "evra": "0.9.4-1.fc34.noarch" }, "flatpak-session-helper": { - "evra": "1.10.2-3.fc34.x86_64" + "evra": "1.10.2-4.fc34.x86_64" }, "fstrm": { "evra": "0.6.1-2.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-16T20:53:01Z", + "generated": "2021-07-17T20:53:15Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-15T21:36:11Z" + "generated": "2021-07-16T21:32:12Z" }, "fedora-updates": { - "generated": "2021-07-16T00:51:31Z" + "generated": "2021-07-17T01:33:35Z" } } } From e1f7b689c1cd7c0d08fbd6b822e4ed554ee85275 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 18 Jul 2021 06:18:06 +0000 Subject: [PATCH 364/489] =?UTF-8?q?lockfiles:=20drop=20graduated=20overrid?= =?UTF-8?q?es=20=F0=9F=8E=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Triggered by remove-graduated-overrides GitHub Action. --- manifest-lock.overrides.yaml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 74ed3a56ba..760628aa09 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -21,10 +21,6 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-0efb7aefc9 reason: https://github.com/coreos/fedora-coreos-tracker/issues/889 type: fast-track - ignition: - evr: 2.11.0-2.fc34 - metadata: - type: fast-track ostree: evr: 2021.3-1.fc34 metadata: @@ -37,15 +33,3 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f5ae883a27 reason: https://github.com/coreos/fedora-coreos-tracker/issues/746 type: fast-track - selinux-policy: - evra: 34.14-1.fc34.noarch - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-119c2c9b63 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/861 - type: fast-track - selinux-policy-targeted: - evra: 34.14-1.fc34.noarch - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-119c2c9b63 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/861 - type: fast-track From 11ef6b5eb4f3da898ca5b6d9889cc71a41a55ef5 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 18 Jul 2021 21:19:43 +0000 Subject: [PATCH 365/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/375/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 7e687de421..61086a1d89 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1,19 +1,19 @@ { "packages": { "NetworkManager": { - "evra": "1:1.30.4-1.fc34.x86_64" + "evra": "1:1.30.6-1.fc34.x86_64" }, "NetworkManager-cloud-setup": { - "evra": "1:1.30.4-1.fc34.x86_64" + "evra": "1:1.30.6-1.fc34.x86_64" }, "NetworkManager-libnm": { - "evra": "1:1.30.4-1.fc34.x86_64" + "evra": "1:1.30.6-1.fc34.x86_64" }, "NetworkManager-team": { - "evra": "1:1.30.4-1.fc34.x86_64" + "evra": "1:1.30.6-1.fc34.x86_64" }, "NetworkManager-tui": { - "evra": "1:1.30.4-1.fc34.x86_64" + "evra": "1:1.30.6-1.fc34.x86_64" }, "WALinuxAgent-udev": { "evra": "2.3.0.2-1.fc34.noarch" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-17T20:53:15Z", + "generated": "2021-07-18T20:53:16Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-16T21:32:12Z" + "generated": "2021-07-17T21:29:35Z" }, "fedora-updates": { - "generated": "2021-07-17T01:33:35Z" + "generated": "2021-07-18T00:53:12Z" } } } From 386b6fedfdee105e35b75381e48cc46c28806fad Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 19 Jul 2021 14:49:13 -0400 Subject: [PATCH 366/489] 15fcos: order coreos-check-ignition-config.service before systemd-user-sessions.service That way we can avoid the `agetty --reload`. --- .../lib/systemd/system/coreos-check-ignition-config.service | 1 + overlay.d/15fcos/usr/libexec/coreos-check-ignition-config | 3 --- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service index 1a91853d6b..a44ba0497a 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service +++ b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service @@ -8,6 +8,7 @@ Description=Check if Ignition config is provided # get misleading messages. Also handles the case where the journal # gets rotated and no longer has the structured log messages. ConditionKernelCommandLine=ignition.firstboot +Before=systemd-user-sessions.service [Service] Type=oneshot ExecStart=/usr/libexec/coreos-check-ignition-config diff --git a/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config b/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config index 93093bdba0..cf3c69c0f2 100755 --- a/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config +++ b/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config @@ -21,6 +21,3 @@ else echo -e "${warn}Ignition: no config provided by user${nc}" > /etc/issue.d/30_ignition_config_info.issue fi -# Ask all running agetty instances to reload and update their -# displayed prompts in case this script was run before agetty. -/usr/sbin/agetty --reload From 333d5068f0fe3a6ded1c8db04268251044f04a75 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 19 Jul 2021 14:49:58 -0400 Subject: [PATCH 367/489] 15fcos: remember when Ignition ran and print on console Some users sometimes may not realize that they're using a pre-booted version of a CoreOS image. This makes things confusing because they then don't understand why the Ignition config wasn't applied. There's no way to consistently detect this, but at least we can print an informational message about (1) when Ignition ran, and (2) how many boots ago that was. This enhances the Ignition issue we already write for whether a user config was provided rather than creating a separate one. Related: https://bugzilla.redhat.com/show_bug.cgi?id=1977949 Related: https://github.com/coreos/ignition/issues/1214 --- .../coreos-ignition-firstboot-complete | 30 +++++++++++ .../coreos-check-ignition-config.service | 13 ++--- .../usr/libexec/coreos-check-ignition-config | 51 +++++++++++++------ 3 files changed, 72 insertions(+), 22 deletions(-) diff --git a/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete b/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete index 3973d11e04..97baea619d 100755 --- a/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete +++ b/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete @@ -1,6 +1,14 @@ #!/bin/bash set -euo pipefail +# We put this in /run and it's then moved by +# coreos-check-ignition-config.service into /var/lib/coreos. The reason is that +# I don't want to use RequiresMountsFor=/var/lib on this service to keep it less +# fallible. Once we move this service to the initramfs, then we can directly +# write there since /var mounts are in place and we can safely trigger +# emergency.target if we fail. +IGNITION_INFO=/run/ignition.info.json + mount -o remount,rw /boot if [[ $(uname -m) = s390x ]]; then @@ -16,3 +24,25 @@ rm -rf /boot/ignition # this file. Fail if we are unable to remove it, rather than risking rerunning # Ignition at next boot. rm /boot/ignition.firstboot + +# See https://github.com/coreos/ignition/pull/958 for the MESSAGE_ID source. +nusercfgs=$(journalctl -o json-pretty MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb \ + | jq -s '.[] | select(.IGNITION_CONFIG_TYPE == "user")'| wc -l) +if [ "${nusercfgs}" -gt 0 ]; then + usercfg=true +else + usercfg=false +fi + +mkdir -p "$(dirname "${IGNITION_INFO}")" + +# This is hardly sooper seekret stuff, but let's be conservative in light of +# https://github.com/coreos/fedora-coreos-tracker/issues/889. +touch "${IGNITION_INFO}" +chmod 600 "${IGNITION_INFO}" +cat >> "${IGNITION_INFO}" < /etc/issue.d/30_ignition_config_info.issue +# See coreos-ignition-firstboot-complete +is_firstboot=0 +if [ -e "${IGNITION_FIRSTBOOT_INFO}" ]; then + is_firstboot=1 + mkdir -p "$(dirname "${IGNITION_INFO}")" + mv "${IGNITION_FIRSTBOOT_INFO}" "${IGNITION_INFO}" +fi + +mkdir -p /run/issue.d +touch /run/issue.d/30_coreos_ignition_provisioning.issue + +d=$(date --date "@$(jq .date "${IGNITION_INFO}")" +"%Y/%m/%d %H:%M:%S %Z") +if [ "${is_firstboot}" == 1 ]; then + echo "Ignition: ran on ${d} (this boot)" \ + > /run/issue.d/30_coreos_ignition_provisioning.issue +else + nreboots=$(($(journalctl --list-boots | wc -l) - 1)) + [ "${nreboots}" -eq 1 ] && boot="boot" || boot="boots" + echo "Ignition: ran on ${d} (at least $nreboots $boot ago)" \ + > /run/issue.d/30_coreos_ignition_provisioning.issue +fi + +if jq -e .usercfg "${IGNITION_INFO}" &>/dev/null; then + echo "Ignition: user-provided config was applied" \ + >> /run/issue.d/30_coreos_ignition_provisioning.issue else - echo -e "${warn}Ignition: no config provided by user${nc}" > /etc/issue.d/30_ignition_config_info.issue + echo -e "${WARN}Ignition: no config provided by user${RESET}" \ + >> /run/issue.d/30_coreos_ignition_provisioning.issue fi +# Our makeshift way of getting /run/issue.d semantics. See: +# https://github.com/coreos/console-login-helper-messages/blob/e06fc88ae8fbcc3a422bc8c686f70c15aebb9d9a/usr/lib/console-login-helper-messages/issue.defs#L8-L17 +ln -sf /run/issue.d/30_coreos_ignition_provisioning.issue /etc/issue.d/ From a530fe76f6815335f6acc7fb7691c28cf6ec8102 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 19 Jul 2021 14:37:37 -0400 Subject: [PATCH 368/489] lockfiles: fast-track container-selinux-2.164.1-1.git563ba3f.fc34 Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/881 --- manifest-lock.overrides.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 760628aa09..cf444a0f5b 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -9,6 +9,12 @@ # for FCOS-specific packages (ignition, afterburn, etc.). packages: + container-selinux: + evra: 2:2.164.1-1.git563ba3f.fc34.noarch + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-463a2721ec + reason: https://github.com/coreos/fedora-coreos-tracker/issues/881 + type: fast-track coreos-installer: evr: 0.9.1-2.fc34 metadata: From d50a040753f22a60ae426fe6b03945c9d42d8610 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 14 Jul 2021 17:01:53 -0400 Subject: [PATCH 369/489] manifests: remove outdated comment The coreos-reset-stub-resolv-selinux-context path/service were removed in 474c87b. So we don't need the comment. --- manifests/fedora-coreos-base.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 524c56f042..93a8eb7ba8 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -83,8 +83,6 @@ postprocess: # Neuter systemd-resolved for now. # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-743219353 - # Note: When removing this, we likely also want to remove - # coreos-reset-stub-resolv-selinux-context.{path,service} and their presets. - | #!/usr/bin/env bash set -xeuo pipefail From 35ba0419cd3daaf424c4c8d74654d51403932d2c Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 14 Jul 2021 17:06:08 -0400 Subject: [PATCH 370/489] manifests: make the systemd-resolved neutering F34 only The underlying issues are resolved in the latest NetworkManager in Fedora 35+ so let's conditionalize it on Fedora 34. Was fixed upstream by https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/877 Will fix https://github.com/coreos/fedora-coreos-tracker/issues/834 --- manifests/fedora-coreos-base.yaml | 18 +++++++++++++----- tests/kola/misc-ro | 8 +++++++- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 93a8eb7ba8..581845dfa5 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -83,9 +83,16 @@ postprocess: # Neuter systemd-resolved for now. # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-743219353 + # Remove when on F35+ as NM now handles rdns + resolved better + # https://github.com/coreos/fedora-coreos-tracker/issues/834 + # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/601 + # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/877 - | #!/usr/bin/env bash set -xeuo pipefail + # Only operate on F34 since F35+ has been fixed + source /etc/os-release + [ ${VERSION_ID} -eq 34 ] || exit 0 # Get us back to Fedora 32's nsswitch.conf settings sed -i 's/^hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf mkdir -p /usr/lib/systemd/resolved.conf.d/ @@ -97,11 +104,12 @@ postprocess: DNSStubListener=no EOF - # Set the fallback hostname to `localhost`. This piggybacks on the - # postprocess script above which neuters systemd-resolved, because - # currently, a fallback hostname of `localhost` + systemd-resolved breaks - # rDNS. Eventually, we should be able to drop this at the same time as we drop - # the above. See: https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 + # Set the fallback hostname to `localhost`. This was needed in F33/F34 + # because a fallback hostname of `fedora` + systemd-resolved broke + # rDNS. It's now fixed in F35+ NetworkManager to handle the corner cases + # around synthetized hostnames and systemd-resolved, but the question + # remains on what is a more appropriate default hostname for a server like + # host. https://github.com/coreos/fedora-coreos-tracker/issues/902 - | #!/usr/bin/env bash source /etc/os-release diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 0ebfabfa0a..50ebaa5aab 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -32,10 +32,16 @@ if ! systemctl show -p ActiveState kdump.service | grep -q ActiveState=inactive; fatal "Unit kdump.service shouldn't be active" fi # systemd-resolved should be enabled -source /etc/os-release if ! systemctl is-enabled systemd-resolved 1>/dev/null; then fatal "Unit systemd-resolved should be enabled" fi +# systemd-resolved should be fully functional on f35+ +source /etc/os-release +if [ "$VERSION_ID" -ge "35" ]; then + if ! grep 'nameserver 127.0.0.53' /etc/resolv.conf; then + fatal "systemd-resolved stub listener isn't enabled" + fi +fi ok services # https://github.com/coreos/fedora-coreos-config/commit/2a5c2abc796ac645d705700bf445b50d4cda8f5f From 1f756d7c3e6eeb5bdd9ca488e0611af1782443b1 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 19 Jul 2021 22:58:38 +0000 Subject: [PATCH 371/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/377/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 61086a1d89..37f1bbc633 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -127,7 +127,7 @@ "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.163.0-1.fc34.noarch" + "evra": "2:2.164.1-1.git563ba3f.fc34.noarch" }, "containerd": { "evra": "1.5.0~rc.1-1.fc34.x86_64" @@ -556,7 +556,7 @@ "evra": "0.4.0-1.fc34.x86_64" }, "libedit": { - "evra": "3.1-37.20210522cvs.fc34.x86_64" + "evra": "3.1-38.20210714cvs.fc34.x86_64" }, "libevent": { "evra": "2.1.12-3.fc34.x86_64" @@ -820,10 +820,10 @@ "evra": "2.5.1-28.fc34.x86_64" }, "linux-firmware": { - "evra": "20210511-120.fc34.noarch" + "evra": "20210716-121.fc34.noarch" }, "linux-firmware-whence": { - "evra": "20210511-120.fc34.noarch" + "evra": "20210716-121.fc34.noarch" }, "lmdb-libs": { "evra": "0.9.29-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-18T20:53:16Z", + "generated": "2021-07-19T21:49:55Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-17T21:29:35Z" + "generated": "2021-07-19T20:25:51Z" }, "fedora-updates": { - "generated": "2021-07-18T00:53:12Z" + "generated": "2021-07-19T00:52:17Z" } } } From 2b3687b6b5a8a74bbbe392bf207b2c391f0235b3 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 20 Jul 2021 13:43:42 -0400 Subject: [PATCH 372/489] lockfiles: fast-track systemd-248.5-1.fc34 Contains a fix for CVE-2021-33910. See https://github.com/coreos/fedora-coreos-tracker/issues/904 --- manifest-lock.overrides.yaml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index cf444a0f5b..d338e5538b 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -39,3 +39,39 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f5ae883a27 reason: https://github.com/coreos/fedora-coreos-tracker/issues/746 type: fast-track + systemd: + evr: 248.5-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 + type: fast-track + systemd-container: + evr: 248.5-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 + type: fast-track + systemd-libs: + evr: 248.5-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 + type: fast-track + systemd-pam: + evr: 248.5-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 + type: fast-track + systemd-udev: + evr: 248.5-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 + type: fast-track + systemd-rpm-macros: + evra: 248.5-1.fc34.noarch + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 + type: fast-track From 569504505889c29f2da0019b01773edb4141ad92 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 20 Jul 2021 21:29:26 +0000 Subject: [PATCH 373/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/378/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 37f1bbc633..516a04f224 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1117,22 +1117,22 @@ "evra": "1.9.5p2-1.fc34.x86_64" }, "systemd": { - "evra": "248.4-1.fc34.x86_64" + "evra": "248.5-1.fc34.x86_64" }, "systemd-container": { - "evra": "248.4-1.fc34.x86_64" + "evra": "248.5-1.fc34.x86_64" }, "systemd-libs": { - "evra": "248.4-1.fc34.x86_64" + "evra": "248.5-1.fc34.x86_64" }, "systemd-pam": { - "evra": "248.4-1.fc34.x86_64" + "evra": "248.5-1.fc34.x86_64" }, "systemd-rpm-macros": { - "evra": "248.4-1.fc34.noarch" + "evra": "248.5-1.fc34.noarch" }, "systemd-udev": { - "evra": "248.4-1.fc34.x86_64" + "evra": "248.5-1.fc34.x86_64" }, "tar": { "evra": "2:1.34-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-19T21:49:55Z", + "generated": "2021-07-20T20:53:55Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-19T20:25:51Z" + "generated": "2021-07-20T18:46:00Z" }, "fedora-updates": { - "generated": "2021-07-19T00:52:17Z" + "generated": "2021-07-20T00:55:02Z" } } } From 29f74c49793798a86e54bb4fadafc85275b3f871 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 20 Jul 2021 20:08:46 -0400 Subject: [PATCH 374/489] lockfiles: fast-track kernel-5.13.4-200.fc34 Contains 5.13 stream fix for CVE-2021-33909. Will add the link to the bodhi update (once it's created) in a followup. See https://github.com/coreos/fedora-coreos-tracker/issues/904 --- manifest-lock.overrides.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index d338e5538b..2032e72087 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -27,6 +27,21 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-0efb7aefc9 reason: https://github.com/coreos/fedora-coreos-tracker/issues/889 type: fast-track + kernel: + evr: 5.13.4-200.fc34 + metadata: + reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 + type: fast-track + kernel-core: + evr: 5.13.4-200.fc34 + metadata: + reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 + type: fast-track + kernel-modules: + evr: 5.13.4-200.fc34 + metadata: + reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 + type: fast-track ostree: evr: 2021.3-1.fc34 metadata: From c4da7a6015b711e9f3d7760fb0ef74eebbe5842d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 21 Jul 2021 09:55:13 -0400 Subject: [PATCH 375/489] lockfiles: update bodhi link for kernel-5.13.4-200.fc34 The bodhi update had not been created yet when we fast-tracked it originally. --- manifest-lock.overrides.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 2032e72087..e2b48be7e8 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -30,16 +30,19 @@ packages: kernel: evr: 5.13.4-200.fc34 metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-07dc0b3eb1 reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 type: fast-track kernel-core: evr: 5.13.4-200.fc34 metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-07dc0b3eb1 reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 type: fast-track kernel-modules: evr: 5.13.4-200.fc34 metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-07dc0b3eb1 reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 type: fast-track ostree: From a5eee68225aeb0ee51c9c4c4a27ecebf5d0003d4 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 21 Jul 2021 21:20:42 +0000 Subject: [PATCH 376/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/379/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 516a04f224..9fd7ea592b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.12.15-300.fc34.x86_64" + "evra": "5.13.4-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.12.15-300.fc34.x86_64" + "evra": "5.13.4-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.12.15-300.fc34.x86_64" + "evra": "5.13.4-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1066,7 +1066,7 @@ "evra": "15.4-4.x86_64" }, "skopeo": { - "evra": "1:1.3.0-1.fc34.x86_64" + "evra": "1:1.3.1-1.fc34.x86_64" }, "slang": { "evra": "2.3.2-9.fc34.x86_64" @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3154-1.fc34.x86_64" + "evra": "2:8.2.3182-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-07-20T20:53:55Z", + "generated": "2021-07-21T20:53:18Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-20T18:46:00Z" + "generated": "2021-07-21T04:52:24Z" }, "fedora-updates": { - "generated": "2021-07-20T00:55:02Z" + "generated": "2021-07-21T00:55:04Z" } } } From f1a30dc38b116943acd59be2c8821ac1ed5b04ec Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 22 Jul 2021 06:20:12 +0000 Subject: [PATCH 377/489] =?UTF-8?q?lockfiles:=20drop=20graduated=20overrid?= =?UTF-8?q?es=20=F0=9F=8E=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Triggered by remove-graduated-overrides GitHub Action. --- manifest-lock.overrides.yaml | 48 ------------------------------------ 1 file changed, 48 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index e2b48be7e8..68c95ccb0c 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -15,36 +15,6 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-463a2721ec reason: https://github.com/coreos/fedora-coreos-tracker/issues/881 type: fast-track - coreos-installer: - evr: 0.9.1-2.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-0efb7aefc9 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/889 - type: fast-track - coreos-installer-bootinfra: - evr: 0.9.1-2.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-0efb7aefc9 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/889 - type: fast-track - kernel: - evr: 5.13.4-200.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-07dc0b3eb1 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 - type: fast-track - kernel-core: - evr: 5.13.4-200.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-07dc0b3eb1 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 - type: fast-track - kernel-modules: - evr: 5.13.4-200.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-07dc0b3eb1 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 - type: fast-track ostree: evr: 2021.3-1.fc34 metadata: @@ -75,21 +45,3 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 type: fast-track - systemd-pam: - evr: 248.5-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 - type: fast-track - systemd-udev: - evr: 248.5-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 - type: fast-track - systemd-rpm-macros: - evra: 248.5-1.fc34.noarch - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 - type: fast-track From a75418838e2357757556ac38792ab7827339d172 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 22 Jul 2021 09:26:03 -0400 Subject: [PATCH 378/489] ci/remove-graduated-overrides: query by arch too The x86_64 repo also includes i686 packages so we need to filter on the arch too when querying to make sure we're comparing packages of the same arch. --- ci/remove-graduated-overrides.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/remove-graduated-overrides.py b/ci/remove-graduated-overrides.py index 598891c954..0ae84a6741 100755 --- a/ci/remove-graduated-overrides.py +++ b/ci/remove-graduated-overrides.py @@ -109,7 +109,8 @@ def update_lockfile(base, fn): def sack_has_nevra_greater_or_equal(base, nevra): nevra = hawkey.split_nevra(nevra) - pkgs = base.sack.query().filterm(name=nevra.name).latest().run() + pkgs = base.sack.query().filterm(name=nevra.name, + arch=nevra.arch).latest().run() if len(pkgs) == 0: # Odd... the only way I can imagine this happen is if we fast-track a From c54185a575740214f90d21a744ca5ebbef230f89 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 22 Jul 2021 18:18:25 +0000 Subject: [PATCH 379/489] =?UTF-8?q?lockfiles:=20drop=20graduated=20overrid?= =?UTF-8?q?es=20=F0=9F=8E=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Triggered by remove-graduated-overrides GitHub Action. --- manifest-lock.overrides.yaml | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 68c95ccb0c..3b61f4656e 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -15,33 +15,3 @@ packages: bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-463a2721ec reason: https://github.com/coreos/fedora-coreos-tracker/issues/881 type: fast-track - ostree: - evr: 2021.3-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f5ae883a27 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/746 - type: fast-track - ostree-libs: - evr: 2021.3-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f5ae883a27 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/746 - type: fast-track - systemd: - evr: 248.5-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 - type: fast-track - systemd-container: - evr: 248.5-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 - type: fast-track - systemd-libs: - evr: 248.5-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2a6ba64260 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/904 - type: fast-track From b944ebcd22b9329ef37ec3db0b326035963922e7 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 22 Jul 2021 21:43:16 -0400 Subject: [PATCH 380/489] 35coreos-ignition: perform kargs reboot with --force Without --force, the boot process races with service shutdown, leaving enough time for the disks stage to start. With --force, systemd immediately kills processes, unmounts filesystems, and reboots. Fixes https://github.com/coreos/fedora-coreos-tracker/issues/896. --- .../modules.d/35coreos-ignition/coreos-kargs-reboot.service | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service index 4f50823092..18258a0a1e 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service @@ -18,4 +18,6 @@ OnFailureJobMode=isolate [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/usr/bin/systemctl reboot +# --force causes a rapid reboot. Without it, systemd continues running +# Ignition stages in parallel with shutting down. +ExecStart=/usr/bin/systemctl reboot --force From 7d3c177f43af646bac634bd0e8fbcedab27e887e Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 23 Jul 2021 14:23:51 -0400 Subject: [PATCH 381/489] coreos-kargs-reboot: rename flag file The RHCOS FIPS code is going to create the same flag file, so let's name it something more generic. --- .../modules.d/35coreos-ignition/coreos-kargs-reboot.service | 2 +- .../usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service index 18258a0a1e..6ac57ff7b7 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service @@ -1,7 +1,7 @@ [Unit] Description=CoreOS Kernel Arguments Reboot ConditionPathExists=/etc/initrd-release -ConditionPathExists=/run/ignition-modified-kargs +ConditionPathExists=/run/coreos-kargs-reboot DefaultDependencies=false Before=ignition-complete.target diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh index 3744eb6d4b..adad195737 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh @@ -1,4 +1,4 @@ #!/bin/bash set -euo pipefail -/usr/bin/rdcore kargs --boot-device /dev/disk/by-label/boot --create-if-changed /run/ignition-modified-kargs "$@" +/usr/bin/rdcore kargs --boot-device /dev/disk/by-label/boot --create-if-changed /run/coreos-kargs-reboot "$@" From caad7ce2692e10f698369ffe2317cc80518f35dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Fri, 23 Jul 2021 11:37:48 +0200 Subject: [PATCH 382/489] tests/misc-ro: Simplify permission checks for files in /etc Make use of some GNU find extensions to make the check simpler. --- tests/kola/misc-ro | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 50ebaa5aab..a900d63e72 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -174,16 +174,16 @@ if [[ $sys_fs_cgroup_source != cgroup2 ]]; then fatal "/sys/fs/cgroup is not cgroup2" fi -for perms in 'o+w' 'g+w'; do - list="$(find /etc -type f -perm /${perms})" - if [[ -n "${list}" ]]; then - fatal "found files with ${perms}:\n${list}" - fi -done -ok "no files with o+w or g+w found in /etc" +list="$(find /etc -type f,d -perm /022)" +if [[ -n "${list}" ]]; then + find /etc -type f,d -perm /022 -print0 | xargs -0 ls -al + fatal "found files or directories with 'g+w' or 'o+w' permission" +fi +ok "no files with 'g+w' or 'o+w' permission found in /etc" for f in '/etc/passwd' '/etc/group'; do if [[ $(stat --format="%a %u %g" "${f}") != "644 0 0" ]]; then + ls -al "${f}" fatal "found incorrect permissions for ${f}" fi done From ff689b8ab0496e140fb254c4b4b8fcfbefa19cb2 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 23 Jul 2021 21:33:23 +0000 Subject: [PATCH 383/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/381/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 45 ++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 9fd7ea592b..bcb88eb88a 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -37,7 +37,7 @@ "evra": "2.5.1-1.fc34.x86_64" }, "audit-libs": { - "evra": "3.0.2-1.fc34.x86_64" + "evra": "3.0.3-1.fc34.x86_64" }, "avahi-libs": { "evra": "0.8-9.fc34.x86_64" @@ -178,7 +178,7 @@ "evra": "1:2.3.3op2-7.fc34.x86_64" }, "curl": { - "evra": "7.76.1-4.fc34.x86_64" + "evra": "7.76.1-7.fc34.x86_64" }, "cyrus-sasl-gssapi": { "evra": "2.1.27-8.fc34.x86_64" @@ -541,7 +541,7 @@ "evra": "1.45.6-5.fc34.x86_64" }, "libcurl": { - "evra": "7.76.1-4.fc34.x86_64" + "evra": "7.76.1-7.fc34.x86_64" }, "libdaemon": { "evra": "0.14-21.fc34.x86_64" @@ -604,7 +604,7 @@ "evra": "1.3.1-47.fc34.x86_64" }, "libipa_hbac": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "libjcat": { "evra": "0.1.6-1.fc34.x86_64" @@ -630,9 +630,6 @@ "libmaxminddb": { "evra": "1.5.2-1.fc34.x86_64" }, - "libmetalink": { - "evra": "0.1.3-14.fc34.x86_64" - }, "libmnl": { "evra": "1.0.4-13.fc34.x86_64" }, @@ -739,16 +736,16 @@ "evra": "0.9.5-2.fc34.noarch" }, "libsss_certmap": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "libsss_idmap": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "libsss_nss_idmap": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "libsss_sudo": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "libstdc++": { "evra": "11.1.1-3.fc34.x86_64" @@ -970,10 +967,10 @@ "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "3:3.2.2-1.fc34.x86_64" + "evra": "3:3.2.3-1.fc34.x86_64" }, "podman-plugins": { - "evra": "3:3.2.2-1.fc34.x86_64" + "evra": "3:3.2.3-1.fc34.x86_64" }, "policycoreutils": { "evra": "3.2-1.fc34.x86_64" @@ -1087,28 +1084,28 @@ "evra": "0.1.2-7.fc34.x86_64" }, "sssd-ad": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "sssd-client": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "sssd-common": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "sssd-common-pac": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "sssd-ipa": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "sssd-krb5": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "sssd-krb5-common": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "sssd-ldap": { - "evra": "2.5.1-2.fc34.x86_64" + "evra": "2.5.2-1.fc34.x86_64" }, "stalld": { "evra": "1.10-1.fc34.x86_64" @@ -1193,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-07-21T20:53:18Z", + "generated": "2021-07-23T20:53:08Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-21T04:52:24Z" + "generated": "2021-07-21T21:37:36Z" }, "fedora-updates": { - "generated": "2021-07-21T00:55:04Z" + "generated": "2021-07-23T00:59:08Z" } } } From eb84698282c0011d8789581441a96eaf52b95b75 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 24 Jul 2021 21:21:00 +0000 Subject: [PATCH 384/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/382/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index bcb88eb88a..b040046895 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -136,7 +136,7 @@ "evra": "1.0.0-0.2.rc1.fc34.x86_64" }, "containers-common": { - "evra": "4:1-20.fc34.noarch" + "evra": "4:1-21.fc34.noarch" }, "coreos-installer": { "evra": "0.9.1-2.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-07-23T20:53:08Z", + "generated": "2021-07-24T20:53:02Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-21T21:37:36Z" + "generated": "2021-07-23T21:44:33Z" }, "fedora-updates": { - "generated": "2021-07-23T00:59:08Z" + "generated": "2021-07-24T02:08:24Z" } } } From d4f6818e52f8533bb5d03993ccc4aa4977300f2b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 25 Jul 2021 21:20:09 +0000 Subject: [PATCH 385/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/383/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index b040046895..02e703e702 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -52,13 +52,13 @@ "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.16.18-1.fc34.x86_64" + "evra": "32:9.16.19-1.fc34.x86_64" }, "bind-license": { - "evra": "32:9.16.18-1.fc34.noarch" + "evra": "32:9.16.19-1.fc34.noarch" }, "bind-utils": { - "evra": "32:9.16.18-1.fc34.x86_64" + "evra": "32:9.16.19-1.fc34.x86_64" }, "bootupd": { "evra": "0.2.5-3.fc34.x86_64" @@ -130,7 +130,7 @@ "evra": "2:2.164.1-1.git563ba3f.fc34.noarch" }, "containerd": { - "evra": "1.5.0~rc.1-1.fc34.x86_64" + "evra": "1.5.3-1.fc34.x86_64" }, "containernetworking-plugins": { "evra": "1.0.0-0.2.rc1.fc34.x86_64" @@ -598,7 +598,7 @@ "evra": "67.1-6.fc34.x86_64" }, "libidn2": { - "evra": "2.3.1-1.fc34.x86_64" + "evra": "2.3.2-1.fc34.x86_64" }, "libini_config": { "evra": "1.3.1-47.fc34.x86_64" @@ -856,7 +856,7 @@ "evra": "2:2.1-46.fc34.x86_64" }, "moby-engine": { - "evra": "20.10.6-1.fc34.x86_64" + "evra": "20.10.7-1.fc34.x86_64" }, "mokutil": { "evra": "2:0.4.0-4.fc34.x86_64" @@ -1114,22 +1114,22 @@ "evra": "1.9.5p2-1.fc34.x86_64" }, "systemd": { - "evra": "248.5-1.fc34.x86_64" + "evra": "248.6-1.fc34.x86_64" }, "systemd-container": { - "evra": "248.5-1.fc34.x86_64" + "evra": "248.6-1.fc34.x86_64" }, "systemd-libs": { - "evra": "248.5-1.fc34.x86_64" + "evra": "248.6-1.fc34.x86_64" }, "systemd-pam": { - "evra": "248.5-1.fc34.x86_64" + "evra": "248.6-1.fc34.x86_64" }, "systemd-rpm-macros": { - "evra": "248.5-1.fc34.noarch" + "evra": "248.6-1.fc34.noarch" }, "systemd-udev": { - "evra": "248.5-1.fc34.x86_64" + "evra": "248.6-1.fc34.x86_64" }, "tar": { "evra": "2:1.34-1.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-07-24T20:53:02Z", + "generated": "2021-07-25T20:53:07Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-23T21:44:33Z" + "generated": "2021-07-24T21:29:55Z" }, "fedora-updates": { - "generated": "2021-07-24T02:08:24Z" + "generated": "2021-07-25T00:55:23Z" } } } From af4daf21646805ea7b83fc19e40612fe8aef3d88 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 26 Jul 2021 14:12:00 -0400 Subject: [PATCH 386/489] lockfiles: initial aarch64 lockfile We'll pre-populate it here and then bump-lockfile will handle updating it in the future. --- manifest-lock.aarch64.json | 1194 ++++++++++++++++++++++++++++++++++++ 1 file changed, 1194 insertions(+) create mode 100644 manifest-lock.aarch64.json diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json new file mode 100644 index 0000000000..cc16d7602b --- /dev/null +++ b/manifest-lock.aarch64.json @@ -0,0 +1,1194 @@ +{ + "packages": { + "NetworkManager": { + "evra": "1:1.30.6-1.fc34.aarch64" + }, + "NetworkManager-cloud-setup": { + "evra": "1:1.30.6-1.fc34.aarch64" + }, + "NetworkManager-libnm": { + "evra": "1:1.30.6-1.fc34.aarch64" + }, + "NetworkManager-team": { + "evra": "1:1.30.6-1.fc34.aarch64" + }, + "NetworkManager-tui": { + "evra": "1:1.30.6-1.fc34.aarch64" + }, + "WALinuxAgent-udev": { + "evra": "2.3.0.2-1.fc34.noarch" + }, + "acl": { + "evra": "2.3.1-1.fc34.aarch64" + }, + "adcli": { + "evra": "0.9.1-3.fc34.aarch64" + }, + "afterburn": { + "evra": "5.0.0-1.fc34.aarch64" + }, + "afterburn-dracut": { + "evra": "5.0.0-1.fc34.aarch64" + }, + "alternatives": { + "evra": "1.15-2.fc34.aarch64" + }, + "attr": { + "evra": "2.5.1-1.fc34.aarch64" + }, + "audit-libs": { + "evra": "3.0.3-1.fc34.aarch64" + }, + "avahi-libs": { + "evra": "0.8-9.fc34.aarch64" + }, + "basesystem": { + "evra": "11-11.fc34.noarch" + }, + "bash": { + "evra": "5.1.0-2.fc34.aarch64" + }, + "bash-completion": { + "evra": "1:2.11-2.fc34.noarch" + }, + "bind-libs": { + "evra": "32:9.16.19-1.fc34.aarch64" + }, + "bind-license": { + "evra": "32:9.16.19-1.fc34.noarch" + }, + "bind-utils": { + "evra": "32:9.16.19-1.fc34.aarch64" + }, + "bootupd": { + "evra": "0.2.5-3.fc34.aarch64" + }, + "bsdtar": { + "evra": "3.5.1-2.fc34.aarch64" + }, + "btrfs-progs": { + "evra": "5.13-1.fc34.aarch64" + }, + "bubblewrap": { + "evra": "0.4.1-3.fc34.aarch64" + }, + "bzip2": { + "evra": "1.0.8-6.fc34.aarch64" + }, + "bzip2-libs": { + "evra": "1.0.8-6.fc34.aarch64" + }, + "c-ares": { + "evra": "1.17.1-2.fc34.aarch64" + }, + "ca-certificates": { + "evra": "2021.2.50-1.0.fc34.noarch" + }, + "catatonit": { + "evra": "0.1.5-4.fc34.aarch64" + }, + "chrony": { + "evra": "4.1-1.fc34.aarch64" + }, + "cifs-utils": { + "evra": "6.11-3.fc34.aarch64" + }, + "clevis": { + "evra": "18-1.fc34.aarch64" + }, + "clevis-dracut": { + "evra": "18-1.fc34.aarch64" + }, + "clevis-luks": { + "evra": "18-1.fc34.aarch64" + }, + "clevis-systemd": { + "evra": "18-1.fc34.aarch64" + }, + "cloud-utils-growpart": { + "evra": "0.31-8.fc34.noarch" + }, + "compat-readline5": { + "evra": "5.2-39.fc34.aarch64" + }, + "conmon": { + "evra": "2:2.0.29-2.fc34.aarch64" + }, + "console-login-helper-messages": { + "evra": "0.21.2-1.fc34.noarch" + }, + "console-login-helper-messages-issuegen": { + "evra": "0.21.2-1.fc34.noarch" + }, + "console-login-helper-messages-motdgen": { + "evra": "0.21.2-1.fc34.noarch" + }, + "console-login-helper-messages-profile": { + "evra": "0.21.2-1.fc34.noarch" + }, + "container-selinux": { + "evra": "2:2.164.1-1.git563ba3f.fc34.noarch" + }, + "containerd": { + "evra": "1.5.3-1.fc34.aarch64" + }, + "containernetworking-plugins": { + "evra": "1.0.0-0.2.rc1.fc34.aarch64" + }, + "containers-common": { + "evra": "4:1-21.fc34.noarch" + }, + "coreos-installer": { + "evra": "0.9.1-2.fc34.aarch64" + }, + "coreos-installer-bootinfra": { + "evra": "0.9.1-2.fc34.aarch64" + }, + "coreutils": { + "evra": "8.32-30.fc34.aarch64" + }, + "coreutils-common": { + "evra": "8.32-30.fc34.aarch64" + }, + "cpio": { + "evra": "2.13-10.fc34.aarch64" + }, + "cracklib": { + "evra": "2.9.6-25.fc34.aarch64" + }, + "criu": { + "evra": "3.15-3.fc34.aarch64" + }, + "criu-libs": { + "evra": "3.15-3.fc34.aarch64" + }, + "crun": { + "evra": "0.20.1-1.fc34.aarch64" + }, + "crypto-policies": { + "evra": "20210213-1.git5c710c0.fc34.noarch" + }, + "cryptsetup": { + "evra": "2.3.6-1.fc34.aarch64" + }, + "cryptsetup-libs": { + "evra": "2.3.6-1.fc34.aarch64" + }, + "cups-libs": { + "evra": "1:2.3.3op2-7.fc34.aarch64" + }, + "curl": { + "evra": "7.76.1-7.fc34.aarch64" + }, + "cyrus-sasl-gssapi": { + "evra": "2.1.27-8.fc34.aarch64" + }, + "cyrus-sasl-lib": { + "evra": "2.1.27-8.fc34.aarch64" + }, + "dbus": { + "evra": "1:1.12.20-3.fc34.aarch64" + }, + "dbus-broker": { + "evra": "29-1.fc34.aarch64" + }, + "dbus-common": { + "evra": "1:1.12.20-3.fc34.noarch" + }, + "dbus-libs": { + "evra": "1:1.12.20-3.fc34.aarch64" + }, + "device-mapper": { + "evra": "1.02.175-1.fc34.aarch64" + }, + "device-mapper-event": { + "evra": "1.02.175-1.fc34.aarch64" + }, + "device-mapper-event-libs": { + "evra": "1.02.175-1.fc34.aarch64" + }, + "device-mapper-libs": { + "evra": "1.02.175-1.fc34.aarch64" + }, + "device-mapper-multipath": { + "evra": "0.8.5-4.fc34.aarch64" + }, + "device-mapper-multipath-libs": { + "evra": "0.8.5-4.fc34.aarch64" + }, + "device-mapper-persistent-data": { + "evra": "0.9.0-3.fc34.aarch64" + }, + "diffutils": { + "evra": "3.7-8.fc34.aarch64" + }, + "dnsmasq": { + "evra": "2.85-1.fc34.aarch64" + }, + "dosfstools": { + "evra": "4.2-1.fc34.aarch64" + }, + "dracut": { + "evra": "055-3.fc34.aarch64" + }, + "dracut-network": { + "evra": "055-3.fc34.aarch64" + }, + "e2fsprogs": { + "evra": "1.45.6-5.fc34.aarch64" + }, + "e2fsprogs-libs": { + "evra": "1.45.6-5.fc34.aarch64" + }, + "efi-filesystem": { + "evra": "5-2.fc34.noarch" + }, + "efibootmgr": { + "evra": "16-10.fc34.aarch64" + }, + "efivar-libs": { + "evra": "37-15.fc34.aarch64" + }, + "elfutils-default-yama-scope": { + "evra": "0.185-2.fc34.noarch" + }, + "elfutils-libelf": { + "evra": "0.185-2.fc34.aarch64" + }, + "elfutils-libs": { + "evra": "0.185-2.fc34.aarch64" + }, + "ethtool": { + "evra": "2:5.13-1.fc34.aarch64" + }, + "expat": { + "evra": "2.4.1-1.fc34.aarch64" + }, + "fedora-coreos-pinger": { + "evra": "0.0.4-11.fc34.aarch64" + }, + "fedora-gpg-keys": { + "evra": "34-2.noarch" + }, + "fedora-release-common": { + "evra": "34-1.noarch" + }, + "fedora-release-coreos": { + "evra": "34-1.noarch" + }, + "fedora-release-identity-coreos": { + "evra": "34-1.noarch" + }, + "fedora-repos": { + "evra": "34-2.noarch" + }, + "fedora-repos-archive": { + "evra": "34-2.noarch" + }, + "fedora-repos-modular": { + "evra": "34-2.noarch" + }, + "fedora-repos-ostree": { + "evra": "34-2.noarch" + }, + "file": { + "evra": "5.39-6.fc34.aarch64" + }, + "file-libs": { + "evra": "5.39-6.fc34.aarch64" + }, + "filesystem": { + "evra": "3.14-5.fc34.aarch64" + }, + "findutils": { + "evra": "1:4.8.0-2.fc34.aarch64" + }, + "firewalld-filesystem": { + "evra": "0.9.4-1.fc34.noarch" + }, + "flatpak-session-helper": { + "evra": "1.10.2-4.fc34.aarch64" + }, + "fstrm": { + "evra": "0.6.1-2.fc34.aarch64" + }, + "fuse": { + "evra": "2.9.9-11.fc34.aarch64" + }, + "fuse-common": { + "evra": "3.10.4-1.fc34.aarch64" + }, + "fuse-libs": { + "evra": "2.9.9-11.fc34.aarch64" + }, + "fuse-overlayfs": { + "evra": "1.5.0-1.fc34.aarch64" + }, + "fuse-sshfs": { + "evra": "3.7.2-1.fc34.aarch64" + }, + "fuse3": { + "evra": "3.10.4-1.fc34.aarch64" + }, + "fuse3-libs": { + "evra": "3.10.4-1.fc34.aarch64" + }, + "fwupd": { + "evra": "1.5.10-1.fc34.aarch64" + }, + "gawk": { + "evra": "5.1.0-3.fc34.aarch64" + }, + "gdisk": { + "evra": "1.0.8-1.fc34.aarch64" + }, + "gettext": { + "evra": "0.21-4.fc34.aarch64" + }, + "gettext-libs": { + "evra": "0.21-4.fc34.aarch64" + }, + "git-core": { + "evra": "2.31.1-3.fc34.aarch64" + }, + "glib2": { + "evra": "2.68.2-1.fc34.aarch64" + }, + "glibc": { + "evra": "2.33-20.fc34.aarch64" + }, + "glibc-common": { + "evra": "2.33-20.fc34.aarch64" + }, + "glibc-minimal-langpack": { + "evra": "2.33-20.fc34.aarch64" + }, + "gmp": { + "evra": "1:6.2.0-6.fc34.aarch64" + }, + "gnupg2": { + "evra": "2.2.27-4.fc34.aarch64" + }, + "gnutls": { + "evra": "3.7.2-1.fc34.aarch64" + }, + "gpgme": { + "evra": "1.15.1-2.fc34.aarch64" + }, + "grep": { + "evra": "3.6-2.fc34.aarch64" + }, + "grub2-common": { + "evra": "1:2.06-2.fc34.noarch" + }, + "grub2-efi-aa64": { + "evra": "1:2.06-2.fc34.aarch64" + }, + "grub2-tools": { + "evra": "1:2.06-2.fc34.aarch64" + }, + "grub2-tools-minimal": { + "evra": "1:2.06-2.fc34.aarch64" + }, + "gzip": { + "evra": "1.10-4.fc34.aarch64" + }, + "hostname": { + "evra": "3.23-4.fc34.aarch64" + }, + "ignition": { + "evra": "2.11.0-2.fc34.aarch64" + }, + "inih": { + "evra": "49-3.fc34.aarch64" + }, + "iproute": { + "evra": "5.10.0-2.fc34.aarch64" + }, + "iproute-tc": { + "evra": "5.10.0-2.fc34.aarch64" + }, + "iptables": { + "evra": "1.8.7-3.fc34.aarch64" + }, + "iptables-libs": { + "evra": "1.8.7-3.fc34.aarch64" + }, + "iptables-nft": { + "evra": "1.8.7-3.fc34.aarch64" + }, + "iptables-services": { + "evra": "1.8.7-8.fc34.aarch64" + }, + "iputils": { + "evra": "20210202-2.fc34.aarch64" + }, + "irqbalance": { + "evra": "2:1.7.0-5.fc34.aarch64" + }, + "iscsi-initiator-utils": { + "evra": "6.2.1.2-5.gita8fcb37.fc34.aarch64" + }, + "iscsi-initiator-utils-iscsiuio": { + "evra": "6.2.1.2-5.gita8fcb37.fc34.aarch64" + }, + "isns-utils-libs": { + "evra": "0.100-1.fc34.aarch64" + }, + "jansson": { + "evra": "2.13.1-2.fc34.aarch64" + }, + "jose": { + "evra": "11-1.fc34.aarch64" + }, + "jq": { + "evra": "1.6-7.fc34.aarch64" + }, + "json-c": { + "evra": "0.14-8.fc34.aarch64" + }, + "json-glib": { + "evra": "1.6.2-1.fc34.aarch64" + }, + "kbd": { + "evra": "2.4.0-2.fc34.aarch64" + }, + "kbd-misc": { + "evra": "2.4.0-2.fc34.noarch" + }, + "kernel": { + "evra": "5.13.4-200.fc34.aarch64" + }, + "kernel-core": { + "evra": "5.13.4-200.fc34.aarch64" + }, + "kernel-modules": { + "evra": "5.13.4-200.fc34.aarch64" + }, + "kexec-tools": { + "evra": "2.0.21-5.fc34.aarch64" + }, + "keyutils": { + "evra": "1.6.1-2.fc34.aarch64" + }, + "keyutils-libs": { + "evra": "1.6.1-2.fc34.aarch64" + }, + "kmod": { + "evra": "29-2.fc34.aarch64" + }, + "kmod-libs": { + "evra": "29-2.fc34.aarch64" + }, + "kpartx": { + "evra": "0.8.5-4.fc34.aarch64" + }, + "krb5-libs": { + "evra": "1.19.1-14.fc34.aarch64" + }, + "less": { + "evra": "581.2-1.fc34.aarch64" + }, + "libacl": { + "evra": "2.3.1-1.fc34.aarch64" + }, + "libaio": { + "evra": "0.3.111-11.fc34.aarch64" + }, + "libarchive": { + "evra": "3.5.1-2.fc34.aarch64" + }, + "libargon2": { + "evra": "20171227-6.fc34.aarch64" + }, + "libassuan": { + "evra": "2.5.5-1.fc34.aarch64" + }, + "libattr": { + "evra": "2.5.1-1.fc34.aarch64" + }, + "libbasicobjects": { + "evra": "0.1.1-47.fc34.aarch64" + }, + "libblkid": { + "evra": "2.36.2-1.fc34.aarch64" + }, + "libbrotli": { + "evra": "1.0.9-4.fc34.aarch64" + }, + "libbsd": { + "evra": "0.10.0-7.fc34.aarch64" + }, + "libcap": { + "evra": "2.48-2.fc34.aarch64" + }, + "libcap-ng": { + "evra": "0.8.2-4.fc34.aarch64" + }, + "libcbor": { + "evra": "0.7.0-3.fc34.aarch64" + }, + "libcollection": { + "evra": "0.7.0-47.fc34.aarch64" + }, + "libcom_err": { + "evra": "1.45.6-5.fc34.aarch64" + }, + "libcurl": { + "evra": "7.76.1-7.fc34.aarch64" + }, + "libdaemon": { + "evra": "0.14-21.fc34.aarch64" + }, + "libdb": { + "evra": "5.3.28-46.fc34.aarch64" + }, + "libdhash": { + "evra": "0.5.0-47.fc34.aarch64" + }, + "libeconf": { + "evra": "0.4.0-1.fc34.aarch64" + }, + "libedit": { + "evra": "3.1-38.20210714cvs.fc34.aarch64" + }, + "libevent": { + "evra": "2.1.12-3.fc34.aarch64" + }, + "libfdisk": { + "evra": "2.36.2-1.fc34.aarch64" + }, + "libffi": { + "evra": "3.1-28.fc34.aarch64" + }, + "libfido2": { + "evra": "1.6.0-2.fc34.aarch64" + }, + "libgcab1": { + "evra": "1.4-4.fc34.aarch64" + }, + "libgcc": { + "evra": "11.1.1-3.fc34.aarch64" + }, + "libgcrypt": { + "evra": "1.9.3-3.fc34.aarch64" + }, + "libgomp": { + "evra": "11.1.1-3.fc34.aarch64" + }, + "libgpg-error": { + "evra": "1.42-1.fc34.aarch64" + }, + "libgudev": { + "evra": "236-1.fc34.aarch64" + }, + "libgusb": { + "evra": "0.3.7-1.fc34.aarch64" + }, + "libibverbs": { + "evra": "35.0-1.fc34.aarch64" + }, + "libicu": { + "evra": "67.1-6.fc34.aarch64" + }, + "libidn2": { + "evra": "2.3.2-1.fc34.aarch64" + }, + "libini_config": { + "evra": "1.3.1-47.fc34.aarch64" + }, + "libipa_hbac": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "libjcat": { + "evra": "0.1.6-1.fc34.aarch64" + }, + "libjose": { + "evra": "11-1.fc34.aarch64" + }, + "libkcapi": { + "evra": "1.2.1-1.fc34.aarch64" + }, + "libkcapi-hmaccalc": { + "evra": "1.2.1-1.fc34.aarch64" + }, + "libksba": { + "evra": "1.5.0-2.fc34.aarch64" + }, + "libldb": { + "evra": "2.3.0-2.fc34.aarch64" + }, + "libluksmeta": { + "evra": "9-10.fc34.aarch64" + }, + "libmaxminddb": { + "evra": "1.5.2-1.fc34.aarch64" + }, + "libmnl": { + "evra": "1.0.4-13.fc34.aarch64" + }, + "libmodulemd": { + "evra": "2.13.0-1.fc34.aarch64" + }, + "libmount": { + "evra": "2.36.2-1.fc34.aarch64" + }, + "libndp": { + "evra": "1.7-7.fc34.aarch64" + }, + "libnet": { + "evra": "1.2-2.fc34.aarch64" + }, + "libnetfilter_conntrack": { + "evra": "1.0.8-2.fc34.aarch64" + }, + "libnfnetlink": { + "evra": "1.0.1-19.fc34.aarch64" + }, + "libnfsidmap": { + "evra": "1:2.5.4-0.fc34.aarch64" + }, + "libnftnl": { + "evra": "1.1.9-2.fc34.aarch64" + }, + "libnghttp2": { + "evra": "1.43.0-2.fc34.aarch64" + }, + "libnl3": { + "evra": "3.5.0-6.fc34.aarch64" + }, + "libnl3-cli": { + "evra": "3.5.0-6.fc34.aarch64" + }, + "libnsl2": { + "evra": "1.3.0-2.fc34.aarch64" + }, + "libpath_utils": { + "evra": "0.2.1-47.fc34.aarch64" + }, + "libpcap": { + "evra": "14:1.10.1-1.fc34.aarch64" + }, + "libpkgconf": { + "evra": "1.7.3-6.fc34.aarch64" + }, + "libpsl": { + "evra": "0.21.1-3.fc34.aarch64" + }, + "libpwquality": { + "evra": "1.4.4-2.fc34.aarch64" + }, + "libref_array": { + "evra": "0.1.5-47.fc34.aarch64" + }, + "librepo": { + "evra": "1.14.1-1.fc34.aarch64" + }, + "libreport-filesystem": { + "evra": "2.15.2-2.fc34.noarch" + }, + "libseccomp": { + "evra": "2.5.0-4.fc34.aarch64" + }, + "libselinux": { + "evra": "3.2-1.fc34.aarch64" + }, + "libselinux-utils": { + "evra": "3.2-1.fc34.aarch64" + }, + "libsemanage": { + "evra": "3.2-1.fc34.aarch64" + }, + "libsepol": { + "evra": "3.2-1.fc34.aarch64" + }, + "libsigsegv": { + "evra": "2.13-2.fc34.aarch64" + }, + "libslirp": { + "evra": "4.4.0-4.fc34.aarch64" + }, + "libsmartcols": { + "evra": "2.36.2-1.fc34.aarch64" + }, + "libsmbclient": { + "evra": "2:4.14.6-0.fc34.aarch64" + }, + "libsolv": { + "evra": "0.7.17-3.fc34.aarch64" + }, + "libss": { + "evra": "1.45.6-5.fc34.aarch64" + }, + "libssh": { + "evra": "0.9.5-2.fc34.aarch64" + }, + "libssh-config": { + "evra": "0.9.5-2.fc34.noarch" + }, + "libsss_certmap": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "libsss_idmap": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "libsss_nss_idmap": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "libsss_sudo": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "libstdc++": { + "evra": "11.1.1-3.fc34.aarch64" + }, + "libtalloc": { + "evra": "2.3.2-2.fc34.aarch64" + }, + "libtasn1": { + "evra": "4.16.0-4.fc34.aarch64" + }, + "libtdb": { + "evra": "1.4.3-6.fc34.aarch64" + }, + "libteam": { + "evra": "1.31-3.fc34.aarch64" + }, + "libtevent": { + "evra": "0.11.0-0.fc34.aarch64" + }, + "libtextstyle": { + "evra": "0.21-4.fc34.aarch64" + }, + "libtirpc": { + "evra": "1.3.2-0.fc34.aarch64" + }, + "libunistring": { + "evra": "0.9.10-10.fc34.aarch64" + }, + "libusbx": { + "evra": "1.0.24-2.fc34.aarch64" + }, + "libuser": { + "evra": "0.63-4.fc34.aarch64" + }, + "libutempter": { + "evra": "1.2.1-4.fc34.aarch64" + }, + "libuuid": { + "evra": "2.36.2-1.fc34.aarch64" + }, + "libuv": { + "evra": "1:1.41.0-1.fc34.aarch64" + }, + "libvarlink-util": { + "evra": "22-2.fc34.aarch64" + }, + "libverto": { + "evra": "0.3.2-1.fc34.aarch64" + }, + "libwbclient": { + "evra": "2:4.14.6-0.fc34.aarch64" + }, + "libxcrypt": { + "evra": "4.4.23-1.fc34.aarch64" + }, + "libxml2": { + "evra": "2.9.12-4.fc34.aarch64" + }, + "libxmlb": { + "evra": "0.3.2-1.fc34.aarch64" + }, + "libyaml": { + "evra": "0.2.5-5.fc34.aarch64" + }, + "libzstd": { + "evra": "1.5.0-1.fc34.aarch64" + }, + "linux-atm-libs": { + "evra": "2.5.1-28.fc34.aarch64" + }, + "linux-firmware": { + "evra": "20210716-121.fc34.noarch" + }, + "linux-firmware-whence": { + "evra": "20210716-121.fc34.noarch" + }, + "lmdb-libs": { + "evra": "0.9.29-1.fc34.aarch64" + }, + "logrotate": { + "evra": "3.18.0-3.fc34.aarch64" + }, + "lsof": { + "evra": "4.94.0-1.fc34.aarch64" + }, + "lua-libs": { + "evra": "5.4.3-1.fc34.aarch64" + }, + "luksmeta": { + "evra": "9-10.fc34.aarch64" + }, + "lvm2": { + "evra": "2.03.11-1.fc34.aarch64" + }, + "lvm2-libs": { + "evra": "2.03.11-1.fc34.aarch64" + }, + "lz4-libs": { + "evra": "1.9.3-2.fc34.aarch64" + }, + "lzo": { + "evra": "2.10-4.fc34.aarch64" + }, + "mdadm": { + "evra": "4.1-7.fc34.aarch64" + }, + "moby-engine": { + "evra": "20.10.7-1.fc34.aarch64" + }, + "mokutil": { + "evra": "2:0.4.0-4.fc34.aarch64" + }, + "mozjs78": { + "evra": "78.12.0-1.fc34.aarch64" + }, + "mpfr": { + "evra": "4.1.0-7.fc34.aarch64" + }, + "ncurses": { + "evra": "6.2-4.20200222.fc34.aarch64" + }, + "ncurses-base": { + "evra": "6.2-4.20200222.fc34.noarch" + }, + "ncurses-libs": { + "evra": "6.2-4.20200222.fc34.aarch64" + }, + "net-tools": { + "evra": "2.0-0.59.20160912git.fc34.aarch64" + }, + "nettle": { + "evra": "3.7.3-1.fc34.aarch64" + }, + "newt": { + "evra": "0.52.21-9.fc34.aarch64" + }, + "nfs-utils-coreos": { + "evra": "1:2.5.4-0.fc34.aarch64" + }, + "nftables": { + "evra": "1:0.9.8-2.fc34.aarch64" + }, + "npth": { + "evra": "1.6-6.fc34.aarch64" + }, + "nss-altfiles": { + "evra": "2.18.1-18.fc34.aarch64" + }, + "numactl-libs": { + "evra": "2.0.14-3.fc34.aarch64" + }, + "nvme-cli": { + "evra": "1.11.1-3.fc34.aarch64" + }, + "oniguruma": { + "evra": "6.9.7.1-1.fc34.aarch64" + }, + "openldap": { + "evra": "2.4.57-5.fc34.aarch64" + }, + "openssh": { + "evra": "8.6p1-3.fc34.aarch64" + }, + "openssh-clients": { + "evra": "8.6p1-3.fc34.aarch64" + }, + "openssh-server": { + "evra": "8.6p1-3.fc34.aarch64" + }, + "openssl": { + "evra": "1:1.1.1k-1.fc34.aarch64" + }, + "openssl-libs": { + "evra": "1:1.1.1k-1.fc34.aarch64" + }, + "os-prober": { + "evra": "1.77-7.fc34.aarch64" + }, + "ostree": { + "evra": "2021.3-1.fc34.aarch64" + }, + "ostree-libs": { + "evra": "2021.3-1.fc34.aarch64" + }, + "p11-kit": { + "evra": "0.23.22-3.fc34.aarch64" + }, + "p11-kit-trust": { + "evra": "0.23.22-3.fc34.aarch64" + }, + "pam": { + "evra": "1.5.1-6.fc34.aarch64" + }, + "passwd": { + "evra": "0.80-10.fc34.aarch64" + }, + "pcre": { + "evra": "8.44-3.fc34.1.aarch64" + }, + "pcre2": { + "evra": "10.36-4.fc34.aarch64" + }, + "pcre2-syntax": { + "evra": "10.36-4.fc34.noarch" + }, + "pigz": { + "evra": "2.5-1.fc34.aarch64" + }, + "pkgconf": { + "evra": "1.7.3-6.fc34.aarch64" + }, + "pkgconf-m4": { + "evra": "1.7.3-6.fc34.noarch" + }, + "pkgconf-pkg-config": { + "evra": "1.7.3-6.fc34.aarch64" + }, + "podman": { + "evra": "3:3.2.3-1.fc34.aarch64" + }, + "podman-plugins": { + "evra": "3:3.2.3-1.fc34.aarch64" + }, + "policycoreutils": { + "evra": "3.2-1.fc34.aarch64" + }, + "polkit": { + "evra": "0.117-3.fc34.1.aarch64" + }, + "polkit-libs": { + "evra": "0.117-3.fc34.1.aarch64" + }, + "polkit-pkla-compat": { + "evra": "0.1-19.fc34.aarch64" + }, + "popt": { + "evra": "1.18-4.fc34.aarch64" + }, + "procps-ng": { + "evra": "3.3.17-1.fc34.1.aarch64" + }, + "protobuf-c": { + "evra": "1.3.3-7.fc34.aarch64" + }, + "psmisc": { + "evra": "23.4-1.fc34.aarch64" + }, + "publicsuffix-list-dafsa": { + "evra": "20190417-5.fc34.noarch" + }, + "readline": { + "evra": "8.1-2.fc34.aarch64" + }, + "rpcbind": { + "evra": "1.2.6-0.fc34.aarch64" + }, + "rpm": { + "evra": "4.16.1.3-1.fc34.aarch64" + }, + "rpm-libs": { + "evra": "4.16.1.3-1.fc34.aarch64" + }, + "rpm-ostree": { + "evra": "2021.6-2.fc34.aarch64" + }, + "rpm-ostree-libs": { + "evra": "2021.6-2.fc34.aarch64" + }, + "rpm-plugin-selinux": { + "evra": "4.16.1.3-1.fc34.aarch64" + }, + "rsync": { + "evra": "3.2.3-5.fc34.aarch64" + }, + "runc": { + "evra": "2:1.0.0-378.rc95.fc34.aarch64" + }, + "samba-client-libs": { + "evra": "2:4.14.6-0.fc34.aarch64" + }, + "samba-common": { + "evra": "2:4.14.6-0.fc34.noarch" + }, + "samba-common-libs": { + "evra": "2:4.14.6-0.fc34.aarch64" + }, + "sed": { + "evra": "4.8-7.fc34.aarch64" + }, + "selinux-policy": { + "evra": "34.14-1.fc34.noarch" + }, + "selinux-policy-targeted": { + "evra": "34.14-1.fc34.noarch" + }, + "setup": { + "evra": "2.13.7-3.fc34.noarch" + }, + "sg3_utils": { + "evra": "1.45-4.fc34.aarch64" + }, + "sg3_utils-libs": { + "evra": "1.45-4.fc34.aarch64" + }, + "shadow-utils": { + "evra": "2:4.8.1-8.fc34.aarch64" + }, + "shared-mime-info": { + "evra": "2.1-2.fc34.aarch64" + }, + "shim-aa64": { + "evra": "15.4-4.aarch64" + }, + "skopeo": { + "evra": "1:1.3.1-1.fc34.aarch64" + }, + "slang": { + "evra": "2.3.2-9.fc34.aarch64" + }, + "slirp4netns": { + "evra": "1.1.9-1.fc34.aarch64" + }, + "snappy": { + "evra": "1.1.8-5.fc34.aarch64" + }, + "socat": { + "evra": "1.7.4.1-2.fc34.aarch64" + }, + "sqlite-libs": { + "evra": "3.34.1-2.fc34.aarch64" + }, + "ssh-key-dir": { + "evra": "0.1.2-7.fc34.aarch64" + }, + "sssd-ad": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "sssd-client": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "sssd-common": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "sssd-common-pac": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "sssd-ipa": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "sssd-krb5": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "sssd-krb5-common": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "sssd-ldap": { + "evra": "2.5.2-1.fc34.aarch64" + }, + "stalld": { + "evra": "1.10-1.fc34.aarch64" + }, + "sudo": { + "evra": "1.9.5p2-1.fc34.aarch64" + }, + "systemd": { + "evra": "248.6-1.fc34.aarch64" + }, + "systemd-container": { + "evra": "248.6-1.fc34.aarch64" + }, + "systemd-libs": { + "evra": "248.6-1.fc34.aarch64" + }, + "systemd-pam": { + "evra": "248.6-1.fc34.aarch64" + }, + "systemd-rpm-macros": { + "evra": "248.6-1.fc34.noarch" + }, + "systemd-udev": { + "evra": "248.6-1.fc34.aarch64" + }, + "tar": { + "evra": "2:1.34-1.fc34.aarch64" + }, + "teamd": { + "evra": "1.31-3.fc34.aarch64" + }, + "toolbox": { + "evra": "0.0.99.2-1.fc34.aarch64" + }, + "tpm2-tools": { + "evra": "5.1.1-1.fc34.aarch64" + }, + "tpm2-tss": { + "evra": "3.1.0-1.fc34.aarch64" + }, + "tzdata": { + "evra": "2021a-1.fc34.noarch" + }, + "userspace-rcu": { + "evra": "0.12.1-3.fc34.aarch64" + }, + "util-linux": { + "evra": "2.36.2-1.fc34.aarch64" + }, + "vim-minimal": { + "evra": "2:8.2.3182-1.fc34.aarch64" + }, + "which": { + "evra": "2.21-26.fc34.aarch64" + }, + "wireguard-tools": { + "evra": "1.0.20210424-1.fc34.aarch64" + }, + "xfsprogs": { + "evra": "5.10.0-2.fc34.aarch64" + }, + "xz": { + "evra": "5.2.5-5.fc34.aarch64" + }, + "xz-libs": { + "evra": "5.2.5-5.fc34.aarch64" + }, + "yajl": { + "evra": "2.1.0-16.fc34.aarch64" + }, + "zchunk-libs": { + "evra": "1.1.15-1.fc34.aarch64" + }, + "zincati": { + "evra": "0.0.22-1.fc34.aarch64" + }, + "zlib": { + "evra": "1.2.11-26.fc34.aarch64" + }, + "zram-generator": { + "evra": "0.3.2-4.fc34.aarch64" + } + }, + "metadata": { + "generated": "2021-07-26T18:06:13Z", + "rpmmd_repos": { + "fedora": { + "generated": "2021-04-23T10:47:46Z" + }, + "fedora-coreos-pool": { + "generated": "2021-07-25T21:27:48Z" + }, + "fedora-updates": { + "generated": "2021-07-26T00:33:18Z" + } + } + } +} From 1d8cebb0991c174d5607b7e99a5522bc488562f5 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 27 Jul 2021 20:55:05 +0000 Subject: [PATCH 387/489] lockfiles: bump timestamp Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/385/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.x86_64.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 02e703e702..89abb486d0 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-07-25T20:53:07Z", + "generated": "2021-07-27T20:54:54Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-24T21:29:55Z" + "generated": "2021-07-25T21:27:52Z" }, "fedora-updates": { - "generated": "2021-07-25T00:55:23Z" + "generated": "2021-07-27T00:56:37Z" } } } From d00f177ab36f0f561b0fd522aa7d61b3729172d3 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 28 Jul 2021 06:18:40 +0000 Subject: [PATCH 388/489] =?UTF-8?q?lockfiles:=20drop=20graduated=20overrid?= =?UTF-8?q?es=20=F0=9F=8E=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Triggered by remove-graduated-overrides GitHub Action. --- manifest-lock.overrides.yaml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 3b61f4656e..62cfbe5a1d 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -8,10 +8,4 @@ # in the `metadata.reason` key, though it's acceptable to omit a `reason` # for FCOS-specific packages (ignition, afterburn, etc.). -packages: - container-selinux: - evra: 2:2.164.1-1.git563ba3f.fc34.noarch - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-463a2721ec - reason: https://github.com/coreos/fedora-coreos-tracker/issues/881 - type: fast-track +packages: {} From b687264542731df175f50d45d40302b60d94bf68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 27 Jul 2021 16:21:29 +0200 Subject: [PATCH 389/489] 15fcos: Order coreos-check-ssh-keys before systemd-user-sessions Run before user sessions to avoid reloading agetty. See also: https://github.com/coreos/fedora-coreos-config/commit/386b6fedfdee105e35b75381e48cc46c28806fad --- .../usr/lib/systemd/system/coreos-check-ssh-keys.service | 2 ++ overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys | 4 ---- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service index c11047bc9b..858e7ed693 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service +++ b/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service @@ -12,6 +12,8 @@ After=afterburn-sshkeys.target # get misleading messages. Also handles the case where the journal # gets rotated and no longer has the structured log messages. ConditionKernelCommandLine=ignition.firstboot +# Run before user sessions to avoid reloading agetty +Before=systemd-user-sessions.service [Service] Type=oneshot diff --git a/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys b/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys index 1cc4fba975..7a7bc35079 100755 --- a/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys +++ b/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys @@ -41,10 +41,6 @@ main() { echo -e "${warn}No SSH authorized keys provided by Ignition or Afterburn${nc}" \ > /etc/issue.d/30_ssh_authorized_keys.issue fi - - # Ask all running agetty instances to reload and update their - # displayed prompts in case this script was run before agetty. - /usr/sbin/agetty --reload } main From e7b9b92628f3577f10c89546ceebe4dcd0ae7c62 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 28 Jul 2021 21:49:21 +0000 Subject: [PATCH 390/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/388/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 12 ++++++------ manifest-lock.x86_64.json | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index cc16d7602b..94e22dc071 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -16,7 +16,7 @@ "evra": "1:1.30.6-1.fc34.aarch64" }, "WALinuxAgent-udev": { - "evra": "2.3.0.2-1.fc34.noarch" + "evra": "2.3.1.1-1.fc34.noarch" }, "acl": { "evra": "2.3.1-1.fc34.aarch64" @@ -1000,10 +1000,10 @@ "evra": "4.16.1.3-1.fc34.aarch64" }, "rpm-ostree": { - "evra": "2021.6-2.fc34.aarch64" + "evra": "2021.7-1.fc34.aarch64" }, "rpm-ostree-libs": { - "evra": "2021.6-2.fc34.aarch64" + "evra": "2021.7-1.fc34.aarch64" }, "rpm-plugin-selinux": { "evra": "4.16.1.3-1.fc34.aarch64" @@ -1012,7 +1012,7 @@ "evra": "3.2.3-5.fc34.aarch64" }, "runc": { - "evra": "2:1.0.0-378.rc95.fc34.aarch64" + "evra": "2:1.0.1-1.fc34.aarch64" }, "samba-client-libs": { "evra": "2:4.14.6-0.fc34.aarch64" @@ -1178,7 +1178,7 @@ } }, "metadata": { - "generated": "2021-07-26T18:06:13Z", + "generated": "2021-07-28T20:51:45Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" @@ -1187,7 +1187,7 @@ "generated": "2021-07-25T21:27:48Z" }, "fedora-updates": { - "generated": "2021-07-26T00:33:18Z" + "generated": "2021-07-28T01:11:46Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 89abb486d0..83dfb4693a 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -16,7 +16,7 @@ "evra": "1:1.30.6-1.fc34.x86_64" }, "WALinuxAgent-udev": { - "evra": "2.3.0.2-1.fc34.noarch" + "evra": "2.3.1.1-1.fc34.noarch" }, "acl": { "evra": "2.3.1-1.fc34.x86_64" @@ -1012,10 +1012,10 @@ "evra": "4.16.1.3-1.fc34.x86_64" }, "rpm-ostree": { - "evra": "2021.6-2.fc34.x86_64" + "evra": "2021.7-1.fc34.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.6-2.fc34.x86_64" + "evra": "2021.7-1.fc34.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.3-1.fc34.x86_64" @@ -1024,7 +1024,7 @@ "evra": "3.2.3-5.fc34.x86_64" }, "runc": { - "evra": "2:1.0.0-378.rc95.fc34.x86_64" + "evra": "2:1.0.1-1.fc34.x86_64" }, "samba-client-libs": { "evra": "2:4.14.6-0.fc34.x86_64" @@ -1190,7 +1190,7 @@ } }, "metadata": { - "generated": "2021-07-27T20:54:54Z", + "generated": "2021-07-28T20:52:16Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1199,7 +1199,7 @@ "generated": "2021-07-25T21:27:52Z" }, "fedora-updates": { - "generated": "2021-07-27T00:56:37Z" + "generated": "2021-07-28T01:12:07Z" } } } From bc8814cf5c7f5d4d888f544e17f6eaf612ff4043 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 28 Jul 2021 17:58:59 -0400 Subject: [PATCH 391/489] workflows: limit permissions to reading repo contents --- .github/workflows/remove-graduated-overrides.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/remove-graduated-overrides.yml b/.github/workflows/remove-graduated-overrides.yml index 6472cb335c..01db0b7f6b 100644 --- a/.github/workflows/remove-graduated-overrides.yml +++ b/.github/workflows/remove-graduated-overrides.yml @@ -4,6 +4,9 @@ on: schedule: - cron: '0 */6 * * *' +permissions: + contents: read + jobs: remove-graduated-overrides: name: Remove graduated overrides From 14d9684f1f8ffa577edb1739b7ceee1ccf1436a4 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 28 Jul 2021 17:01:33 -0400 Subject: [PATCH 392/489] denylist: snooze podman.network-single on openstack See https://github.com/coreos/fedora-coreos-tracker/issues/901 The problem comes and goes in the vexxhost environment. Let's wait a month and see if it's better then. --- kola-denylist.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kola-denylist.yaml b/kola-denylist.yaml index cf3a3d8c88..05d61c6722 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -5,3 +5,8 @@ tracker: https://github.com/coreos/coreos-assembler/pull/1478 - pattern: podman.workflow tracker: https://github.com/coreos/coreos-assembler/pull/1478 +- pattern: podman.network-single + tracker: https://github.com/coreos/fedora-coreos-tracker/issues/901 + snooze: 2021-09-01 + platforms: + - openstack From 8efd4a44e129307a85b16fd4c5c5a36a18ca107a Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 30 Jul 2021 15:26:22 +0000 Subject: [PATCH 393/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/392/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 20 ++++++++++---------- manifest-lock.x86_64.json | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 94e22dc071..6143d59648 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -190,7 +190,7 @@ "evra": "1:1.12.20-3.fc34.aarch64" }, "dbus-broker": { - "evra": "29-1.fc34.aarch64" + "evra": "29-2.fc34.aarch64" }, "dbus-common": { "evra": "1:1.12.20-3.fc34.noarch" @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.4-200.fc34.aarch64" + "evra": "5.13.5-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.4-200.fc34.aarch64" + "evra": "5.13.5-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.4-200.fc34.aarch64" + "evra": "5.13.5-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -586,7 +586,7 @@ "evra": "0.3.7-1.fc34.aarch64" }, "libibverbs": { - "evra": "35.0-1.fc34.aarch64" + "evra": "36.0-1.fc34.aarch64" }, "libicu": { "evra": "67.1-6.fc34.aarch64" @@ -1096,7 +1096,7 @@ "evra": "2.5.2-1.fc34.aarch64" }, "stalld": { - "evra": "1.10-1.fc34.aarch64" + "evra": "1.14.1-1.fc34.aarch64" }, "sudo": { "evra": "1.9.5p2-1.fc34.aarch64" @@ -1144,7 +1144,7 @@ "evra": "2.36.2-1.fc34.aarch64" }, "vim-minimal": { - "evra": "2:8.2.3182-1.fc34.aarch64" + "evra": "2:8.2.3223-1.fc34.aarch64" }, "which": { "evra": "2.21-26.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-07-28T20:51:45Z", + "generated": "2021-07-30T14:54:33Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-07-25T21:27:48Z" + "generated": "2021-07-28T21:57:05Z" }, "fedora-updates": { - "generated": "2021-07-28T01:11:46Z" + "generated": "2021-07-30T00:53:18Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 83dfb4693a..f2b80fd7e1 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -190,7 +190,7 @@ "evra": "1:1.12.20-3.fc34.x86_64" }, "dbus-broker": { - "evra": "29-1.fc34.x86_64" + "evra": "29-2.fc34.x86_64" }, "dbus-common": { "evra": "1:1.12.20-3.fc34.noarch" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.4-200.fc34.x86_64" + "evra": "5.13.5-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.4-200.fc34.x86_64" + "evra": "5.13.5-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.4-200.fc34.x86_64" + "evra": "5.13.5-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -592,7 +592,7 @@ "evra": "0.3.7-1.fc34.x86_64" }, "libibverbs": { - "evra": "35.0-1.fc34.x86_64" + "evra": "36.0-1.fc34.x86_64" }, "libicu": { "evra": "67.1-6.fc34.x86_64" @@ -1108,7 +1108,7 @@ "evra": "2.5.2-1.fc34.x86_64" }, "stalld": { - "evra": "1.10-1.fc34.x86_64" + "evra": "1.14.1-1.fc34.x86_64" }, "sudo": { "evra": "1.9.5p2-1.fc34.x86_64" @@ -1156,7 +1156,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3182-1.fc34.x86_64" + "evra": "2:8.2.3223-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-07-28T20:52:16Z", + "generated": "2021-07-30T14:54:18Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-25T21:27:52Z" + "generated": "2021-07-28T21:58:36Z" }, "fedora-updates": { - "generated": "2021-07-28T01:12:07Z" + "generated": "2021-07-30T00:53:40Z" } } } From 48c6e61a53d28c92bc38e1d2b58afe6f95133bc4 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 31 Jul 2021 21:22:49 +0000 Subject: [PATCH 394/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/394/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 12 ++++++------ manifest-lock.x86_64.json | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 6143d59648..a4d03f2cf8 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -568,13 +568,13 @@ "evra": "1.4-4.fc34.aarch64" }, "libgcc": { - "evra": "11.1.1-3.fc34.aarch64" + "evra": "11.2.1-1.fc34.aarch64" }, "libgcrypt": { "evra": "1.9.3-3.fc34.aarch64" }, "libgomp": { - "evra": "11.1.1-3.fc34.aarch64" + "evra": "11.2.1-1.fc34.aarch64" }, "libgpg-error": { "evra": "1.42-1.fc34.aarch64" @@ -739,7 +739,7 @@ "evra": "2.5.2-1.fc34.aarch64" }, "libstdc++": { - "evra": "11.1.1-3.fc34.aarch64" + "evra": "11.2.1-1.fc34.aarch64" }, "libtalloc": { "evra": "2.3.2-2.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-07-30T14:54:33Z", + "generated": "2021-07-31T20:53:40Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-07-28T21:57:05Z" + "generated": "2021-07-30T16:04:37Z" }, "fedora-updates": { - "generated": "2021-07-30T00:53:18Z" + "generated": "2021-07-31T01:31:31Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index f2b80fd7e1..b39c814de7 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -574,13 +574,13 @@ "evra": "1.4-4.fc34.x86_64" }, "libgcc": { - "evra": "11.1.1-3.fc34.x86_64" + "evra": "11.2.1-1.fc34.x86_64" }, "libgcrypt": { "evra": "1.9.3-3.fc34.x86_64" }, "libgomp": { - "evra": "11.1.1-3.fc34.x86_64" + "evra": "11.2.1-1.fc34.x86_64" }, "libgpg-error": { "evra": "1.42-1.fc34.x86_64" @@ -748,7 +748,7 @@ "evra": "2.5.2-1.fc34.x86_64" }, "libstdc++": { - "evra": "11.1.1-3.fc34.x86_64" + "evra": "11.2.1-1.fc34.x86_64" }, "libtalloc": { "evra": "2.3.2-2.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-07-30T14:54:18Z", + "generated": "2021-07-31T20:53:25Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-28T21:58:36Z" + "generated": "2021-07-30T16:08:46Z" }, "fedora-updates": { - "generated": "2021-07-30T00:53:40Z" + "generated": "2021-07-31T01:31:57Z" } } } From e69021a50d5fa71308f0342cc8f3ccba4144deff Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 2 Aug 2021 21:38:00 +0000 Subject: [PATCH 395/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/396/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 14 +++++++------- manifest-lock.x86_64.json | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index a4d03f2cf8..af26d1b98b 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -67,7 +67,7 @@ "evra": "3.5.1-2.fc34.aarch64" }, "btrfs-progs": { - "evra": "5.13-1.fc34.aarch64" + "evra": "5.13.1-1.fc34.aarch64" }, "bubblewrap": { "evra": "0.4.1-3.fc34.aarch64" @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.5-200.fc34.aarch64" + "evra": "5.13.6-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.5-200.fc34.aarch64" + "evra": "5.13.6-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.5-200.fc34.aarch64" + "evra": "5.13.6-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-07-31T20:53:40Z", + "generated": "2021-08-02T20:56:42Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-07-30T16:04:37Z" + "generated": "2021-07-31T21:34:02Z" }, "fedora-updates": { - "generated": "2021-07-31T01:31:31Z" + "generated": "2021-08-02T00:55:13Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index b39c814de7..0ef3fa0655 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -67,7 +67,7 @@ "evra": "3.5.1-2.fc34.x86_64" }, "btrfs-progs": { - "evra": "5.13-1.fc34.x86_64" + "evra": "5.13.1-1.fc34.x86_64" }, "bubblewrap": { "evra": "0.4.1-3.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.5-200.fc34.x86_64" + "evra": "5.13.6-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.5-200.fc34.x86_64" + "evra": "5.13.6-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.5-200.fc34.x86_64" + "evra": "5.13.6-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-07-31T20:53:25Z", + "generated": "2021-08-02T20:56:28Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-30T16:08:46Z" + "generated": "2021-07-31T21:35:46Z" }, "fedora-updates": { - "generated": "2021-07-31T01:31:57Z" + "generated": "2021-08-02T00:55:35Z" } } } From 6740a0d07e4ac7ee4f2455a05d5b059b635391ef Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 4 Aug 2021 21:40:28 +0000 Subject: [PATCH 396/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/398/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 12 ++++++------ manifest-lock.x86_64.json | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index af26d1b98b..1673cad333 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -955,10 +955,10 @@ "evra": "1.7.3-6.fc34.aarch64" }, "podman": { - "evra": "3:3.2.3-1.fc34.aarch64" + "evra": "3:3.2.3-2.fc34.aarch64" }, "podman-plugins": { - "evra": "3:3.2.3-1.fc34.aarch64" + "evra": "3:3.2.3-2.fc34.aarch64" }, "policycoreutils": { "evra": "3.2-1.fc34.aarch64" @@ -1144,7 +1144,7 @@ "evra": "2.36.2-1.fc34.aarch64" }, "vim-minimal": { - "evra": "2:8.2.3223-1.fc34.aarch64" + "evra": "2:8.2.3273-1.fc34.aarch64" }, "which": { "evra": "2.21-26.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-02T20:56:42Z", + "generated": "2021-08-04T21:01:19Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-07-31T21:34:02Z" + "generated": "2021-08-02T21:45:52Z" }, "fedora-updates": { - "generated": "2021-08-02T00:55:13Z" + "generated": "2021-08-04T03:30:44Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 0ef3fa0655..28f532766d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -967,10 +967,10 @@ "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "3:3.2.3-1.fc34.x86_64" + "evra": "3:3.2.3-2.fc34.x86_64" }, "podman-plugins": { - "evra": "3:3.2.3-1.fc34.x86_64" + "evra": "3:3.2.3-2.fc34.x86_64" }, "policycoreutils": { "evra": "3.2-1.fc34.x86_64" @@ -1156,7 +1156,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3223-1.fc34.x86_64" + "evra": "2:8.2.3273-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-02T20:56:28Z", + "generated": "2021-08-04T21:01:26Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-07-31T21:35:46Z" + "generated": "2021-08-02T21:48:02Z" }, "fedora-updates": { - "generated": "2021-08-02T00:55:35Z" + "generated": "2021-08-04T03:31:20Z" } } } From b916cea4473ea30520712cbdd63874e824401f8c Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Fri, 6 Aug 2021 11:28:18 -0400 Subject: [PATCH 397/489] lockfiles: fast-track Ignition v2.12.0 --- manifest-lock.overrides.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 62cfbe5a1d..2a6acc05ac 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -8,4 +8,10 @@ # in the `metadata.reason` key, though it's acceptable to omit a `reason` # for FCOS-specific packages (ignition, afterburn, etc.). -packages: {} +packages: + ignition: + evr: 2.12.0-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-429119296e + reason: https://github.com/coreos/ignition/issues/1255 + type: fast-track From 7760720eda5c706d6e47ad3bd15f69d682cae456 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 21 Jul 2021 02:36:52 -0400 Subject: [PATCH 398/489] overlay: use Ignition result.json As of https://github.com/coreos/ignition/pull/1250, Ignition produces its own report similar to ignition.info.json, so use that instead of making our own. --- .../coreos-liveiso-autologin-generator | 4 +-- .../coreos-ignition-firstboot-complete | 30 ------------------- .../coreos-check-ignition-config.service | 7 ++--- .../usr/libexec/coreos-check-ignition-config | 18 ++++------- 4 files changed, 8 insertions(+), 51 deletions(-) diff --git a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator index c49139b315..7fe8a66332 100755 --- a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator +++ b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator @@ -85,9 +85,7 @@ fi # If the user supplied an Ignition config, they have the ability to enable # autologin themselves. Don't automatically render them insecure, since # they might be running in production and booting via e.g. IPMI. -# See https://github.com/coreos/ignition/pull/958 for the MESSAGE_ID source. -ign_usercfg_msg=$(journalctl -q MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb IGNITION_CONFIG_TYPE=user) -if [ -n "${ign_usercfg_msg}" ]; then +if jq -e .userConfigProvided /var/lib/ignition/result.json &>/dev/null; then exit 0 fi diff --git a/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete b/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete index 97baea619d..3973d11e04 100755 --- a/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete +++ b/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete @@ -1,14 +1,6 @@ #!/bin/bash set -euo pipefail -# We put this in /run and it's then moved by -# coreos-check-ignition-config.service into /var/lib/coreos. The reason is that -# I don't want to use RequiresMountsFor=/var/lib on this service to keep it less -# fallible. Once we move this service to the initramfs, then we can directly -# write there since /var mounts are in place and we can safely trigger -# emergency.target if we fail. -IGNITION_INFO=/run/ignition.info.json - mount -o remount,rw /boot if [[ $(uname -m) = s390x ]]; then @@ -24,25 +16,3 @@ rm -rf /boot/ignition # this file. Fail if we are unable to remove it, rather than risking rerunning # Ignition at next boot. rm /boot/ignition.firstboot - -# See https://github.com/coreos/ignition/pull/958 for the MESSAGE_ID source. -nusercfgs=$(journalctl -o json-pretty MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb \ - | jq -s '.[] | select(.IGNITION_CONFIG_TYPE == "user")'| wc -l) -if [ "${nusercfgs}" -gt 0 ]; then - usercfg=true -else - usercfg=false -fi - -mkdir -p "$(dirname "${IGNITION_INFO}")" - -# This is hardly sooper seekret stuff, but let's be conservative in light of -# https://github.com/coreos/fedora-coreos-tracker/issues/889. -touch "${IGNITION_INFO}" -chmod 600 "${IGNITION_INFO}" -cat >> "${IGNITION_INFO}" < /run/issue.d/30_coreos_ignition_provisioning.issue else @@ -29,7 +21,7 @@ else > /run/issue.d/30_coreos_ignition_provisioning.issue fi -if jq -e .usercfg "${IGNITION_INFO}" &>/dev/null; then +if jq -e .userConfigProvided "${IGNITION_RESULT}" &>/dev/null; then echo "Ignition: user-provided config was applied" \ >> /run/issue.d/30_coreos_ignition_provisioning.issue else From 7926b9c9ccb94017e3e59a62c9beb62683ffc516 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 6 Aug 2021 12:33:25 -0400 Subject: [PATCH 399/489] overrides: fast-track coreos-installer-0.10.0-1.fc34 --- manifest-lock.overrides.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 2a6acc05ac..dbaeee55be 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -9,6 +9,16 @@ # for FCOS-specific packages (ignition, afterburn, etc.). packages: + coreos-installer: + evr: 0.10.0-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-23c125b007 + type: fast-track + coreos-installer-bootinfra: + evr: 0.10.0-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-23c125b007 + type: fast-track ignition: evr: 2.12.0-1.fc34 metadata: From 52b80c7186ea098590987e00fd3932f388a2401c Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 6 Aug 2021 14:10:32 -0400 Subject: [PATCH 400/489] image-base: drop useless `sysroot-readonly: true` It's not read by coreos-assembler, which has been turning on read-only `/sysroot` unconditionally for a while now: https://github.com/coreos/coreos-assembler/pull/736 --- image-base.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/image-base.yaml b/image-base.yaml index 3d9e1d5d1b..c69c6cf9bf 100644 --- a/image-base.yaml +++ b/image-base.yaml @@ -17,10 +17,6 @@ ignition-network-kcmdline: [] # Optional remote by which to prefix the deployed OSTree ref ostree-remote: fedora -# We want read-only /sysroot to protect from unintentional damage. -# https://github.com/ostreedev/ostree/issues/1265 -sysroot-readonly: true - # opt in to using the `metadata_csum_seed` feature of the ext4 filesystem # for the /boot filesystem. Support for this was only recently added to grub # and isn't available everywhere yet so we'll gate it behind this image.yaml From d4297952573d331855710f2b2a27e276b183159b Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Mon, 2 Aug 2021 16:18:00 -0400 Subject: [PATCH 401/489] 15fcos: print warning If Ignition is run more than once This change adds a warning on the serial console if Ignition is run more than once. This is related to https://github.com/coreos/ignition/issues/1214 --- .../15fcos/usr/libexec/coreos-check-ignition-config | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config b/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config index bae66d1206..8992128cb9 100755 --- a/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config +++ b/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config @@ -14,6 +14,19 @@ ignitionBoot=$(jq -r .provisioningBootID "${IGNITION_RESULT}") if [ $(cat /proc/sys/kernel/random/boot_id) = "${ignitionBoot}" ]; then echo "Ignition: ran on ${d} (this boot)" \ > /run/issue.d/30_coreos_ignition_provisioning.issue + + # checking for /run/ostree-live as the live system with persistent storage can run Ignition more than once + if ! test -f /run/ostree-live && jq -e .previousReport.provisioningDate "${IGNITION_RESULT}" &>/dev/null; then + prevdate=$(date --date "$(jq -r .previousReport.provisioningDate "${IGNITION_RESULT}")" +"%Y/%m/%d %H:%M:%S %Z") + cat << EOF > /etc/issue.d/30_coreos_ignition_run_more_than_once.issue +${WARN} +############################################################################ +WARNING: Ignition previously ran on ${prevdate}. Unexpected +behavior may occur. Ignition is not designed to run more than once per system. +############################################################################ +${RESET} +EOF + fi else nreboots=$(($(journalctl --list-boots | wc -l) - 1)) [ "${nreboots}" -eq 1 ] && boot="boot" || boot="boots" From 2b71a5b10b44a16764981eb0c0b3c6462746f54f Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 7 Aug 2021 21:22:55 +0000 Subject: [PATCH 402/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/401/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 28 ++++++++++++++-------------- manifest-lock.x86_64.json | 28 ++++++++++++++-------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 1673cad333..de9c196397 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -40,7 +40,7 @@ "evra": "3.0.3-1.fc34.aarch64" }, "avahi-libs": { - "evra": "0.8-9.fc34.aarch64" + "evra": "0.8-14.fc34.aarch64" }, "basesystem": { "evra": "11-11.fc34.noarch" @@ -139,10 +139,10 @@ "evra": "4:1-21.fc34.noarch" }, "coreos-installer": { - "evra": "0.9.1-2.fc34.aarch64" + "evra": "0.10.0-1.fc34.aarch64" }, "coreos-installer-bootinfra": { - "evra": "0.9.1-2.fc34.aarch64" + "evra": "0.10.0-1.fc34.aarch64" }, "coreutils": { "evra": "8.32-30.fc34.aarch64" @@ -322,7 +322,7 @@ "evra": "2.9.9-11.fc34.aarch64" }, "fuse-overlayfs": { - "evra": "1.5.0-1.fc34.aarch64" + "evra": "1.7.0-1.fc34.aarch64" }, "fuse-sshfs": { "evra": "3.7.2-1.fc34.aarch64" @@ -334,7 +334,7 @@ "evra": "3.10.4-1.fc34.aarch64" }, "fwupd": { - "evra": "1.5.10-1.fc34.aarch64" + "evra": "1.5.12-1.fc34.aarch64" }, "gawk": { "evra": "5.1.0-3.fc34.aarch64" @@ -352,7 +352,7 @@ "evra": "2.31.1-3.fc34.aarch64" }, "glib2": { - "evra": "2.68.2-1.fc34.aarch64" + "evra": "2.68.3-1.fc34.aarch64" }, "glibc": { "evra": "2.33-20.fc34.aarch64" @@ -397,7 +397,7 @@ "evra": "3.23-4.fc34.aarch64" }, "ignition": { - "evra": "2.11.0-2.fc34.aarch64" + "evra": "2.12.0-1.fc34.aarch64" }, "inih": { "evra": "49-3.fc34.aarch64" @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.6-200.fc34.aarch64" + "evra": "5.13.7-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.6-200.fc34.aarch64" + "evra": "5.13.7-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.6-200.fc34.aarch64" + "evra": "5.13.7-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -790,7 +790,7 @@ "evra": "2:4.14.6-0.fc34.aarch64" }, "libxcrypt": { - "evra": "4.4.23-1.fc34.aarch64" + "evra": "4.4.24-1.fc34.aarch64" }, "libxml2": { "evra": "2.9.12-4.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-04T21:01:19Z", + "generated": "2021-08-07T20:54:39Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-02T21:45:52Z" + "generated": "2021-08-06T17:52:16Z" }, "fedora-updates": { - "generated": "2021-08-04T03:30:44Z" + "generated": "2021-08-07T00:56:03Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 28f532766d..0419ffede6 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -40,7 +40,7 @@ "evra": "3.0.3-1.fc34.x86_64" }, "avahi-libs": { - "evra": "0.8-9.fc34.x86_64" + "evra": "0.8-14.fc34.x86_64" }, "basesystem": { "evra": "11-11.fc34.noarch" @@ -139,10 +139,10 @@ "evra": "4:1-21.fc34.noarch" }, "coreos-installer": { - "evra": "0.9.1-2.fc34.x86_64" + "evra": "0.10.0-1.fc34.x86_64" }, "coreos-installer-bootinfra": { - "evra": "0.9.1-2.fc34.x86_64" + "evra": "0.10.0-1.fc34.x86_64" }, "coreutils": { "evra": "8.32-30.fc34.x86_64" @@ -322,7 +322,7 @@ "evra": "2.9.9-11.fc34.x86_64" }, "fuse-overlayfs": { - "evra": "1.5.0-1.fc34.x86_64" + "evra": "1.7.0-1.fc34.x86_64" }, "fuse-sshfs": { "evra": "3.7.2-1.fc34.x86_64" @@ -334,7 +334,7 @@ "evra": "3.10.4-1.fc34.x86_64" }, "fwupd": { - "evra": "1.5.10-1.fc34.x86_64" + "evra": "1.5.12-1.fc34.x86_64" }, "gawk": { "evra": "5.1.0-3.fc34.x86_64" @@ -352,7 +352,7 @@ "evra": "2.31.1-3.fc34.x86_64" }, "glib2": { - "evra": "2.68.2-1.fc34.x86_64" + "evra": "2.68.3-1.fc34.x86_64" }, "glibc": { "evra": "2.33-20.fc34.x86_64" @@ -403,7 +403,7 @@ "evra": "3.23-4.fc34.x86_64" }, "ignition": { - "evra": "2.11.0-2.fc34.x86_64" + "evra": "2.12.0-1.fc34.x86_64" }, "inih": { "evra": "49-3.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.6-200.fc34.x86_64" + "evra": "5.13.7-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.6-200.fc34.x86_64" + "evra": "5.13.7-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.6-200.fc34.x86_64" + "evra": "5.13.7-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -799,7 +799,7 @@ "evra": "2:4.14.6-0.fc34.x86_64" }, "libxcrypt": { - "evra": "4.4.23-1.fc34.x86_64" + "evra": "4.4.24-1.fc34.x86_64" }, "libxml2": { "evra": "2.9.12-4.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-04T21:01:26Z", + "generated": "2021-08-07T20:54:22Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-02T21:48:02Z" + "generated": "2021-08-06T17:52:21Z" }, "fedora-updates": { - "generated": "2021-08-04T03:31:20Z" + "generated": "2021-08-07T00:56:26Z" } } } From 12f4f24bc022b848b945a90c2ad24b8f806e8008 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 8 Aug 2021 21:19:10 +0000 Subject: [PATCH 403/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/402/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 24 ++++++++++++------------ manifest-lock.x86_64.json | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index de9c196397..78f01465ef 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -223,7 +223,7 @@ "evra": "3.7-8.fc34.aarch64" }, "dnsmasq": { - "evra": "2.85-1.fc34.aarch64" + "evra": "2.85-3.fc34.aarch64" }, "dosfstools": { "evra": "4.2-1.fc34.aarch64" @@ -1102,22 +1102,22 @@ "evra": "1.9.5p2-1.fc34.aarch64" }, "systemd": { - "evra": "248.6-1.fc34.aarch64" + "evra": "248.7-1.fc34.aarch64" }, "systemd-container": { - "evra": "248.6-1.fc34.aarch64" + "evra": "248.7-1.fc34.aarch64" }, "systemd-libs": { - "evra": "248.6-1.fc34.aarch64" + "evra": "248.7-1.fc34.aarch64" }, "systemd-pam": { - "evra": "248.6-1.fc34.aarch64" + "evra": "248.7-1.fc34.aarch64" }, "systemd-rpm-macros": { - "evra": "248.6-1.fc34.noarch" + "evra": "248.7-1.fc34.noarch" }, "systemd-udev": { - "evra": "248.6-1.fc34.aarch64" + "evra": "248.7-1.fc34.aarch64" }, "tar": { "evra": "2:1.34-1.fc34.aarch64" @@ -1144,7 +1144,7 @@ "evra": "2.36.2-1.fc34.aarch64" }, "vim-minimal": { - "evra": "2:8.2.3273-1.fc34.aarch64" + "evra": "2:8.2.3290-1.fc34.aarch64" }, "which": { "evra": "2.21-26.fc34.aarch64" @@ -1168,7 +1168,7 @@ "evra": "1.1.15-1.fc34.aarch64" }, "zincati": { - "evra": "0.0.22-1.fc34.aarch64" + "evra": "0.0.23-1.fc34.aarch64" }, "zlib": { "evra": "1.2.11-26.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-07T20:54:39Z", + "generated": "2021-08-08T20:53:31Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-06T17:52:16Z" + "generated": "2021-08-07T21:30:57Z" }, "fedora-updates": { - "generated": "2021-08-07T00:56:03Z" + "generated": "2021-08-08T00:54:33Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 0419ffede6..2f29fa1ef2 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -223,7 +223,7 @@ "evra": "3.7-8.fc34.x86_64" }, "dnsmasq": { - "evra": "2.85-1.fc34.x86_64" + "evra": "2.85-3.fc34.x86_64" }, "dosfstools": { "evra": "4.2-1.fc34.x86_64" @@ -1114,22 +1114,22 @@ "evra": "1.9.5p2-1.fc34.x86_64" }, "systemd": { - "evra": "248.6-1.fc34.x86_64" + "evra": "248.7-1.fc34.x86_64" }, "systemd-container": { - "evra": "248.6-1.fc34.x86_64" + "evra": "248.7-1.fc34.x86_64" }, "systemd-libs": { - "evra": "248.6-1.fc34.x86_64" + "evra": "248.7-1.fc34.x86_64" }, "systemd-pam": { - "evra": "248.6-1.fc34.x86_64" + "evra": "248.7-1.fc34.x86_64" }, "systemd-rpm-macros": { - "evra": "248.6-1.fc34.noarch" + "evra": "248.7-1.fc34.noarch" }, "systemd-udev": { - "evra": "248.6-1.fc34.x86_64" + "evra": "248.7-1.fc34.x86_64" }, "tar": { "evra": "2:1.34-1.fc34.x86_64" @@ -1156,7 +1156,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3273-1.fc34.x86_64" + "evra": "2:8.2.3290-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1180,7 +1180,7 @@ "evra": "1.1.15-1.fc34.x86_64" }, "zincati": { - "evra": "0.0.22-1.fc34.x86_64" + "evra": "0.0.23-1.fc34.x86_64" }, "zlib": { "evra": "1.2.11-26.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-07T20:54:22Z", + "generated": "2021-08-08T20:53:11Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-06T17:52:21Z" + "generated": "2021-08-07T21:36:33Z" }, "fedora-updates": { - "generated": "2021-08-07T00:56:26Z" + "generated": "2021-08-08T00:54:56Z" } } } From 9aa46013358517b519155bbb187e2c973ef91117 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 10 Aug 2021 02:01:37 +0000 Subject: [PATCH 404/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/404/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 12 ++++++------ manifest-lock.x86_64.json | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 78f01465ef..ab8fb7581f 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.7-200.fc34.aarch64" + "evra": "5.13.8-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.7-200.fc34.aarch64" + "evra": "5.13.8-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.7-200.fc34.aarch64" + "evra": "5.13.8-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-08T20:53:31Z", + "generated": "2021-08-10T01:30:46Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-07T21:30:57Z" + "generated": "2021-08-08T21:26:42Z" }, "fedora-updates": { - "generated": "2021-08-08T00:54:33Z" + "generated": "2021-08-10T01:14:08Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2f29fa1ef2..e77184c761 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.7-200.fc34.x86_64" + "evra": "5.13.8-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.7-200.fc34.x86_64" + "evra": "5.13.8-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.7-200.fc34.x86_64" + "evra": "5.13.8-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-08T20:53:11Z", + "generated": "2021-08-10T01:30:30Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-07T21:36:33Z" + "generated": "2021-08-08T21:31:37Z" }, "fedora-updates": { - "generated": "2021-08-08T00:54:56Z" + "generated": "2021-08-10T01:14:33Z" } } } From 3cffd98b2984ca957123075b118d2fa99d74dac5 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 11 Aug 2021 14:44:02 +0000 Subject: [PATCH 405/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/406/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 8 ++++---- manifest-lock.x86_64.json | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index ab8fb7581f..e357af2cd6 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -133,7 +133,7 @@ "evra": "1.5.3-1.fc34.aarch64" }, "containernetworking-plugins": { - "evra": "1.0.0-0.2.rc1.fc34.aarch64" + "evra": "1.0.0-0.3.rc1.fc34.aarch64" }, "containers-common": { "evra": "4:1-21.fc34.noarch" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-10T01:30:46Z", + "generated": "2021-08-11T14:14:54Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-08T21:26:42Z" + "generated": "2021-08-10T02:09:07Z" }, "fedora-updates": { - "generated": "2021-08-10T01:14:08Z" + "generated": "2021-08-11T00:56:48Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index e77184c761..808d905960 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -133,7 +133,7 @@ "evra": "1.5.3-1.fc34.x86_64" }, "containernetworking-plugins": { - "evra": "1.0.0-0.2.rc1.fc34.x86_64" + "evra": "1.0.0-0.3.rc1.fc34.x86_64" }, "containers-common": { "evra": "4:1-21.fc34.noarch" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-10T01:30:30Z", + "generated": "2021-08-11T14:15:02Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-08T21:31:37Z" + "generated": "2021-08-10T02:12:12Z" }, "fedora-updates": { - "generated": "2021-08-10T01:14:33Z" + "generated": "2021-08-11T00:57:11Z" } } } From 2913472e6e17d98659a4da2391747f270130723f Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Tue, 10 Aug 2021 11:29:44 -0400 Subject: [PATCH 406/489] misc-ign-ro: change message from kube-watch to be more unique We observed that the `kube-watch` test was occasionally failing because the message from the service was being identified from `echo` rather than the service name. Change the service to emit a UUID that we can check for instead of a generic log message. --- tests/kola/misc-ign-ro/config.fcc | 5 ++++- tests/kola/misc-ign-ro/test.sh | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/kola/misc-ign-ro/config.fcc b/tests/kola/misc-ign-ro/config.fcc index 2895e7e8c1..dc218a3959 100644 --- a/tests/kola/misc-ign-ro/config.fcc +++ b/tests/kola/misc-ign-ro/config.fcc @@ -44,11 +44,14 @@ systemd: - name: kube-watch.service # This is for verifying that `kubernetes_file_t` labeled files can be # watched by systemd + # NOTE: we've observed a race where the journal message shows up as + # coming from `echo` rather than `kube-watch`, so we're embedding + # a UUID in the message to make it easier to find. # See: https://github.com/coreos/fedora-coreos-tracker/issues/861 # See: https://github.com/containers/container-selinux/issues/135 contents: | [Service] - ExecStart=/usr/bin/echo "Found it" + ExecStart=/usr/bin/echo "This is the kube-watch unique id: 27a259a8-7f2d-4144-8b8f-23dd201b630c" RemainAfterExit=yes Type=oneshot [Install] diff --git a/tests/kola/misc-ign-ro/test.sh b/tests/kola/misc-ign-ro/test.sh index 525e5ba2eb..24728c720c 100755 --- a/tests/kola/misc-ign-ro/test.sh +++ b/tests/kola/misc-ign-ro/test.sh @@ -54,7 +54,10 @@ if [ "$(systemctl is-active kube-watch.service)" != "active" ]; then fi ok "kube-watch.service activated successfully" -if [ "$(journalctl -o cat -u kube-watch.service | sed -n 2p)" != "Found it" ]; then +# NOTE: we've observed a race where the journal message shows up as +# coming from `echo` rather than `kube-watch`, so we're embedding +# a UUID in the message to make it easier to find. +if ! journalctl -o cat -b | grep 27a259a8-7f2d-4144-8b8f-23dd201b630c; then fatal "kube-watch.service did not print message to journal" fi ok "Found message from kube-watch.service in journal" From ea98ed8c24fc52abb421828ee1e1e442c98cdbc4 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 12 Aug 2021 21:05:38 +0000 Subject: [PATCH 407/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/407/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 16 ++++++++-------- manifest-lock.x86_64.json | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index e357af2cd6..4c9269dc9f 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -37,7 +37,7 @@ "evra": "2.5.1-1.fc34.aarch64" }, "audit-libs": { - "evra": "3.0.3-1.fc34.aarch64" + "evra": "3.0.4-1.fc34.aarch64" }, "avahi-libs": { "evra": "0.8-14.fc34.aarch64" @@ -790,7 +790,7 @@ "evra": "2:4.14.6-0.fc34.aarch64" }, "libxcrypt": { - "evra": "4.4.24-1.fc34.aarch64" + "evra": "4.4.25-1.fc34.aarch64" }, "libxml2": { "evra": "2.9.12-4.fc34.aarch64" @@ -1027,10 +1027,10 @@ "evra": "4.8-7.fc34.aarch64" }, "selinux-policy": { - "evra": "34.14-1.fc34.noarch" + "evra": "34.15-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.14-1.fc34.noarch" + "evra": "34.15-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1144,7 +1144,7 @@ "evra": "2.36.2-1.fc34.aarch64" }, "vim-minimal": { - "evra": "2:8.2.3290-1.fc34.aarch64" + "evra": "2:8.2.3318-1.fc34.aarch64" }, "which": { "evra": "2.21-26.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-11T14:14:54Z", + "generated": "2021-08-12T20:27:25Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-10T02:09:07Z" + "generated": "2021-08-11T14:51:40Z" }, "fedora-updates": { - "generated": "2021-08-11T00:56:48Z" + "generated": "2021-08-12T00:54:16Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 808d905960..37b032451b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -37,7 +37,7 @@ "evra": "2.5.1-1.fc34.x86_64" }, "audit-libs": { - "evra": "3.0.3-1.fc34.x86_64" + "evra": "3.0.4-1.fc34.x86_64" }, "avahi-libs": { "evra": "0.8-14.fc34.x86_64" @@ -799,7 +799,7 @@ "evra": "2:4.14.6-0.fc34.x86_64" }, "libxcrypt": { - "evra": "4.4.24-1.fc34.x86_64" + "evra": "4.4.25-1.fc34.x86_64" }, "libxml2": { "evra": "2.9.12-4.fc34.x86_64" @@ -1039,10 +1039,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.14-1.fc34.noarch" + "evra": "34.15-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.14-1.fc34.noarch" + "evra": "34.15-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1156,7 +1156,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3290-1.fc34.x86_64" + "evra": "2:8.2.3318-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-11T14:15:02Z", + "generated": "2021-08-12T20:27:02Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-10T02:12:12Z" + "generated": "2021-08-11T14:55:27Z" }, "fedora-updates": { - "generated": "2021-08-11T00:57:11Z" + "generated": "2021-08-12T00:54:40Z" } } } From 015876fe529cd011e9867a35ba6c66a277216ef5 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 13 Aug 2021 17:40:32 +0000 Subject: [PATCH 408/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/408/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 12 ++++++------ manifest-lock.x86_64.json | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 4c9269dc9f..019b2aa7f5 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.8-200.fc34.aarch64" + "evra": "5.13.9-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.8-200.fc34.aarch64" + "evra": "5.13.9-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.8-200.fc34.aarch64" + "evra": "5.13.9-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-12T20:27:25Z", + "generated": "2021-08-13T17:12:43Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-11T14:51:40Z" + "generated": "2021-08-12T21:14:49Z" }, "fedora-updates": { - "generated": "2021-08-12T00:54:16Z" + "generated": "2021-08-13T00:56:12Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 37b032451b..97fe6b2c97 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.8-200.fc34.x86_64" + "evra": "5.13.9-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.8-200.fc34.x86_64" + "evra": "5.13.9-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.8-200.fc34.x86_64" + "evra": "5.13.9-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-12T20:27:02Z", + "generated": "2021-08-13T17:12:14Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-11T14:55:27Z" + "generated": "2021-08-12T21:18:14Z" }, "fedora-updates": { - "generated": "2021-08-12T00:54:40Z" + "generated": "2021-08-13T00:56:37Z" } } } From 65826d9751d1df1010af93d56e9966695c3f47ff Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 15 Aug 2021 06:17:41 +0000 Subject: [PATCH 409/489] =?UTF-8?q?lockfiles:=20drop=20graduated=20overrid?= =?UTF-8?q?es=20=F0=9F=8E=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Triggered by remove-graduated-overrides GitHub Action. --- manifest-lock.overrides.yaml | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index dbaeee55be..62cfbe5a1d 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -8,20 +8,4 @@ # in the `metadata.reason` key, though it's acceptable to omit a `reason` # for FCOS-specific packages (ignition, afterburn, etc.). -packages: - coreos-installer: - evr: 0.10.0-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-23c125b007 - type: fast-track - coreos-installer-bootinfra: - evr: 0.10.0-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-23c125b007 - type: fast-track - ignition: - evr: 2.12.0-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-429119296e - reason: https://github.com/coreos/ignition/issues/1255 - type: fast-track +packages: {} From bc4f75b6ac0a08eb0a93d2b59fe15cf31723ca95 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 16 Aug 2021 14:17:22 +0000 Subject: [PATCH 410/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/409/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 14 +++++++------- manifest-lock.x86_64.json | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 019b2aa7f5..3bb37b8ecc 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -37,7 +37,7 @@ "evra": "2.5.1-1.fc34.aarch64" }, "audit-libs": { - "evra": "3.0.4-1.fc34.aarch64" + "evra": "3.0.5-1.fc34.aarch64" }, "avahi-libs": { "evra": "0.8-14.fc34.aarch64" @@ -127,7 +127,7 @@ "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.164.1-1.git563ba3f.fc34.noarch" + "evra": "2:2.164.2-1.fc34.noarch" }, "containerd": { "evra": "1.5.3-1.fc34.aarch64" @@ -850,7 +850,7 @@ "evra": "2:0.4.0-4.fc34.aarch64" }, "mozjs78": { - "evra": "78.12.0-1.fc34.aarch64" + "evra": "78.13.0-1.fc34.aarch64" }, "mpfr": { "evra": "4.1.0-7.fc34.aarch64" @@ -1042,7 +1042,7 @@ "evra": "1.45-4.fc34.aarch64" }, "shadow-utils": { - "evra": "2:4.8.1-8.fc34.aarch64" + "evra": "2:4.8.1-9.fc34.aarch64" }, "shared-mime-info": { "evra": "2.1-2.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-13T17:12:43Z", + "generated": "2021-08-16T13:26:41Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-12T21:14:49Z" + "generated": "2021-08-13T17:46:34Z" }, "fedora-updates": { - "generated": "2021-08-13T00:56:12Z" + "generated": "2021-08-16T00:58:32Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 97fe6b2c97..14ef44dde2 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -37,7 +37,7 @@ "evra": "2.5.1-1.fc34.x86_64" }, "audit-libs": { - "evra": "3.0.4-1.fc34.x86_64" + "evra": "3.0.5-1.fc34.x86_64" }, "avahi-libs": { "evra": "0.8-14.fc34.x86_64" @@ -127,7 +127,7 @@ "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.164.1-1.git563ba3f.fc34.noarch" + "evra": "2:2.164.2-1.fc34.noarch" }, "containerd": { "evra": "1.5.3-1.fc34.x86_64" @@ -862,7 +862,7 @@ "evra": "2:0.4.0-4.fc34.x86_64" }, "mozjs78": { - "evra": "78.12.0-1.fc34.x86_64" + "evra": "78.13.0-1.fc34.x86_64" }, "mpfr": { "evra": "4.1.0-7.fc34.x86_64" @@ -1054,7 +1054,7 @@ "evra": "1.45-4.fc34.x86_64" }, "shadow-utils": { - "evra": "2:4.8.1-8.fc34.x86_64" + "evra": "2:4.8.1-9.fc34.x86_64" }, "shared-mime-info": { "evra": "2.1-2.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-13T17:12:14Z", + "generated": "2021-08-16T13:26:27Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-12T21:18:14Z" + "generated": "2021-08-13T17:47:33Z" }, "fedora-updates": { - "generated": "2021-08-13T00:56:37Z" + "generated": "2021-08-16T00:58:58Z" } } } From df0c12dd35cb05ea081d38e8c73e667c94aaed65 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 16 Aug 2021 16:36:30 -0400 Subject: [PATCH 411/489] manifests: workaround F37 GPG key issue for rawhide We'll workaround the issue by removing the F37 key from the list of gpgkeys to load. We'll also add a test that fails if the f37 entry isn't put back in place and we'll snooze that test. This gives us a reminder to followup on this issue if we don't get it resolved in upstream libdnf/rpm in the immediate future. https://github.com/coreos/fedora-coreos-tracker/issues/925 --- kola-denylist.yaml | 3 +++ manifests/fedora-coreos-base.yaml | 11 +++++++++++ tests/kola/yum-repos/test.sh | 25 +++++++++++++++++++++++++ 3 files changed, 39 insertions(+) create mode 100755 tests/kola/yum-repos/test.sh diff --git a/kola-denylist.yaml b/kola-denylist.yaml index 05d61c6722..0ed8584f0f 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -10,3 +10,6 @@ snooze: 2021-09-01 platforms: - openstack +- pattern: ext.config.yum-repos + tracker: https://github.com/coreos/fedora-coreos-tracker/issues/925 + snooze: 2021-09-01 diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 581845dfa5..4750b1d2ad 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -117,6 +117,17 @@ postprocess: echo 'DEFAULT_HOSTNAME=localhost' >> /usr/lib/os-release fi + + # Workaround issue in rawhide parsing the F37 GPG key + # by removing it from the list of gpgkeys to load. + # https://github.com/coreos/fedora-coreos-tracker/issues/925 + - | + #!/usr/bin/env bash + set -xeuo pipefail + source /etc/os-release + [ ${VERSION_ID} -eq 36 ] || exit 0 + sed -i 's|gpgkey=.*$|gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide-$basearch|' /etc/yum.repos.d/fedora-rawhide.repo + # Packages listed here should be specific to Fedore CoreOS (as in not yet # available in RHCOS or not desired in RHCOS). All other packages should go # into one of the sub-manifests listed at the top. diff --git a/tests/kola/yum-repos/test.sh b/tests/kola/yum-repos/test.sh new file mode 100755 index 0000000000..ee6bc60ecf --- /dev/null +++ b/tests/kola/yum-repos/test.sh @@ -0,0 +1,25 @@ +#!/bin/bash +set -xeuo pipefail + +# No need to run an other platforms than QEMU. +# kola: { "platforms": "qemu-unpriv" } + +# We can delete this test when the following issue is resolved: +# https://github.com/coreos/fedora-coreos-tracker/issues/925 + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +source /etc/os-release +if [ "$VERSION_ID" -eq "36" ]; then + if ! grep 'RPM-GPG-KEY-fedora-37' /etc/yum.repos.d/fedora-rawhide.repo; then + fatal "Fedora 37 gpg key should be in rawhide repo" + fi +fi +ok rawhiderepo From 1365f000c61ff2f774a8170aeefb7900899033e6 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 16 Aug 2021 16:40:51 -0400 Subject: [PATCH 412/489] kola-denylist: snooze the toolbox test There is currently no registry.fedoraproject.org/fedora-toolbox:36 container. Let's snooze for a few weeks in the rawhide stream and hopefully it will be in the registry by then. https://github.com/coreos/fedora-coreos-tracker/issues/926 --- kola-denylist.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kola-denylist.yaml b/kola-denylist.yaml index 0ed8584f0f..6d80164af5 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -13,3 +13,7 @@ - pattern: ext.config.yum-repos tracker: https://github.com/coreos/fedora-coreos-tracker/issues/925 snooze: 2021-09-01 +- pattern: ext.config.toolbox + tracker: https://github.com/coreos/fedora-coreos-tracker/issues/926 + stream: rawhide + snooze: 2021-09-01 From a4652f3ea84110e0d0d6497ee4677ff0369f0d8d Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 17 Aug 2021 19:41:37 +0000 Subject: [PATCH 413/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/410/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 17 ++++++++++------- manifest-lock.x86_64.json | 17 ++++++++++------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 3bb37b8ecc..10eea4cc40 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -156,6 +156,9 @@ "cracklib": { "evra": "2.9.6-25.fc34.aarch64" }, + "cracklib-dicts": { + "evra": "2.9.6-25.fc34.aarch64" + }, "criu": { "evra": "3.15-3.fc34.aarch64" }, @@ -322,7 +325,7 @@ "evra": "2.9.9-11.fc34.aarch64" }, "fuse-overlayfs": { - "evra": "1.7.0-1.fc34.aarch64" + "evra": "1.7.1-1.fc34.aarch64" }, "fuse-sshfs": { "evra": "3.7.2-1.fc34.aarch64" @@ -676,7 +679,7 @@ "evra": "0.21.1-3.fc34.aarch64" }, "libpwquality": { - "evra": "1.4.4-2.fc34.aarch64" + "evra": "1.4.4-6.fc34.aarch64" }, "libref_array": { "evra": "0.1.5-47.fc34.aarch64" @@ -1027,10 +1030,10 @@ "evra": "4.8-7.fc34.aarch64" }, "selinux-policy": { - "evra": "34.15-1.fc34.noarch" + "evra": "34.16-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.15-1.fc34.noarch" + "evra": "34.16-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1178,16 +1181,16 @@ } }, "metadata": { - "generated": "2021-08-16T13:26:41Z", + "generated": "2021-08-17T19:12:33Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-13T17:46:34Z" + "generated": "2021-08-16T14:32:41Z" }, "fedora-updates": { - "generated": "2021-08-16T00:58:32Z" + "generated": "2021-08-17T00:59:00Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 14ef44dde2..5d5c836b57 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -156,6 +156,9 @@ "cracklib": { "evra": "2.9.6-25.fc34.x86_64" }, + "cracklib-dicts": { + "evra": "2.9.6-25.fc34.x86_64" + }, "criu": { "evra": "3.15-3.fc34.x86_64" }, @@ -322,7 +325,7 @@ "evra": "2.9.9-11.fc34.x86_64" }, "fuse-overlayfs": { - "evra": "1.7.0-1.fc34.x86_64" + "evra": "1.7.1-1.fc34.x86_64" }, "fuse-sshfs": { "evra": "3.7.2-1.fc34.x86_64" @@ -682,7 +685,7 @@ "evra": "0.21.1-3.fc34.x86_64" }, "libpwquality": { - "evra": "1.4.4-2.fc34.x86_64" + "evra": "1.4.4-6.fc34.x86_64" }, "libref_array": { "evra": "0.1.5-47.fc34.x86_64" @@ -1039,10 +1042,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.15-1.fc34.noarch" + "evra": "34.16-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.15-1.fc34.noarch" + "evra": "34.16-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1190,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-08-16T13:26:27Z", + "generated": "2021-08-17T19:12:14Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-13T17:47:33Z" + "generated": "2021-08-16T14:35:46Z" }, "fedora-updates": { - "generated": "2021-08-16T00:58:58Z" + "generated": "2021-08-17T00:59:25Z" } } } From 12ba5c2922d59fb2451ff3fbbb033913538b9460 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Wed, 18 Aug 2021 13:21:19 +0200 Subject: [PATCH 414/489] overaly/preset: Enable Count Me by default Enable rpm-ostree Count Me timer by default for existing and new installs. See: https://github.com/coreos/fedora-coreos-tracker/issues/717 --- overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset | 3 +++ 1 file changed, 3 insertions(+) diff --git a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset index ad40cb9d2c..c007234c9d 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset +++ b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset @@ -8,3 +8,6 @@ enable coreos-check-cgroups.service # Clean up injected Ignition config in /boot on upgrade # https://github.com/coreos/fedora-coreos-tracker/issues/889 enable coreos-cleanup-ignition-config.service +# Temporary fast track for rpm-ostree count me enablement +# https://github.com/coreos/fedora-coreos-tracker/issues/717 +enable rpm-ostree-countme.timer From b654d7dad896a721235610e6653cfe46084b31f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Wed, 18 Aug 2021 17:47:37 +0200 Subject: [PATCH 415/489] tests/rpm-ostree-countme: Remove now uneeded custom Butane config rpm-ostree count me timer is now enabled by default. See: https://github.com/coreos/fedora-coreos-tracker/issues/717 --- tests/kola/rpm-ostree-countme/config.fcc | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 tests/kola/rpm-ostree-countme/config.fcc diff --git a/tests/kola/rpm-ostree-countme/config.fcc b/tests/kola/rpm-ostree-countme/config.fcc deleted file mode 100644 index 002cc59a7a..0000000000 --- a/tests/kola/rpm-ostree-countme/config.fcc +++ /dev/null @@ -1,7 +0,0 @@ -variant: fcos -version: 1.3.0 -systemd: - units: - - name: rpm-ostree-countme.timer - mask: false - enabled: true From 2357ffd0a50e38a8d9be06b6f3980e9d4b0c60af Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 18 Aug 2021 21:31:22 +0000 Subject: [PATCH 416/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/414/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 50 +++++++++++++++++++------------------- manifest-lock.x86_64.json | 50 +++++++++++++++++++------------------- 2 files changed, 50 insertions(+), 50 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 10eea4cc40..7b2f2bd2a4 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -79,7 +79,7 @@ "evra": "1.0.8-6.fc34.aarch64" }, "c-ares": { - "evra": "1.17.1-2.fc34.aarch64" + "evra": "1.17.2-1.fc34.aarch64" }, "ca-certificates": { "evra": "2021.2.50-1.0.fc34.noarch" @@ -274,13 +274,13 @@ "evra": "34-2.noarch" }, "fedora-release-common": { - "evra": "34-1.noarch" + "evra": "34-36.noarch" }, "fedora-release-coreos": { - "evra": "34-1.noarch" + "evra": "34-36.noarch" }, "fedora-release-identity-coreos": { - "evra": "34-1.noarch" + "evra": "34-36.noarch" }, "fedora-repos": { "evra": "34-2.noarch" @@ -460,13 +460,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.9-200.fc34.aarch64" + "evra": "5.13.10-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.9-200.fc34.aarch64" + "evra": "5.13.10-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.9-200.fc34.aarch64" + "evra": "5.13.10-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -601,7 +601,7 @@ "evra": "1.3.1-47.fc34.aarch64" }, "libipa_hbac": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "libjcat": { "evra": "0.1.6-1.fc34.aarch64" @@ -730,16 +730,16 @@ "evra": "0.9.5-2.fc34.noarch" }, "libsss_certmap": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "libsss_idmap": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "libsss_nss_idmap": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "libsss_sudo": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "libstdc++": { "evra": "11.2.1-1.fc34.aarch64" @@ -1054,7 +1054,7 @@ "evra": "15.4-4.aarch64" }, "skopeo": { - "evra": "1:1.3.1-1.fc34.aarch64" + "evra": "1:1.4.0-2.fc34.aarch64" }, "slang": { "evra": "2.3.2-9.fc34.aarch64" @@ -1075,28 +1075,28 @@ "evra": "0.1.2-7.fc34.aarch64" }, "sssd-ad": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "sssd-client": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "sssd-common": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "sssd-common-pac": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "sssd-ipa": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "sssd-krb5": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "sssd-krb5-common": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "sssd-ldap": { - "evra": "2.5.2-1.fc34.aarch64" + "evra": "2.5.2-2.fc34.aarch64" }, "stalld": { "evra": "1.14.1-1.fc34.aarch64" @@ -1147,7 +1147,7 @@ "evra": "2.36.2-1.fc34.aarch64" }, "vim-minimal": { - "evra": "2:8.2.3318-1.fc34.aarch64" + "evra": "2:8.2.3354-1.fc34.aarch64" }, "which": { "evra": "2.21-26.fc34.aarch64" @@ -1181,16 +1181,16 @@ } }, "metadata": { - "generated": "2021-08-17T19:12:33Z", + "generated": "2021-08-18T20:53:36Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-16T14:32:41Z" + "generated": "2021-08-17T19:49:11Z" }, "fedora-updates": { - "generated": "2021-08-17T00:59:00Z" + "generated": "2021-08-18T01:04:15Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 5d5c836b57..25ca837d8d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -79,7 +79,7 @@ "evra": "1.0.8-6.fc34.x86_64" }, "c-ares": { - "evra": "1.17.1-2.fc34.x86_64" + "evra": "1.17.2-1.fc34.x86_64" }, "ca-certificates": { "evra": "2021.2.50-1.0.fc34.noarch" @@ -274,13 +274,13 @@ "evra": "34-2.noarch" }, "fedora-release-common": { - "evra": "34-1.noarch" + "evra": "34-36.noarch" }, "fedora-release-coreos": { - "evra": "34-1.noarch" + "evra": "34-36.noarch" }, "fedora-release-identity-coreos": { - "evra": "34-1.noarch" + "evra": "34-36.noarch" }, "fedora-repos": { "evra": "34-2.noarch" @@ -466,13 +466,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.9-200.fc34.x86_64" + "evra": "5.13.10-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.9-200.fc34.x86_64" + "evra": "5.13.10-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.9-200.fc34.x86_64" + "evra": "5.13.10-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -607,7 +607,7 @@ "evra": "1.3.1-47.fc34.x86_64" }, "libipa_hbac": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "libjcat": { "evra": "0.1.6-1.fc34.x86_64" @@ -739,16 +739,16 @@ "evra": "0.9.5-2.fc34.noarch" }, "libsss_certmap": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "libsss_idmap": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "libsss_nss_idmap": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "libsss_sudo": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "libstdc++": { "evra": "11.2.1-1.fc34.x86_64" @@ -1066,7 +1066,7 @@ "evra": "15.4-4.x86_64" }, "skopeo": { - "evra": "1:1.3.1-1.fc34.x86_64" + "evra": "1:1.4.0-2.fc34.x86_64" }, "slang": { "evra": "2.3.2-9.fc34.x86_64" @@ -1087,28 +1087,28 @@ "evra": "0.1.2-7.fc34.x86_64" }, "sssd-ad": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "sssd-client": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "sssd-common": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "sssd-common-pac": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "sssd-ipa": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "sssd-krb5": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "sssd-krb5-common": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "sssd-ldap": { - "evra": "2.5.2-1.fc34.x86_64" + "evra": "2.5.2-2.fc34.x86_64" }, "stalld": { "evra": "1.14.1-1.fc34.x86_64" @@ -1159,7 +1159,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3318-1.fc34.x86_64" + "evra": "2:8.2.3354-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-08-17T19:12:14Z", + "generated": "2021-08-18T20:53:20Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-16T14:35:46Z" + "generated": "2021-08-17T19:52:46Z" }, "fedora-updates": { - "generated": "2021-08-17T00:59:25Z" + "generated": "2021-08-18T01:05:10Z" } } } From 837c91fad5409bfae59aacb22bd729fe951d0049 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 18 Aug 2021 16:11:36 -0400 Subject: [PATCH 417/489] tests/misc-ign-ro: wait while kube-watch is activating We've hit a race a few times where: ``` kola-runext-test.sh[2023]: ++ systemctl is-active kube-watch.service kola-runext-test.sh[2015]: + '[' activating '!=' active ']' kola-runext-test.sh[2015]: + fatal 'kube-watch.service did not successfully activate' kola-runext-test.sh[2015]: + echo 'kube-watch.service did not successfully activate' kola-runext-test.sh[2015]: kube-watch.service did not successfully activate ``` Basically it's activating but not yet active. Let's loop while it activates before we check the final state. --- tests/kola/misc-ign-ro/test.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/kola/misc-ign-ro/test.sh b/tests/kola/misc-ign-ro/test.sh index 24728c720c..3713c864ea 100755 --- a/tests/kola/misc-ign-ro/test.sh +++ b/tests/kola/misc-ign-ro/test.sh @@ -49,6 +49,12 @@ ok "kube-watch.path successfully activated" touch /etc/kubernetes/kubeconfig ok "successfully created /etc/kubernetes/kubeconfig" +# If we check the status too soon it could still be activating.. +# Sleep in a loop until it's done "activating" +while [ "$(systemctl is-active kube-watch.service)" == "activating" ]; do + echo "kube-watch is activating. sleeping for 1 second" + sleep 1 +done if [ "$(systemctl is-active kube-watch.service)" != "active" ]; then fatal "kube-watch.service did not successfully activate" fi From 9c76125fded9ca0b80dac08085f48f2b5a7c3701 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 19 Aug 2021 10:52:53 -0400 Subject: [PATCH 418/489] ci/remove-graduated-overrides: enable for branched and rawhide In rare situations, we sometimes need to fast-track packages to these mechanical streams, e.g. if pungi composes are failing and not updating the repos. It's trivial to check those branches too for when the repos are finally updated using the same GitHub Action, so let's do that. Closes: #1170 --- .github/workflows/remove-graduated-overrides.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/remove-graduated-overrides.yml b/.github/workflows/remove-graduated-overrides.yml index 01db0b7f6b..1b78215462 100644 --- a/.github/workflows/remove-graduated-overrides.yml +++ b/.github/workflows/remove-graduated-overrides.yml @@ -19,6 +19,8 @@ jobs: branch: - testing-devel - next-devel + - branched + - rawhide fail-fast: false steps: - run: dnf install -y rpm-ostree # see related TODO above From 073d0bf4148cc19b56408d0c62e45811e3fd0323 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 19 Aug 2021 16:04:47 -0400 Subject: [PATCH 419/489] Revert "manifests: workaround F37 GPG key issue for rawhide" This reverts commit df0c12dd35cb05ea081d38e8c73e667c94aaed65. It's no longer needed since the format of the gpgkey in fedora-repos was updated. https://github.com/coreos/fedora-coreos-tracker/issues/925 --- kola-denylist.yaml | 3 --- manifests/fedora-coreos-base.yaml | 11 ----------- tests/kola/yum-repos/test.sh | 25 ------------------------- 3 files changed, 39 deletions(-) delete mode 100755 tests/kola/yum-repos/test.sh diff --git a/kola-denylist.yaml b/kola-denylist.yaml index 6d80164af5..88680d7111 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -10,9 +10,6 @@ snooze: 2021-09-01 platforms: - openstack -- pattern: ext.config.yum-repos - tracker: https://github.com/coreos/fedora-coreos-tracker/issues/925 - snooze: 2021-09-01 - pattern: ext.config.toolbox tracker: https://github.com/coreos/fedora-coreos-tracker/issues/926 stream: rawhide diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 4750b1d2ad..581845dfa5 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -117,17 +117,6 @@ postprocess: echo 'DEFAULT_HOSTNAME=localhost' >> /usr/lib/os-release fi - - # Workaround issue in rawhide parsing the F37 GPG key - # by removing it from the list of gpgkeys to load. - # https://github.com/coreos/fedora-coreos-tracker/issues/925 - - | - #!/usr/bin/env bash - set -xeuo pipefail - source /etc/os-release - [ ${VERSION_ID} -eq 36 ] || exit 0 - sed -i 's|gpgkey=.*$|gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide-$basearch|' /etc/yum.repos.d/fedora-rawhide.repo - # Packages listed here should be specific to Fedore CoreOS (as in not yet # available in RHCOS or not desired in RHCOS). All other packages should go # into one of the sub-manifests listed at the top. diff --git a/tests/kola/yum-repos/test.sh b/tests/kola/yum-repos/test.sh deleted file mode 100755 index ee6bc60ecf..0000000000 --- a/tests/kola/yum-repos/test.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -set -xeuo pipefail - -# No need to run an other platforms than QEMU. -# kola: { "platforms": "qemu-unpriv" } - -# We can delete this test when the following issue is resolved: -# https://github.com/coreos/fedora-coreos-tracker/issues/925 - -ok() { - echo "ok" "$@" -} - -fatal() { - echo "$@" >&2 - exit 1 -} - -source /etc/os-release -if [ "$VERSION_ID" -eq "36" ]; then - if ! grep 'RPM-GPG-KEY-fedora-37' /etc/yum.repos.d/fedora-rawhide.repo; then - fatal "Fedora 37 gpg key should be in rawhide repo" - fi -fi -ok rawhiderepo From 27cb31d51e1ef4e56cd3851a0ff09d9add27e9f7 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 19 Aug 2021 21:22:48 +0000 Subject: [PATCH 420/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/415/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 8 ++++---- manifest-lock.x86_64.json | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 7b2f2bd2a4..e13f04a30f 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -166,7 +166,7 @@ "evra": "3.15-3.fc34.aarch64" }, "crun": { - "evra": "0.20.1-1.fc34.aarch64" + "evra": "0.21-1.fc34.aarch64" }, "crypto-policies": { "evra": "20210213-1.git5c710c0.fc34.noarch" @@ -1181,16 +1181,16 @@ } }, "metadata": { - "generated": "2021-08-18T20:53:36Z", + "generated": "2021-08-19T20:53:58Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-17T19:49:11Z" + "generated": "2021-08-19T19:44:25Z" }, "fedora-updates": { - "generated": "2021-08-18T01:04:15Z" + "generated": "2021-08-19T00:55:33Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 25ca837d8d..38e8e69bf5 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -166,7 +166,7 @@ "evra": "3.15-3.fc34.x86_64" }, "crun": { - "evra": "0.20.1-1.fc34.x86_64" + "evra": "0.21-1.fc34.x86_64" }, "crypto-policies": { "evra": "20210213-1.git5c710c0.fc34.noarch" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-08-18T20:53:20Z", + "generated": "2021-08-19T20:53:38Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-17T19:52:46Z" + "generated": "2021-08-19T19:44:11Z" }, "fedora-updates": { - "generated": "2021-08-18T01:05:10Z" + "generated": "2021-08-19T00:56:16Z" } } } From 68c74923880621e9b5fd9556233b717963000d5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 10 Aug 2021 17:19:44 +0200 Subject: [PATCH 421/489] tests/countme: Retry five times to avoid flakes We don't want to fail on partial count me reporting in pratice but the current test was designed to fail in that case to make sure that we don't miss an error in CI. This behavior becomes an issue in case of Fedora infra flakes so retry five times in case of partial reporting to avoid a costly CI failure as count me reporting is cheap. --- tests/kola/rpm-ostree-countme/test.sh | 72 +++++++++++++++++++-------- 1 file changed, 51 insertions(+), 21 deletions(-) diff --git a/tests/kola/rpm-ostree-countme/test.sh b/tests/kola/rpm-ostree-countme/test.sh index a8a83aeded..4c26a8f7a5 100755 --- a/tests/kola/rpm-ostree-countme/test.sh +++ b/tests/kola/rpm-ostree-countme/test.sh @@ -1,7 +1,7 @@ #!/bin/bash set -xeuo pipefail -# No need to run an other platforms than QEMU. +# No need to run on any other platform than QEMU. # kola: { "tags": "needs-internet", "platforms": "qemu-unpriv" } ok() { @@ -13,28 +13,58 @@ fatal() { exit 1 } -# Check that the timer got pulled when rpm-ostreed got started -if [[ $(systemctl show -p ActiveState rpm-ostree-countme.timer) != "ActiveState=active" ]] \ - && [[ $(systemctl show -p SubState rpm-ostree-countme.timer) != "SubState=waiting" ]]; then +journal_cursor() { + journalctl --output json --lines 1 \ + | jq --raw-output '.["__CURSOR"]' > /tmp/countme.cursor +} + +journal_after_cursor() { + journalctl --output=json \ + --after-cursor "$(cat /tmp/countme.cursor)" \ + --output=json --unit=rpm-ostree-countme.service \ + --grep "Successful requests:" \ + | jq --raw-output '.MESSAGE' +} + +# Check that the timer has been enabled +if [[ $(systemctl show -p ActiveState rpm-ostree-countme.timer) != "ActiveState=active" ]] && \ + [[ $(systemctl show -p SubState rpm-ostree-countme.timer) != "SubState=waiting" ]]; then fatal "rpm-ostree-countme timer has not been started" fi -# Check that running the service manually is successful -systemctl start rpm-ostree-countme.service -if [[ $(systemctl show -p ActiveState rpm-ostree-countme.service) != "ActiveState=inactive" ]] \ - && [[ $(systemctl show -p SubState rpm-ostree-countme.service) != "SubState=dead" ]] \ - && [[ $(systemctl show -p Result rpm-ostree-countme.service) != "Result=success" ]] \ - && [[ $(systemctl show -p ExecMainStatus rpm-ostree-countme.service) != "ExecMainStatus=0" ]]; then - fatal "rpm-ostree-countme exited with an error" -fi +# Try five times to avoid Fedora infra flakes +for i in $(seq 1 5); do + # Remove status file so that we retry every time we flake + rm -f /var/lib/private/rpm-ostree-countme/countme + # Update the journal cursor + journal_cursor -# Check rpm-ostree count me output -output="$(journalctl --output=json --boot --unit=rpm-ostree-countme.service --grep "Successful requests:" | jq --raw-output '.MESSAGE')" -# depending on the stream, we expect different numbers of countme-enabled repos -if [[ "${output}" != "Successful requests: 1/1" ]] && \ - [[ "${output}" != "Successful requests: 2/2" ]] && \ - [[ "${output}" != "Successful requests: 3/3" ]]; then - fatal "rpm-ostree-countme service ouput does not match expected sucess output" -fi + # Check that running the service manually is successful + systemctl start rpm-ostree-countme.service + if [[ $(systemctl show -p ActiveState rpm-ostree-countme.service) != "ActiveState=inactive" ]] && \ + [[ $(systemctl show -p SubState rpm-ostree-countme.service) != "SubState=dead" ]] && \ + [[ $(systemctl show -p Result rpm-ostree-countme.service) != "Result=success" ]] && \ + [[ $(systemctl show -p ExecMainStatus rpm-ostree-countme.service) != "ExecMainStatus=0" ]]; then + echo "rpm-ostree-countme exited with an error (try: $i):" + systemctl status rpm-ostree-countme.service + sleep 10 + continue + fi + + # Check rpm-ostree count me output + output="$(journal_after_cursor)" + # Depending on the stream, we expect different numbers of countme-enabled repos + if [[ "${output}" != "Successful requests: 1/1" ]] && \ + [[ "${output}" != "Successful requests: 2/2" ]] && \ + [[ "${output}" != "Successful requests: 3/3" ]]; then + echo "rpm-ostree-countme service ouput does not match expected sucess output (try: $i):" + echo "${output}" + sleep 10 + continue + fi + + ok countme + exit 0 +done -ok countme +fatal "rpm-ostree-countme service failed or only partially completed five times" From 5eaefd7b41a8ee802f616fa4741f244b05fa14b2 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 21 Aug 2021 21:24:34 +0000 Subject: [PATCH 422/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/417/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 20 ++++++++++---------- manifest-lock.x86_64.json | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index e13f04a30f..491832ecb3 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -52,13 +52,13 @@ "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.16.19-1.fc34.aarch64" + "evra": "32:9.16.20-2.fc34.aarch64" }, "bind-license": { - "evra": "32:9.16.19-1.fc34.noarch" + "evra": "32:9.16.20-2.fc34.noarch" }, "bind-utils": { - "evra": "32:9.16.19-1.fc34.aarch64" + "evra": "32:9.16.20-2.fc34.aarch64" }, "bootupd": { "evra": "0.2.5-3.fc34.aarch64" @@ -460,13 +460,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.10-200.fc34.aarch64" + "evra": "5.13.12-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.10-200.fc34.aarch64" + "evra": "5.13.12-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.10-200.fc34.aarch64" + "evra": "5.13.12-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -487,7 +487,7 @@ "evra": "0.8.5-4.fc34.aarch64" }, "krb5-libs": { - "evra": "1.19.1-14.fc34.aarch64" + "evra": "1.19.2-2.fc34.aarch64" }, "less": { "evra": "581.2-1.fc34.aarch64" @@ -1181,16 +1181,16 @@ } }, "metadata": { - "generated": "2021-08-19T20:53:58Z", + "generated": "2021-08-21T20:53:51Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-19T19:44:25Z" + "generated": "2021-08-19T21:30:48Z" }, "fedora-updates": { - "generated": "2021-08-19T00:55:33Z" + "generated": "2021-08-21T00:57:46Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 38e8e69bf5..fd146fbc6f 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -52,13 +52,13 @@ "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.16.19-1.fc34.x86_64" + "evra": "32:9.16.20-2.fc34.x86_64" }, "bind-license": { - "evra": "32:9.16.19-1.fc34.noarch" + "evra": "32:9.16.20-2.fc34.noarch" }, "bind-utils": { - "evra": "32:9.16.19-1.fc34.x86_64" + "evra": "32:9.16.20-2.fc34.x86_64" }, "bootupd": { "evra": "0.2.5-3.fc34.x86_64" @@ -466,13 +466,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.10-200.fc34.x86_64" + "evra": "5.13.12-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.10-200.fc34.x86_64" + "evra": "5.13.12-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.10-200.fc34.x86_64" + "evra": "5.13.12-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -493,7 +493,7 @@ "evra": "0.8.5-4.fc34.x86_64" }, "krb5-libs": { - "evra": "1.19.1-14.fc34.x86_64" + "evra": "1.19.2-2.fc34.x86_64" }, "less": { "evra": "581.2-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-08-19T20:53:38Z", + "generated": "2021-08-21T20:53:33Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-19T19:44:11Z" + "generated": "2021-08-19T21:31:41Z" }, "fedora-updates": { - "generated": "2021-08-19T00:56:16Z" + "generated": "2021-08-21T00:58:13Z" } } } From ab2ff09e8c18f54594ab1d7bec8acfe96fb0a013 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 23 Aug 2021 12:04:17 -0400 Subject: [PATCH 423/489] denylist: fix snooze definition for ext.config.toolbox It was improperly matching all streams because I had specified `stream: rawhide` instead of `streams: [rawhide]`. Fix that now. --- kola-denylist.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kola-denylist.yaml b/kola-denylist.yaml index 88680d7111..7a50c134f8 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -12,5 +12,6 @@ - openstack - pattern: ext.config.toolbox tracker: https://github.com/coreos/fedora-coreos-tracker/issues/926 - stream: rawhide snooze: 2021-09-01 + streams: + - rawhide From 28e9d2c8acf370dd3d7d244246b4a3d4a6bd1d4a Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 23 Aug 2021 12:05:06 -0400 Subject: [PATCH 424/489] overrides: fast-track podman-3.3.0-1.fc34 Fixes https://github.com/coreos/fedora-coreos-tracker/issues/923 --- manifest-lock.overrides.yaml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 62cfbe5a1d..c13f2a9ae5 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -8,4 +8,16 @@ # in the `metadata.reason` key, though it's acceptable to omit a `reason` # for FCOS-specific packages (ignition, afterburn, etc.). -packages: {} +packages: + podman: + evr: 3:3.3.0-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-7ce1dbeb75 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/923 + type: fast-track + podman-plugins: + evr: 3:3.3.0-1.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-7ce1dbeb75 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/923 + type: fast-track From c19d2ad742b172245a24d40c691db194e9cb9a60 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 23 Aug 2021 21:31:20 +0000 Subject: [PATCH 425/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/419/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 12 ++++++------ manifest-lock.x86_64.json | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 491832ecb3..43a544bcb4 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -355,7 +355,7 @@ "evra": "2.31.1-3.fc34.aarch64" }, "glib2": { - "evra": "2.68.3-1.fc34.aarch64" + "evra": "2.68.4-1.fc34.aarch64" }, "glibc": { "evra": "2.33-20.fc34.aarch64" @@ -958,10 +958,10 @@ "evra": "1.7.3-6.fc34.aarch64" }, "podman": { - "evra": "3:3.2.3-2.fc34.aarch64" + "evra": "3:3.3.0-1.fc34.aarch64" }, "podman-plugins": { - "evra": "3:3.2.3-2.fc34.aarch64" + "evra": "3:3.3.0-1.fc34.aarch64" }, "policycoreutils": { "evra": "3.2-1.fc34.aarch64" @@ -1181,16 +1181,16 @@ } }, "metadata": { - "generated": "2021-08-21T20:53:51Z", + "generated": "2021-08-23T20:55:41Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-19T21:30:48Z" + "generated": "2021-08-23T17:07:26Z" }, "fedora-updates": { - "generated": "2021-08-21T00:57:46Z" + "generated": "2021-08-23T01:10:17Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index fd146fbc6f..410e5a8afb 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -355,7 +355,7 @@ "evra": "2.31.1-3.fc34.x86_64" }, "glib2": { - "evra": "2.68.3-1.fc34.x86_64" + "evra": "2.68.4-1.fc34.x86_64" }, "glibc": { "evra": "2.33-20.fc34.x86_64" @@ -970,10 +970,10 @@ "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "3:3.2.3-2.fc34.x86_64" + "evra": "3:3.3.0-1.fc34.x86_64" }, "podman-plugins": { - "evra": "3:3.2.3-2.fc34.x86_64" + "evra": "3:3.3.0-1.fc34.x86_64" }, "policycoreutils": { "evra": "3.2-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-08-21T20:53:33Z", + "generated": "2021-08-23T20:55:17Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-19T21:31:41Z" + "generated": "2021-08-23T17:11:52Z" }, "fedora-updates": { - "generated": "2021-08-21T00:58:13Z" + "generated": "2021-08-23T01:10:44Z" } } } From d0055cbc000b735d6ab71d196a05f67b2f2196b1 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 24 Aug 2021 15:01:45 -0400 Subject: [PATCH 426/489] ci/remove-graduated-overrides: prefix PRs with branch name Now that it's enabled for multiple branches, let's follow the convention of including the branch in the PR title to make it easier to review. --- .github/workflows/remove-graduated-overrides.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/remove-graduated-overrides.yml b/.github/workflows/remove-graduated-overrides.yml index 1b78215462..78e7736c61 100644 --- a/.github/workflows/remove-graduated-overrides.yml +++ b/.github/workflows/remove-graduated-overrides.yml @@ -45,7 +45,7 @@ jobs: token: ${{ secrets.COREOSBOT_RELENG_TOKEN }} branch: ${{ matrix.branch }}-graduation push-to-fork: coreosbot-releng/fedora-coreos-config - title: "lockfiles: drop graduated overrides 🎓" + title: "[${{ matrix.branch }}] lockfiles: drop graduated overrides 🎓" body: "Triggered by remove-graduated-overrides GitHub Action." committer: "CoreOS Bot " author: "CoreOS Bot " From f9daf5900509e2823f653fe450e6d71355264876 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 24 Aug 2021 21:25:52 +0000 Subject: [PATCH 427/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/420/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 10 +++++----- manifest-lock.x86_64.json | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 43a544bcb4..dfdbdad9d7 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -811,10 +811,10 @@ "evra": "2.5.1-28.fc34.aarch64" }, "linux-firmware": { - "evra": "20210716-121.fc34.noarch" + "evra": "20210818-122.fc34.noarch" }, "linux-firmware-whence": { - "evra": "20210716-121.fc34.noarch" + "evra": "20210818-122.fc34.noarch" }, "lmdb-libs": { "evra": "0.9.29-1.fc34.aarch64" @@ -1181,16 +1181,16 @@ } }, "metadata": { - "generated": "2021-08-23T20:55:41Z", + "generated": "2021-08-24T20:54:38Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-23T17:07:26Z" + "generated": "2021-08-23T21:38:34Z" }, "fedora-updates": { - "generated": "2021-08-23T01:10:17Z" + "generated": "2021-08-24T03:24:14Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 410e5a8afb..ecc589b3f4 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -820,10 +820,10 @@ "evra": "2.5.1-28.fc34.x86_64" }, "linux-firmware": { - "evra": "20210716-121.fc34.noarch" + "evra": "20210818-122.fc34.noarch" }, "linux-firmware-whence": { - "evra": "20210716-121.fc34.noarch" + "evra": "20210818-122.fc34.noarch" }, "lmdb-libs": { "evra": "0.9.29-1.fc34.x86_64" @@ -1193,16 +1193,16 @@ } }, "metadata": { - "generated": "2021-08-23T20:55:17Z", + "generated": "2021-08-24T20:54:11Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-23T17:11:52Z" + "generated": "2021-08-23T21:45:32Z" }, "fedora-updates": { - "generated": "2021-08-23T01:10:44Z" + "generated": "2021-08-24T03:24:40Z" } } } From 048b1ee32a3a3ab201926df43c366675de8ed2f4 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 25 Aug 2021 21:26:05 +0000 Subject: [PATCH 428/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/421/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 21 +++++++++------------ manifest-lock.x86_64.json | 21 +++++++++------------ 2 files changed, 18 insertions(+), 24 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index dfdbdad9d7..10255a2770 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -130,10 +130,10 @@ "evra": "2:2.164.2-1.fc34.noarch" }, "containerd": { - "evra": "1.5.3-1.fc34.aarch64" + "evra": "1.5.5-1.fc34.aarch64" }, "containernetworking-plugins": { - "evra": "1.0.0-0.3.rc1.fc34.aarch64" + "evra": "1.0.0-1.fc34.aarch64" }, "containers-common": { "evra": "4:1-21.fc34.noarch" @@ -306,9 +306,6 @@ "findutils": { "evra": "1:4.8.0-2.fc34.aarch64" }, - "firewalld-filesystem": { - "evra": "0.9.4-1.fc34.noarch" - }, "flatpak-session-helper": { "evra": "1.10.2-4.fc34.aarch64" }, @@ -451,7 +448,7 @@ "evra": "0.14-8.fc34.aarch64" }, "json-glib": { - "evra": "1.6.2-1.fc34.aarch64" + "evra": "1.6.4-1.fc34.aarch64" }, "kbd": { "evra": "2.4.0-2.fc34.aarch64" @@ -847,7 +844,7 @@ "evra": "4.1-7.fc34.aarch64" }, "moby-engine": { - "evra": "20.10.7-1.fc34.aarch64" + "evra": "20.10.8-1.fc34.aarch64" }, "mokutil": { "evra": "2:0.4.0-4.fc34.aarch64" @@ -1060,7 +1057,7 @@ "evra": "2.3.2-9.fc34.aarch64" }, "slirp4netns": { - "evra": "1.1.9-1.fc34.aarch64" + "evra": "1.1.12-2.fc34.aarch64" }, "snappy": { "evra": "1.1.8-5.fc34.aarch64" @@ -1147,7 +1144,7 @@ "evra": "2.36.2-1.fc34.aarch64" }, "vim-minimal": { - "evra": "2:8.2.3354-1.fc34.aarch64" + "evra": "2:8.2.3367-1.fc34.aarch64" }, "which": { "evra": "2.21-26.fc34.aarch64" @@ -1181,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-24T20:54:38Z", + "generated": "2021-08-25T20:56:26Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-23T21:38:34Z" + "generated": "2021-08-24T22:01:03Z" }, "fedora-updates": { - "generated": "2021-08-24T03:24:14Z" + "generated": "2021-08-25T19:37:17Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index ecc589b3f4..d0cc362f05 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -130,10 +130,10 @@ "evra": "2:2.164.2-1.fc34.noarch" }, "containerd": { - "evra": "1.5.3-1.fc34.x86_64" + "evra": "1.5.5-1.fc34.x86_64" }, "containernetworking-plugins": { - "evra": "1.0.0-0.3.rc1.fc34.x86_64" + "evra": "1.0.0-1.fc34.x86_64" }, "containers-common": { "evra": "4:1-21.fc34.noarch" @@ -306,9 +306,6 @@ "findutils": { "evra": "1:4.8.0-2.fc34.x86_64" }, - "firewalld-filesystem": { - "evra": "0.9.4-1.fc34.noarch" - }, "flatpak-session-helper": { "evra": "1.10.2-4.fc34.x86_64" }, @@ -457,7 +454,7 @@ "evra": "0.14-8.fc34.x86_64" }, "json-glib": { - "evra": "1.6.2-1.fc34.x86_64" + "evra": "1.6.4-1.fc34.x86_64" }, "kbd": { "evra": "2.4.0-2.fc34.x86_64" @@ -859,7 +856,7 @@ "evra": "2:2.1-46.fc34.x86_64" }, "moby-engine": { - "evra": "20.10.7-1.fc34.x86_64" + "evra": "20.10.8-1.fc34.x86_64" }, "mokutil": { "evra": "2:0.4.0-4.fc34.x86_64" @@ -1072,7 +1069,7 @@ "evra": "2.3.2-9.fc34.x86_64" }, "slirp4netns": { - "evra": "1.1.9-1.fc34.x86_64" + "evra": "1.1.12-2.fc34.x86_64" }, "snappy": { "evra": "1.1.8-5.fc34.x86_64" @@ -1159,7 +1156,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3354-1.fc34.x86_64" + "evra": "2:8.2.3367-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1193,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-24T20:54:11Z", + "generated": "2021-08-25T20:56:09Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-23T21:45:32Z" + "generated": "2021-08-24T22:01:40Z" }, "fedora-updates": { - "generated": "2021-08-24T03:24:40Z" + "generated": "2021-08-25T19:37:45Z" } } } From 56386b2ea18966e5ade51d34a88b2eceb24bd569 Mon Sep 17 00:00:00 2001 From: gursewak1997 Date: Wed, 25 Aug 2021 20:49:52 +0000 Subject: [PATCH 429/489] tests/kola/authentication/passwd: Added tests for password authentication Tested user password provisioned by ignition works and tested that passwd created yescrypt password hash for fedora version greater than FedoraCoreOS 35 --- tests/kola/authentication/passwd/config.fcc | 7 +++++ tests/kola/authentication/passwd/test.sh | 31 +++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 tests/kola/authentication/passwd/config.fcc create mode 100755 tests/kola/authentication/passwd/test.sh diff --git a/tests/kola/authentication/passwd/config.fcc b/tests/kola/authentication/passwd/config.fcc new file mode 100644 index 0000000000..2ce8f6f1ea --- /dev/null +++ b/tests/kola/authentication/passwd/config.fcc @@ -0,0 +1,7 @@ +variant: fcos +version: 1.4.0 +passwd: + users: + - name: tester + # encrypted version of 'foobar'. generated with `mkpasswd --method=yescrypt` + password_hash: $y$j9T$0HA8ReLTqRTccLKT0gzVY.$/e.OCrjePrh2tOm8CAoLqCMlZWS9q/WSAPBaZuopRs4 \ No newline at end of file diff --git a/tests/kola/authentication/passwd/test.sh b/tests/kola/authentication/passwd/test.sh new file mode 100755 index 0000000000..f379a22e71 --- /dev/null +++ b/tests/kola/authentication/passwd/test.sh @@ -0,0 +1,31 @@ +#!/bin/bash +set -xeuo pipefail + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +#Testing that a user password provisioned by ignition works +OUTPUT=$(echo 'foobar' | setsid su - tester -c id) + +if [[ $OUTPUT != "uid=1001(tester) gid=1001(tester) groups=1001(tester) context=system_u:system_r:unconfined_service_t:s0" ]]; then + fatal "Failure when checking command output running with specified username and password" +fi +# yescrypt was changed to the default in Fedora 35 +# https://fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow +# Testing that passwd command creates a yescrypt password hash(starting with '$y$') +source /etc/os-release +if [ "$VERSION_ID" -ge "35" ]; then + sudo useradd tester2 + echo "42abcdef" | sudo passwd tester2 --stdin + PASSWD_CONFIRMATION=$(sudo grep tester2 /etc/shadow) + if [[ ${PASSWD_CONFIRMATION:0:11} != 'tester2:$y$' ]]; then + fatal "passwd did not create a yescrypt password hash" + fi +fi +ok "User-password provisioned and passwd command successfully tested" \ No newline at end of file From d571b5c1067f688033ebea9421801ef1147c95c1 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 27 Aug 2021 18:16:48 +0000 Subject: [PATCH 430/489] =?UTF-8?q?lockfiles:=20drop=20graduated=20overrid?= =?UTF-8?q?es=20=F0=9F=8E=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Triggered by remove-graduated-overrides GitHub Action. --- manifest-lock.overrides.yaml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index c13f2a9ae5..62cfbe5a1d 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -8,16 +8,4 @@ # in the `metadata.reason` key, though it's acceptable to omit a `reason` # for FCOS-specific packages (ignition, afterburn, etc.). -packages: - podman: - evr: 3:3.3.0-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-7ce1dbeb75 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/923 - type: fast-track - podman-plugins: - evr: 3:3.3.0-1.fc34 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-7ce1dbeb75 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/923 - type: fast-track +packages: {} From d2cfc531ff17e2b20b73783e5e12081964f3d067 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 27 Aug 2021 21:44:46 +0000 Subject: [PATCH 431/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/424/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 10 +++++----- manifest-lock.x86_64.json | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 10255a2770..ecac2b6206 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -139,10 +139,10 @@ "evra": "4:1-21.fc34.noarch" }, "coreos-installer": { - "evra": "0.10.0-1.fc34.aarch64" + "evra": "0.10.0-2.fc34.aarch64" }, "coreos-installer-bootinfra": { - "evra": "0.10.0-1.fc34.aarch64" + "evra": "0.10.0-2.fc34.aarch64" }, "coreutils": { "evra": "8.32-30.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-25T20:56:26Z", + "generated": "2021-08-27T21:00:26Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-24T22:01:03Z" + "generated": "2021-08-26T14:58:59Z" }, "fedora-updates": { - "generated": "2021-08-25T19:37:17Z" + "generated": "2021-08-27T18:45:50Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index d0cc362f05..d013cfc0fe 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -139,10 +139,10 @@ "evra": "4:1-21.fc34.noarch" }, "coreos-installer": { - "evra": "0.10.0-1.fc34.x86_64" + "evra": "0.10.0-2.fc34.x86_64" }, "coreos-installer-bootinfra": { - "evra": "0.10.0-1.fc34.x86_64" + "evra": "0.10.0-2.fc34.x86_64" }, "coreutils": { "evra": "8.32-30.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-25T20:56:09Z", + "generated": "2021-08-27T20:59:53Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-24T22:01:40Z" + "generated": "2021-08-26T15:08:23Z" }, "fedora-updates": { - "generated": "2021-08-25T19:37:45Z" + "generated": "2021-08-27T18:47:05Z" } } } From 46a90f1a4f8847f68f4472825b9f1e3f2ee064a3 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 30 Aug 2021 18:15:14 +0000 Subject: [PATCH 432/489] lockfiles: bump timestamp Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/427/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 4 ++-- manifest-lock.x86_64.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index ecac2b6206..2ed2a48011 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -1178,7 +1178,7 @@ } }, "metadata": { - "generated": "2021-08-27T21:00:26Z", + "generated": "2021-08-30T18:14:25Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" @@ -1187,7 +1187,7 @@ "generated": "2021-08-26T14:58:59Z" }, "fedora-updates": { - "generated": "2021-08-27T18:45:50Z" + "generated": "2021-08-29T18:26:37Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index d013cfc0fe..27ffa77a91 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1190,7 +1190,7 @@ } }, "metadata": { - "generated": "2021-08-27T20:59:53Z", + "generated": "2021-08-30T18:14:07Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1199,7 +1199,7 @@ "generated": "2021-08-26T15:08:23Z" }, "fedora-updates": { - "generated": "2021-08-27T18:47:05Z" + "generated": "2021-08-29T18:27:09Z" } } } From d14289a16b296eb4f04cdc91444c5f851c136c84 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 30 Aug 2021 21:41:51 +0000 Subject: [PATCH 433/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/428/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 22 +++++++++++----------- manifest-lock.x86_64.json | 22 +++++++++++----------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 2ed2a48011..e2e6bf2f77 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -52,13 +52,13 @@ "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.16.20-2.fc34.aarch64" + "evra": "32:9.16.20-3.fc34.aarch64" }, "bind-license": { - "evra": "32:9.16.20-2.fc34.noarch" + "evra": "32:9.16.20-3.fc34.noarch" }, "bind-utils": { - "evra": "32:9.16.20-2.fc34.aarch64" + "evra": "32:9.16.20-3.fc34.aarch64" }, "bootupd": { "evra": "0.2.5-3.fc34.aarch64" @@ -712,7 +712,7 @@ "evra": "2.36.2-1.fc34.aarch64" }, "libsmbclient": { - "evra": "2:4.14.6-0.fc34.aarch64" + "evra": "2:4.14.7-0.fc34.aarch64" }, "libsolv": { "evra": "0.7.17-3.fc34.aarch64" @@ -787,7 +787,7 @@ "evra": "0.3.2-1.fc34.aarch64" }, "libwbclient": { - "evra": "2:4.14.6-0.fc34.aarch64" + "evra": "2:4.14.7-0.fc34.aarch64" }, "libxcrypt": { "evra": "4.4.25-1.fc34.aarch64" @@ -1015,13 +1015,13 @@ "evra": "2:1.0.1-1.fc34.aarch64" }, "samba-client-libs": { - "evra": "2:4.14.6-0.fc34.aarch64" + "evra": "2:4.14.7-0.fc34.aarch64" }, "samba-common": { - "evra": "2:4.14.6-0.fc34.noarch" + "evra": "2:4.14.7-0.fc34.noarch" }, "samba-common-libs": { - "evra": "2:4.14.6-0.fc34.aarch64" + "evra": "2:4.14.7-0.fc34.aarch64" }, "sed": { "evra": "4.8-7.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-30T18:14:25Z", + "generated": "2021-08-30T20:54:58Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-26T14:58:59Z" + "generated": "2021-08-30T20:31:42Z" }, "fedora-updates": { - "generated": "2021-08-29T18:26:37Z" + "generated": "2021-08-30T20:29:47Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 27ffa77a91..de7b354722 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -52,13 +52,13 @@ "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.16.20-2.fc34.x86_64" + "evra": "32:9.16.20-3.fc34.x86_64" }, "bind-license": { - "evra": "32:9.16.20-2.fc34.noarch" + "evra": "32:9.16.20-3.fc34.noarch" }, "bind-utils": { - "evra": "32:9.16.20-2.fc34.x86_64" + "evra": "32:9.16.20-3.fc34.x86_64" }, "bootupd": { "evra": "0.2.5-3.fc34.x86_64" @@ -718,7 +718,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "libsmbclient": { - "evra": "2:4.14.6-0.fc34.x86_64" + "evra": "2:4.14.7-0.fc34.x86_64" }, "libsmbios": { "evra": "2.4.3-2.fc34.x86_64" @@ -796,7 +796,7 @@ "evra": "0.3.2-1.fc34.x86_64" }, "libwbclient": { - "evra": "2:4.14.6-0.fc34.x86_64" + "evra": "2:4.14.7-0.fc34.x86_64" }, "libxcrypt": { "evra": "4.4.25-1.fc34.x86_64" @@ -1027,13 +1027,13 @@ "evra": "2:1.0.1-1.fc34.x86_64" }, "samba-client-libs": { - "evra": "2:4.14.6-0.fc34.x86_64" + "evra": "2:4.14.7-0.fc34.x86_64" }, "samba-common": { - "evra": "2:4.14.6-0.fc34.noarch" + "evra": "2:4.14.7-0.fc34.noarch" }, "samba-common-libs": { - "evra": "2:4.14.6-0.fc34.x86_64" + "evra": "2:4.14.7-0.fc34.x86_64" }, "sed": { "evra": "4.8-7.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-30T18:14:07Z", + "generated": "2021-08-30T20:54:55Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-26T15:08:23Z" + "generated": "2021-08-30T20:35:33Z" }, "fedora-updates": { - "generated": "2021-08-29T18:27:09Z" + "generated": "2021-08-30T20:30:17Z" } } } From 087a0fd5b2f43f04f737b9ea5b235a6ea139d660 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 31 Aug 2021 13:41:53 -0400 Subject: [PATCH 434/489] kola-denylist: extend snooze for the toolbox test registry.fedoraproject.org/fedora-toolbox:36 still doesn't exist. See https://github.com/coreos/fedora-coreos-tracker/issues/926 --- kola-denylist.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kola-denylist.yaml b/kola-denylist.yaml index 7a50c134f8..612265c6f1 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -12,6 +12,6 @@ - openstack - pattern: ext.config.toolbox tracker: https://github.com/coreos/fedora-coreos-tracker/issues/926 - snooze: 2021-09-01 + snooze: 2021-09-15 streams: - rawhide From f009374426384e45ed20633b258c26bc2b6a5695 Mon Sep 17 00:00:00 2001 From: Saqib Ali Date: Thu, 26 Aug 2021 10:41:43 -0400 Subject: [PATCH 435/489] tests: Split up some ro tests and mark tests as non-exclusive Moved 'z-ram is off by default' test from misc-ro and 'setup swap on zram device' from misc-ign-ro into new files under kola/swap. Now misc-ro and misc-ign-ro do not conflict and can be run in one VM after https://github.com/coreos/coreos-assembler/pull/2356 lands. --- tests/kola/misc-ign-ro/config.fcc | 6 ----- tests/kola/misc-ign-ro/test.sh | 10 +-------- tests/kola/misc-ro | 9 +------- .../test.sh | 1 + tests/kola/swap/zram-default | 20 +++++++++++++++++ tests/kola/swap/zram-generator/config.fcc | 10 +++++++++ tests/kola/swap/zram-generator/test.sh | 22 +++++++++++++++++++ 7 files changed, 55 insertions(+), 23 deletions(-) create mode 100755 tests/kola/swap/zram-default create mode 100644 tests/kola/swap/zram-generator/config.fcc create mode 100755 tests/kola/swap/zram-generator/test.sh diff --git a/tests/kola/misc-ign-ro/config.fcc b/tests/kola/misc-ign-ro/config.fcc index dc218a3959..38fc593655 100644 --- a/tests/kola/misc-ign-ro/config.fcc +++ b/tests/kola/misc-ign-ro/config.fcc @@ -8,12 +8,6 @@ storage: # See: https://github.com/containers/container-selinux/issues/135 - path: /etc/kubernetes files: - - path: /etc/systemd/zram-generator.conf - mode: 0644 - contents: - inline: | - # This config file enables a /dev/zram0 device with the default settings - [zram0] - path: /etc/pki/ca-trust/source/anchors/coreos.crt mode: 0644 contents: diff --git a/tests/kola/misc-ign-ro/test.sh b/tests/kola/misc-ign-ro/test.sh index 3713c864ea..010977181e 100755 --- a/tests/kola/misc-ign-ro/test.sh +++ b/tests/kola/misc-ign-ro/test.sh @@ -1,4 +1,5 @@ #!/bin/bash +# kola: { "exclusive": false } set -xeuo pipefail ok() { @@ -10,15 +11,6 @@ fatal() { exit 1 } -# This test makes sure that swap on zram devices can be set up -# using the zram-generator as defined in the docs at -# https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-configure-swaponzram/ - -if ! grep -q 'zram0' /proc/swaps; then - fatal "expected zram0 to be set up" -fi -ok "swap on zram was set up correctly" - # Make sure that coreos-update-ca-trust kicked in and observe the result. if ! systemctl show coreos-update-ca-trust.service -p ActiveState | grep ActiveState=active; then fatal "coreos-update-ca-trust.service not active" diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index a900d63e72..0ada885cef 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -1,4 +1,5 @@ #!/bin/bash +# kola: { "exclusive": false } # This is a place to put random quick read-only tests. set -xeuo pipefail @@ -134,14 +135,6 @@ if [ ! -f /usr/share/rpm/rpmdb.sqlite ]; then fi ok rpmdb is sqlite -# make sure we don't default to having swap on zram -# https://github.com/coreos/fedora-coreos-tracker/issues/509 -# https://github.com/coreos/fedora-coreos-config/pull/687 -if [ -e /dev/zram0 ]; then - fatal "zram0 swap device set up on default install" -fi -ok no zram swap by default - # make sure dnsmasq is masked # https://github.com/coreos/fedora-coreos-tracker/issues/519#issuecomment-705140528 if [ $(systemctl is-enabled dnsmasq.service) != 'masked' ]; then diff --git a/tests/kola/networking/no-default-initramfs-net-propagation/test.sh b/tests/kola/networking/no-default-initramfs-net-propagation/test.sh index 4a44f2e729..bee179a59f 100755 --- a/tests/kola/networking/no-default-initramfs-net-propagation/test.sh +++ b/tests/kola/networking/no-default-initramfs-net-propagation/test.sh @@ -1,4 +1,5 @@ #!/bin/bash +# kola: { "exclusive": false } set -xeuo pipefail # With pure network defaults no networking should have been propagated diff --git a/tests/kola/swap/zram-default b/tests/kola/swap/zram-default new file mode 100755 index 0000000000..c380b4dacf --- /dev/null +++ b/tests/kola/swap/zram-default @@ -0,0 +1,20 @@ +#!/bin/bash +# kola: { "exclusive": false } +set -xeuo pipefail + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +# make sure we don't default to having swap on zram +# https://github.com/coreos/fedora-coreos-tracker/issues/509 +# https://github.com/coreos/fedora-coreos-config/pull/687 +if [ -e /dev/zram0 ]; then + fatal "zram0 swap device set up on default install" +fi +ok no zram swap by default diff --git a/tests/kola/swap/zram-generator/config.fcc b/tests/kola/swap/zram-generator/config.fcc new file mode 100644 index 0000000000..244d4a159c --- /dev/null +++ b/tests/kola/swap/zram-generator/config.fcc @@ -0,0 +1,10 @@ +variant: fcos +version: 1.2.0 +storage: + files: + - path: /etc/systemd/zram-generator.conf + mode: 0644 + contents: + inline: | + # This config file enables a /dev/zram0 device with the default settings + [zram0] \ No newline at end of file diff --git a/tests/kola/swap/zram-generator/test.sh b/tests/kola/swap/zram-generator/test.sh new file mode 100755 index 0000000000..e356b98fdb --- /dev/null +++ b/tests/kola/swap/zram-generator/test.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# This test conflicts with swap/zram-default so we cannot set this to non-exclusive +# kola: { "exclusive": true} +set -xeuo pipefail + +ok() { + echo "ok" "$@" + } + +fatal() { + echo "$@" >&2 + exit 1 + } + +# This test makes sure that swap on zram devices can be set up +# using the zram-generator as defined in the docs at +# https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-configure-swaponzram/ + +if ! grep -q 'zram0' /proc/swaps; then + fatal "expected zram0 to be set up" +fi +ok "swap on zram was set up correctly" \ No newline at end of file From 6e670ac4ec11d8a7bb95a79399aaf17c766e7fc5 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 1 Sep 2021 21:27:20 +0000 Subject: [PATCH 436/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/430/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 22 +++++++++++----------- manifest-lock.x86_64.json | 22 +++++++++++----------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index e2e6bf2f77..3988f0aa55 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -64,7 +64,7 @@ "evra": "0.2.5-3.fc34.aarch64" }, "bsdtar": { - "evra": "3.5.1-2.fc34.aarch64" + "evra": "3.5.2-2.fc34.aarch64" }, "btrfs-progs": { "evra": "5.13.1-1.fc34.aarch64" @@ -448,7 +448,7 @@ "evra": "0.14-8.fc34.aarch64" }, "json-glib": { - "evra": "1.6.4-1.fc34.aarch64" + "evra": "1.6.6-1.fc34.aarch64" }, "kbd": { "evra": "2.4.0-2.fc34.aarch64" @@ -496,7 +496,7 @@ "evra": "0.3.111-11.fc34.aarch64" }, "libarchive": { - "evra": "3.5.1-2.fc34.aarch64" + "evra": "3.5.2-2.fc34.aarch64" }, "libargon2": { "evra": "20171227-6.fc34.aarch64" @@ -877,7 +877,7 @@ "evra": "1:2.5.4-0.fc34.aarch64" }, "nftables": { - "evra": "1:0.9.8-2.fc34.aarch64" + "evra": "1:0.9.8-3.fc34.aarch64" }, "npth": { "evra": "1.6-6.fc34.aarch64" @@ -907,10 +907,10 @@ "evra": "8.6p1-3.fc34.aarch64" }, "openssl": { - "evra": "1:1.1.1k-1.fc34.aarch64" + "evra": "1:1.1.1l-1.fc34.aarch64" }, "openssl-libs": { - "evra": "1:1.1.1k-1.fc34.aarch64" + "evra": "1:1.1.1l-1.fc34.aarch64" }, "os-prober": { "evra": "1.77-7.fc34.aarch64" @@ -955,10 +955,10 @@ "evra": "1.7.3-6.fc34.aarch64" }, "podman": { - "evra": "3:3.3.0-1.fc34.aarch64" + "evra": "3:3.3.1-1.fc34.aarch64" }, "podman-plugins": { - "evra": "3:3.3.0-1.fc34.aarch64" + "evra": "3:3.3.1-1.fc34.aarch64" }, "policycoreutils": { "evra": "3.2-1.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-08-30T20:54:58Z", + "generated": "2021-09-01T20:54:47Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-30T20:31:42Z" + "generated": "2021-08-31T20:05:25Z" }, "fedora-updates": { - "generated": "2021-08-30T20:29:47Z" + "generated": "2021-09-01T20:13:17Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index de7b354722..9bbbd0797f 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -64,7 +64,7 @@ "evra": "0.2.5-3.fc34.x86_64" }, "bsdtar": { - "evra": "3.5.1-2.fc34.x86_64" + "evra": "3.5.2-2.fc34.x86_64" }, "btrfs-progs": { "evra": "5.13.1-1.fc34.x86_64" @@ -454,7 +454,7 @@ "evra": "0.14-8.fc34.x86_64" }, "json-glib": { - "evra": "1.6.4-1.fc34.x86_64" + "evra": "1.6.6-1.fc34.x86_64" }, "kbd": { "evra": "2.4.0-2.fc34.x86_64" @@ -502,7 +502,7 @@ "evra": "0.3.111-11.fc34.x86_64" }, "libarchive": { - "evra": "3.5.1-2.fc34.x86_64" + "evra": "3.5.2-2.fc34.x86_64" }, "libargon2": { "evra": "20171227-6.fc34.x86_64" @@ -889,7 +889,7 @@ "evra": "1:2.5.4-0.fc34.x86_64" }, "nftables": { - "evra": "1:0.9.8-2.fc34.x86_64" + "evra": "1:0.9.8-3.fc34.x86_64" }, "npth": { "evra": "1.6-6.fc34.x86_64" @@ -919,10 +919,10 @@ "evra": "8.6p1-3.fc34.x86_64" }, "openssl": { - "evra": "1:1.1.1k-1.fc34.x86_64" + "evra": "1:1.1.1l-1.fc34.x86_64" }, "openssl-libs": { - "evra": "1:1.1.1k-1.fc34.x86_64" + "evra": "1:1.1.1l-1.fc34.x86_64" }, "os-prober": { "evra": "1.77-7.fc34.x86_64" @@ -967,10 +967,10 @@ "evra": "1.7.3-6.fc34.x86_64" }, "podman": { - "evra": "3:3.3.0-1.fc34.x86_64" + "evra": "3:3.3.1-1.fc34.x86_64" }, "podman-plugins": { - "evra": "3:3.3.0-1.fc34.x86_64" + "evra": "3:3.3.1-1.fc34.x86_64" }, "policycoreutils": { "evra": "3.2-1.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-08-30T20:54:55Z", + "generated": "2021-09-01T20:54:51Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-30T20:35:33Z" + "generated": "2021-08-31T20:05:07Z" }, "fedora-updates": { - "generated": "2021-08-30T20:30:17Z" + "generated": "2021-09-01T20:13:47Z" } } } From f812f64a40a0b86671172e42a747bce69cef880a Mon Sep 17 00:00:00 2001 From: gursewak1997 Date: Wed, 1 Sep 2021 06:18:02 +0000 Subject: [PATCH 437/489] tests/kola/podman/dns: Added test for DNS in rootless podman network Original Issue: https://github.com/coreos/fedora-coreos-tracker/issues/923 Fixes: https://github.com/coreos/fedora-coreos-config/issues/1180 --- tests/kola/podman/dns/test.sh | 42 +++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100755 tests/kola/podman/dns/test.sh diff --git a/tests/kola/podman/dns/test.sh b/tests/kola/podman/dns/test.sh new file mode 100755 index 0000000000..52087c951f --- /dev/null +++ b/tests/kola/podman/dns/test.sh @@ -0,0 +1,42 @@ +#!/bin/bash +set -xeuo pipefail + +# Tests that rootless podman containers can DNS resolve external domains. +# https://github.com/coreos/fedora-coreos-tracker/issues/923 +# kola: { "tags": "needs-internet", "platforms": "qemu-unpriv", "exclusive": false} + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +runascoreuserscript=' +#!/bin/bash +set -euxo pipefail + +podman network create testnetwork +podman run --rm -t --network=testnetwork registry.fedoraproject.org/fedora:34 getent hosts google.com +podman network rm testnetwork +' + +runascoreuser() { + # NOTE: If we don't use `| cat` the output won't get copied + # and won't show up in the output of the ext test. + sudo -u core "$@" | cat +} + +main() { + echo "$runascoreuserscript" > /tmp/runascoreuserscript + chmod +x /tmp/runascoreuserscript + if ! runascoreuser /tmp/runascoreuserscript ; then + fatal "DNS in rootless podman testnetwork failed. Test Fails" + else + ok "DNS in rootless podman testnetwork Suceeded. Test Passes" + fi +} + +main \ No newline at end of file From b937219c697f41c934cff0abff02c56cee36fd02 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 3 Sep 2021 21:24:39 +0000 Subject: [PATCH 438/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/432/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 16 ++++++++-------- manifest-lock.x86_64.json | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 3988f0aa55..030ed57187 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -166,7 +166,7 @@ "evra": "3.15-3.fc34.aarch64" }, "crun": { - "evra": "0.21-1.fc34.aarch64" + "evra": "1.0-1.fc34.aarch64" }, "crypto-policies": { "evra": "20210213-1.git5c710c0.fc34.noarch" @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.12-200.fc34.aarch64" + "evra": "5.13.13-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.12-200.fc34.aarch64" + "evra": "5.13.13-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.12-200.fc34.aarch64" + "evra": "5.13.13-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -1051,7 +1051,7 @@ "evra": "15.4-4.aarch64" }, "skopeo": { - "evra": "1:1.4.0-2.fc34.aarch64" + "evra": "1:1.4.1-1.fc34.aarch64" }, "slang": { "evra": "2.3.2-9.fc34.aarch64" @@ -1144,7 +1144,7 @@ "evra": "2.36.2-1.fc34.aarch64" }, "vim-minimal": { - "evra": "2:8.2.3367-1.fc34.aarch64" + "evra": "2:8.2.3391-1.fc34.aarch64" }, "which": { "evra": "2.21-26.fc34.aarch64" @@ -1178,7 +1178,7 @@ } }, "metadata": { - "generated": "2021-09-01T20:54:47Z", + "generated": "2021-09-03T20:54:17Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" @@ -1187,7 +1187,7 @@ "generated": "2021-08-31T20:05:25Z" }, "fedora-updates": { - "generated": "2021-09-01T20:13:17Z" + "generated": "2021-09-02T23:33:12Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 9bbbd0797f..4a2f63c9e6 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -166,7 +166,7 @@ "evra": "3.15-3.fc34.x86_64" }, "crun": { - "evra": "0.21-1.fc34.x86_64" + "evra": "1.0-1.fc34.x86_64" }, "crypto-policies": { "evra": "20210213-1.git5c710c0.fc34.noarch" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.12-200.fc34.x86_64" + "evra": "5.13.13-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.12-200.fc34.x86_64" + "evra": "5.13.13-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.12-200.fc34.x86_64" + "evra": "5.13.13-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1063,7 +1063,7 @@ "evra": "15.4-4.x86_64" }, "skopeo": { - "evra": "1:1.4.0-2.fc34.x86_64" + "evra": "1:1.4.1-1.fc34.x86_64" }, "slang": { "evra": "2.3.2-9.fc34.x86_64" @@ -1156,7 +1156,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3367-1.fc34.x86_64" + "evra": "2:8.2.3391-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1190,7 +1190,7 @@ } }, "metadata": { - "generated": "2021-09-01T20:54:51Z", + "generated": "2021-09-03T20:53:58Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1199,7 +1199,7 @@ "generated": "2021-08-31T20:05:07Z" }, "fedora-updates": { - "generated": "2021-09-01T20:13:47Z" + "generated": "2021-09-02T23:33:42Z" } } } From 4076b2bdfc7efe30df166cfd231952edd294b7e1 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 4 Sep 2021 21:23:59 +0000 Subject: [PATCH 439/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/433/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 10 +++++----- manifest-lock.x86_64.json | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 030ed57187..3d2577c634 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -127,7 +127,7 @@ "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.164.2-1.fc34.noarch" + "evra": "2:2.167.0-1.fc34.noarch" }, "containerd": { "evra": "1.5.5-1.fc34.aarch64" @@ -1000,10 +1000,10 @@ "evra": "4.16.1.3-1.fc34.aarch64" }, "rpm-ostree": { - "evra": "2021.7-1.fc34.aarch64" + "evra": "2021.10-2.fc34.aarch64" }, "rpm-ostree-libs": { - "evra": "2021.7-1.fc34.aarch64" + "evra": "2021.10-2.fc34.aarch64" }, "rpm-plugin-selinux": { "evra": "4.16.1.3-1.fc34.aarch64" @@ -1178,7 +1178,7 @@ } }, "metadata": { - "generated": "2021-09-03T20:54:17Z", + "generated": "2021-09-04T20:53:53Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" @@ -1187,7 +1187,7 @@ "generated": "2021-08-31T20:05:25Z" }, "fedora-updates": { - "generated": "2021-09-02T23:33:12Z" + "generated": "2021-09-04T19:25:44Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 4a2f63c9e6..9fb0804e93 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -127,7 +127,7 @@ "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.164.2-1.fc34.noarch" + "evra": "2:2.167.0-1.fc34.noarch" }, "containerd": { "evra": "1.5.5-1.fc34.x86_64" @@ -1012,10 +1012,10 @@ "evra": "4.16.1.3-1.fc34.x86_64" }, "rpm-ostree": { - "evra": "2021.7-1.fc34.x86_64" + "evra": "2021.10-2.fc34.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.7-1.fc34.x86_64" + "evra": "2021.10-2.fc34.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.3-1.fc34.x86_64" @@ -1190,7 +1190,7 @@ } }, "metadata": { - "generated": "2021-09-03T20:53:58Z", + "generated": "2021-09-04T20:53:47Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1199,7 +1199,7 @@ "generated": "2021-08-31T20:05:07Z" }, "fedora-updates": { - "generated": "2021-09-02T23:33:42Z" + "generated": "2021-09-04T19:26:13Z" } } } From 907ed41048455ce31af23617272e767ae880c537 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 6 Sep 2021 20:54:50 +0000 Subject: [PATCH 440/489] lockfiles: bump timestamp Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/438/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 6 +++--- manifest-lock.x86_64.json | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 3d2577c634..1d29b7fbf0 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-04T20:53:53Z", + "generated": "2021-09-06T20:54:30Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-08-31T20:05:25Z" + "generated": "2021-09-06T17:41:54Z" }, "fedora-updates": { - "generated": "2021-09-04T19:25:44Z" + "generated": "2021-09-05T21:01:01Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 9fb0804e93..38a8d4ffd1 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-04T20:53:47Z", + "generated": "2021-09-06T20:54:07Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-08-31T20:05:07Z" + "generated": "2021-09-06T17:46:59Z" }, "fedora-updates": { - "generated": "2021-09-04T19:26:13Z" + "generated": "2021-09-05T21:01:31Z" } } } From 3118627099ea056c93c3e8d204c8971bf94eb473 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 7 Sep 2021 21:44:23 +0000 Subject: [PATCH 441/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/439/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 6 +++--- manifest-lock.x86_64.json | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 1d29b7fbf0..930a76b12b 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -1144,7 +1144,7 @@ "evra": "2.36.2-1.fc34.aarch64" }, "vim-minimal": { - "evra": "2:8.2.3391-1.fc34.aarch64" + "evra": "2:8.2.3404-1.fc34.aarch64" }, "which": { "evra": "2.21-26.fc34.aarch64" @@ -1178,7 +1178,7 @@ } }, "metadata": { - "generated": "2021-09-06T20:54:30Z", + "generated": "2021-09-07T20:54:56Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" @@ -1187,7 +1187,7 @@ "generated": "2021-09-06T17:41:54Z" }, "fedora-updates": { - "generated": "2021-09-05T21:01:01Z" + "generated": "2021-09-07T16:18:25Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 38a8d4ffd1..2288804ff8 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1156,7 +1156,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "vim-minimal": { - "evra": "2:8.2.3391-1.fc34.x86_64" + "evra": "2:8.2.3404-1.fc34.x86_64" }, "which": { "evra": "2.21-26.fc34.x86_64" @@ -1190,7 +1190,7 @@ } }, "metadata": { - "generated": "2021-09-06T20:54:07Z", + "generated": "2021-09-07T20:54:47Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1199,7 +1199,7 @@ "generated": "2021-09-06T17:46:59Z" }, "fedora-updates": { - "generated": "2021-09-05T21:01:31Z" + "generated": "2021-09-07T16:18:54Z" } } } From cf80842315397472e53149fb0d527a01709449be Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 7 Sep 2021 14:59:00 -0400 Subject: [PATCH 442/489] ci: use coreos-ci-lib wrapper for kola testiso This adds iso-live-login and iso-as-disk scenarios, plus tests on metal4k, multipath, and UEFI. It also drops the iso-install scenario, which isn't a typical use case for FCOS. --- .cci.jenkinsfile | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index ec9517e6c3..911e1936f3 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -45,13 +45,7 @@ cosaPod { stage("Test ISO") { shwrap("cd /srv/fcos && cosa buildextend-live") - try { - shwrap("cd /srv/fcos && kola testiso -S --scenarios pxe-install,pxe-offline-install,iso-install --output-dir tmp/kola-testiso") - shwrap("cd /srv/fcos && kola testiso -S --scenarios iso-offline-install --qemu-multipath --output-dir tmp/kola-testiso-mpath") - } finally { - shwrap("cd /srv/fcos && tar -cf - tmp/kola-testiso/ tmp/kola-testiso-mpath/ | xz -c9 > ${env.WORKSPACE}/kola-testiso.tar.xz") - archiveArtifacts allowEmptyArchive: true, artifacts: 'kola-testiso.tar.xz' - } + fcosKolaTestIso(cosaDir: "/srv/fcos", extraArgs4k: "--no-pxe") } // also print the pkgdiff as a separate stage to make it more visible From 82859cbc47bdd0b13d61583431f82fb9456dfb49 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 7 Sep 2021 15:02:49 -0400 Subject: [PATCH 443/489] ci: run kola basic scenarios This gets us UEFI boot testing with the bare-metal image (not just the ISO), plus an NVMe boot test. --- .cci.jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index 911e1936f3..420ca37951 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -35,7 +35,8 @@ cosaPod { if (env.CHANGE_TARGET in mechanical_streams) { no_strict_build = true } - fcosBuild(skipInit: true, noStrict: no_strict_build, extraFetchArgs: '--with-cosa-overrides', extraArgs: parent_arg) + fcosBuild(skipInit: true, skipKola: true, noStrict: no_strict_build, extraFetchArgs: '--with-cosa-overrides', extraArgs: parent_arg) + fcosKola(basicScenarios: true) parallel metal: { shwrap("cd /srv/fcos && cosa buildextend-metal") From 259e71b2ef7d39d78396d6f8d4ae24fffe844339 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 8 Sep 2021 21:25:19 +0000 Subject: [PATCH 444/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/440/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 18 +++++++++--------- manifest-lock.x86_64.json | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 930a76b12b..230263edd8 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -154,10 +154,10 @@ "evra": "2.13-10.fc34.aarch64" }, "cracklib": { - "evra": "2.9.6-25.fc34.aarch64" + "evra": "2.9.6-27.fc34.aarch64" }, "cracklib-dicts": { - "evra": "2.9.6-25.fc34.aarch64" + "evra": "2.9.6-27.fc34.aarch64" }, "criu": { "evra": "3.15-3.fc34.aarch64" @@ -244,7 +244,7 @@ "evra": "1.45.6-5.fc34.aarch64" }, "efi-filesystem": { - "evra": "5-2.fc34.noarch" + "evra": "5-4.fc34.noarch" }, "efibootmgr": { "evra": "16-10.fc34.aarch64" @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.13-200.fc34.aarch64" + "evra": "5.13.14-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.13-200.fc34.aarch64" + "evra": "5.13.14-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.13-200.fc34.aarch64" + "evra": "5.13.14-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-07T20:54:56Z", + "generated": "2021-09-08T20:54:41Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-06T17:41:54Z" + "generated": "2021-09-07T21:50:41Z" }, "fedora-updates": { - "generated": "2021-09-07T16:18:25Z" + "generated": "2021-09-08T14:54:07Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2288804ff8..3500a53336 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -154,10 +154,10 @@ "evra": "2.13-10.fc34.x86_64" }, "cracklib": { - "evra": "2.9.6-25.fc34.x86_64" + "evra": "2.9.6-27.fc34.x86_64" }, "cracklib-dicts": { - "evra": "2.9.6-25.fc34.x86_64" + "evra": "2.9.6-27.fc34.x86_64" }, "criu": { "evra": "3.15-3.fc34.x86_64" @@ -244,7 +244,7 @@ "evra": "1.45.6-5.fc34.x86_64" }, "efi-filesystem": { - "evra": "5-2.fc34.noarch" + "evra": "5-4.fc34.noarch" }, "efibootmgr": { "evra": "16-10.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.13-200.fc34.x86_64" + "evra": "5.13.14-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.13-200.fc34.x86_64" + "evra": "5.13.14-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.13-200.fc34.x86_64" + "evra": "5.13.14-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-07T20:54:47Z", + "generated": "2021-09-08T20:54:33Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-06T17:46:59Z" + "generated": "2021-09-07T21:53:50Z" }, "fedora-updates": { - "generated": "2021-09-07T16:18:54Z" + "generated": "2021-09-08T14:54:37Z" } } } From 3dafafcc3d1f2afdb8672962b7d1dabbb3b374e7 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 8 Sep 2021 14:04:04 -0400 Subject: [PATCH 445/489] tests/misc-ro: check initrd for non-executable scripts If a script is committed to Git without +x, Dracut will happily install it into the initrd without +x. Add a simple check for this. --- tests/kola/misc-ro | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 0ada885cef..05d91c2927 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -189,3 +189,12 @@ if ! systemctl show -p ActiveState network-online.target | grep -q ActiveState=i fatal "Unit network-online.target shouldn't be active" fi ok "unit network-online.target inactive" + +# It's easy for dracut modules to accidentally ship scripts without +x set +tmpd=$(mktemp -d) +( cd ${tmpd} && lsinitrd --unpack /boot/ostree/*/init* ) +if find ${tmpd}/usr/{bin,sbin,libexec} ! -perm -0111 | grep -v clevis-luks-common-functions; then + fatal "Found non-executable scripts in initrd" +fi +rm -r ${tmpd} +ok "All initrd scripts are executable" From eb9390f5abf295ed3970262307dd8194f05a36f2 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 9 Sep 2021 21:25:29 +0000 Subject: [PATCH 446/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/441/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 10 +++++----- manifest-lock.x86_64.json | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 230263edd8..9adfc498c9 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -1027,10 +1027,10 @@ "evra": "4.8-7.fc34.aarch64" }, "selinux-policy": { - "evra": "34.16-1.fc34.noarch" + "evra": "34.18-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.16-1.fc34.noarch" + "evra": "34.18-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-08T20:54:41Z", + "generated": "2021-09-09T20:53:52Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-07T21:50:41Z" + "generated": "2021-09-08T21:34:22Z" }, "fedora-updates": { - "generated": "2021-09-08T14:54:07Z" + "generated": "2021-09-09T17:25:41Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 3500a53336..90dba19d61 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1039,10 +1039,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.16-1.fc34.noarch" + "evra": "34.18-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.16-1.fc34.noarch" + "evra": "34.18-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-08T20:54:33Z", + "generated": "2021-09-09T20:53:46Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-07T21:53:50Z" + "generated": "2021-09-08T21:37:25Z" }, "fedora-updates": { - "generated": "2021-09-08T14:54:37Z" + "generated": "2021-09-09T17:26:22Z" } } } From a2aef3ee6194dcba0d9c507a3479a393d7787844 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 10 Sep 2021 04:16:07 -0400 Subject: [PATCH 447/489] 05core/coreos-liveiso-success: fix hang with systemd 239 RHEL 8 has systemd 239, which has https://github.com/systemd/systemd/issues/9374. As a result, "journalctl -f ... | head -1" hangs because journalctl doesn't properly exit. Rewrite the check to call loginctl once per second until it finds a session. This approach is uglier, but the service only runs in the live ISO, on QEMU, when there's no Ignition config, and when kola's virtio port is open, so the minimal extra overhead shouldn't affect production systems. Fixes the kola testiso iso-live-login scenario in RHCOS. --- .../systemd/system/coreos-liveiso-success.service | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service b/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service index a3db8673a6..d148d12cb2 100644 --- a/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service +++ b/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service @@ -15,15 +15,12 @@ ConditionPathExists=/dev/virtio-ports/coreos.liveiso-success [Service] Type=simple -# https://stackoverflow.com/questions/44358723/systemd-unit-file-problems-with-tr -IgnoreSIGPIPE=false -# See https://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-messages.h for the MESSAGE_ID source. -# The logic here is that we're doing a streaming journalctl query (-f to follow) -# and the `| head` bit will cause the pipeline to wait until at least one line is -# emitted, which will happen when a user login starts. We then just write a static -# message to the virtio channel, which https://github.com/coreos/coreos-assembler/pull/1330 -# knows how to read. -ExecStart=/bin/sh -c 'journalctl -b -q -f --no-tail -o cat -u systemd-logind.service MESSAGE_ID=8d45620c1a4348dbb17410da57c60c66 | head -1; echo coreos-liveiso-success > /dev/virtio-ports/coreos.liveiso-success' +# Wait for a user session to start, then write a static message to the +# virtio channel, which https://github.com/coreos/coreos-assembler/pull/1330 +# knows how to read. We previously did "journalctl -f ... | head -1" here, +# but RHEL 8 has systemd 239, which has +# https://github.com/systemd/systemd/issues/9374. +ExecStart=/bin/sh -c 'while [ -z "$(loginctl list-sessions --no-legend)" ]; do sleep 1; done; echo coreos-liveiso-success > /dev/virtio-ports/coreos.liveiso-success' [Install] WantedBy=multi-user.target From 79db27dc8f39e8933d243d6d66678ce951a586e8 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 3 Aug 2021 14:26:03 -0400 Subject: [PATCH 448/489] manifests/fedora-coreos-base: stop disabling modular repos The latest rpm-ostree release now has proper support for modules. It will not layer modular packages unless explicitly enabled. So let's stop disabling the repos so e.g. `rpm-ostree ex module install cri-o:1.20` alone just works. --- manifests/fedora-coreos-base.yaml | 10 ---------- tests/kola/misc-ro | 3 +++ 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 581845dfa5..2b1690050b 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -49,16 +49,6 @@ rpmdb: sqlite # âš âš âš  ONLY TEMPORARY HACKS ALLOWED HERE; ALL ENTRIES NEED TRACKER LINKS âš âš âš  # See also the version of this in fedora-coreos.yaml postprocess: - # This will be dropped once rpm-ostree because module-aware. - # https://github.com/projectatomic/rpm-ostree/issues/1542#issuecomment-419684977 - # https://github.com/projectatomic/rpm-ostree/issues/1435 - - | - #!/usr/bin/env bash - set -xeuo pipefail - for x in /etc/yum.repos.d/*modular.repo; do - sed -i -e 's,enabled=[01],enabled=0,' ${x} - done - # Enable SELinux booleans used by OpenShift # https://github.com/coreos/fedora-coreos-tracker/issues/284 - | diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 05d91c2927..bdfec9bbb7 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -198,3 +198,6 @@ if find ${tmpd}/usr/{bin,sbin,libexec} ! -perm -0111 | grep -v clevis-luks-commo fi rm -r ${tmpd} ok "All initrd scripts are executable" + +rpm-ostree ex module install cri-o:1.20/default --dry-run +ok "basic modularity support" From e5afac98b251aa32632116c13204bee888eca09d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 30 Aug 2021 18:03:24 -0400 Subject: [PATCH 449/489] tests/countme: add support for 4/4 successful requests Now that we have the modular repos enabled we need to handle this case. --- tests/kola/rpm-ostree-countme/test.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/kola/rpm-ostree-countme/test.sh b/tests/kola/rpm-ostree-countme/test.sh index 4c26a8f7a5..e90d8274a8 100755 --- a/tests/kola/rpm-ostree-countme/test.sh +++ b/tests/kola/rpm-ostree-countme/test.sh @@ -56,7 +56,8 @@ for i in $(seq 1 5); do # Depending on the stream, we expect different numbers of countme-enabled repos if [[ "${output}" != "Successful requests: 1/1" ]] && \ [[ "${output}" != "Successful requests: 2/2" ]] && \ - [[ "${output}" != "Successful requests: 3/3" ]]; then + [[ "${output}" != "Successful requests: 3/3" ]] && \ + [[ "${output}" != "Successful requests: 4/4" ]]; then echo "rpm-ostree-countme service ouput does not match expected sucess output (try: $i):" echo "${output}" sleep 10 From 20c6a46f07388c1bfe03ef6aed00f4a4001d0422 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 10 Sep 2021 13:06:04 -0400 Subject: [PATCH 450/489] Revert "ci: run kola basic scenarios" coreos-ci-lib does this by default as of https://github.com/coreos/coreos-ci-lib/pull/91. This reverts commit 82859cbc47bdd0b13d61583431f82fb9456dfb49. --- .cci.jenkinsfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index 420ca37951..911e1936f3 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -35,8 +35,7 @@ cosaPod { if (env.CHANGE_TARGET in mechanical_streams) { no_strict_build = true } - fcosBuild(skipInit: true, skipKola: true, noStrict: no_strict_build, extraFetchArgs: '--with-cosa-overrides', extraArgs: parent_arg) - fcosKola(basicScenarios: true) + fcosBuild(skipInit: true, noStrict: no_strict_build, extraFetchArgs: '--with-cosa-overrides', extraArgs: parent_arg) parallel metal: { shwrap("cd /srv/fcos && cosa buildextend-metal") From 7a952a50baf46757b69ef43f4189370ef0f77863 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 10 Sep 2021 15:14:42 -0400 Subject: [PATCH 451/489] tests: enhance ext.config.rpm-ostree-countme test Instead of hardcoding a list of the same string for different values of N, just teach it to look for N/N for any value. --- tests/kola/rpm-ostree-countme/test.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/tests/kola/rpm-ostree-countme/test.sh b/tests/kola/rpm-ostree-countme/test.sh index e90d8274a8..90d3f70950 100755 --- a/tests/kola/rpm-ostree-countme/test.sh +++ b/tests/kola/rpm-ostree-countme/test.sh @@ -53,12 +53,17 @@ for i in $(seq 1 5); do # Check rpm-ostree count me output output="$(journal_after_cursor)" - # Depending on the stream, we expect different numbers of countme-enabled repos - if [[ "${output}" != "Successful requests: 1/1" ]] && \ - [[ "${output}" != "Successful requests: 2/2" ]] && \ - [[ "${output}" != "Successful requests: 3/3" ]] && \ - [[ "${output}" != "Successful requests: 4/4" ]]; then - echo "rpm-ostree-countme service ouput does not match expected sucess output (try: $i):" + trimmed=${output##Successful requests: } + if [[ ! $trimmed =~ ^[0-9]+/[0-9]+$ ]]; then + echo "rpm-ostree-countme service output does not match expected success output (try: $i):" + echo "${output}" + sleep 10 + continue + fi + tries=${trimmed%%/*} + total=${trimmed##*/} + if [ "${tries}" != "${total}" ]; then + echo "rpm-ostree-countme service output shows failed requests (try: $i):" echo "${output}" sleep 10 continue From 00dc7ae413e95905c4c39c9bc00e30970a2cbbed Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 10 Sep 2021 16:02:30 -0400 Subject: [PATCH 452/489] tests/misc-ro: drop `rpm-ostree ex module install` test Thought this was cool to have here, but first it needs Internet, which the rest of `misc-ro` doesn't so far which is nice. And second each Fedora version has different stream versions so the matrix is slightly trickier. I think I'll put it in the rpm-ostree testsuite instead. Anyway if we really go the modularity route for cri-o, ideally we'd have some k8s testing going on in CI here on top of OKD or Typhoon, and then this will implicitly be tested. --- tests/kola/misc-ro | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index bdfec9bbb7..05d91c2927 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -198,6 +198,3 @@ if find ${tmpd}/usr/{bin,sbin,libexec} ! -perm -0111 | grep -v clevis-luks-commo fi rm -r ${tmpd} ok "All initrd scripts are executable" - -rpm-ostree ex module install cri-o:1.20/default --dry-run -ok "basic modularity support" From 9010346229befadbe8a64196e09b3d5d514f3670 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 11 Sep 2021 21:29:53 +0000 Subject: [PATCH 453/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/443/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 8 ++++---- manifest-lock.x86_64.json | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 9adfc498c9..7351d9fa4a 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -1126,7 +1126,7 @@ "evra": "1.31-3.fc34.aarch64" }, "toolbox": { - "evra": "0.0.99.2-1.fc34.aarch64" + "evra": "0.0.99.2-7.fc34.aarch64" }, "tpm2-tools": { "evra": "5.1.1-1.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-09T20:53:52Z", + "generated": "2021-09-11T20:54:38Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-08T21:34:22Z" + "generated": "2021-09-10T16:10:28Z" }, "fedora-updates": { - "generated": "2021-09-09T17:25:41Z" + "generated": "2021-09-10T15:52:45Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 90dba19d61..2049fc5ef4 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1138,7 +1138,7 @@ "evra": "1.31-3.fc34.x86_64" }, "toolbox": { - "evra": "0.0.99.2-1.fc34.x86_64" + "evra": "0.0.99.2-7.fc34.x86_64" }, "tpm2-tools": { "evra": "5.1.1-1.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-09T20:53:46Z", + "generated": "2021-09-11T20:54:24Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-08T21:37:25Z" + "generated": "2021-09-10T16:12:00Z" }, "fedora-updates": { - "generated": "2021-09-09T17:26:22Z" + "generated": "2021-09-10T15:53:14Z" } } } From 5e5ae5f4e2508958d5a10da8b1926ca591011fb3 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 13 Sep 2021 21:47:15 +0000 Subject: [PATCH 454/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/448/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 10 +++++----- manifest-lock.x86_64.json | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 7351d9fa4a..cfaf02a64d 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -1027,10 +1027,10 @@ "evra": "4.8-7.fc34.aarch64" }, "selinux-policy": { - "evra": "34.18-1.fc34.noarch" + "evra": "34.19-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.18-1.fc34.noarch" + "evra": "34.19-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-11T20:54:38Z", + "generated": "2021-09-13T20:54:24Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-10T16:10:28Z" + "generated": "2021-09-11T21:37:55Z" }, "fedora-updates": { - "generated": "2021-09-10T15:52:45Z" + "generated": "2021-09-13T14:28:47Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 2049fc5ef4..ffe4ba411b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1039,10 +1039,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.18-1.fc34.noarch" + "evra": "34.19-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.18-1.fc34.noarch" + "evra": "34.19-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-11T20:54:24Z", + "generated": "2021-09-13T20:54:14Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-10T16:12:00Z" + "generated": "2021-09-11T21:38:59Z" }, "fedora-updates": { - "generated": "2021-09-10T15:53:14Z" + "generated": "2021-09-13T14:29:16Z" } } } From 3aeb748db32cc090f6190d4a5acc3e46f569668b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 14 Sep 2021 16:03:31 +0000 Subject: [PATCH 455/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/450/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 12 ++++++------ manifest-lock.x86_64.json | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index cfaf02a64d..30bda6663e 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.14-200.fc34.aarch64" + "evra": "5.13.15-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.14-200.fc34.aarch64" + "evra": "5.13.15-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.14-200.fc34.aarch64" + "evra": "5.13.15-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-13T20:54:24Z", + "generated": "2021-09-14T15:01:51Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-11T21:37:55Z" + "generated": "2021-09-13T21:55:30Z" }, "fedora-updates": { - "generated": "2021-09-13T14:28:47Z" + "generated": "2021-09-14T14:49:53Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index ffe4ba411b..432b53b60c 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.14-200.fc34.x86_64" + "evra": "5.13.15-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.14-200.fc34.x86_64" + "evra": "5.13.15-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.14-200.fc34.x86_64" + "evra": "5.13.15-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-13T20:54:14Z", + "generated": "2021-09-14T15:02:43Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-11T21:38:59Z" + "generated": "2021-09-13T22:00:15Z" }, "fedora-updates": { - "generated": "2021-09-13T14:29:16Z" + "generated": "2021-09-14T14:50:23Z" } } } From 456338800dd46a02b53de91f36294024f44a0c91 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 15 Sep 2021 10:07:41 -0400 Subject: [PATCH 456/489] denylist: remove ext.config.toolbox from denylist The toolbox containers for f35 and f36 are now in the registry. Resolves https://github.com/coreos/fedora-coreos-tracker/issues/926 --- kola-denylist.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/kola-denylist.yaml b/kola-denylist.yaml index 612265c6f1..05d61c6722 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -10,8 +10,3 @@ snooze: 2021-09-01 platforms: - openstack -- pattern: ext.config.toolbox - tracker: https://github.com/coreos/fedora-coreos-tracker/issues/926 - snooze: 2021-09-15 - streams: - - rawhide From 60354c286f9cf9fcd0708afaab66d82f3bf53a19 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 15 Sep 2021 10:09:57 -0400 Subject: [PATCH 457/489] denylist: remove snooze on podman.network-single for openstack It started running again on 2021-09-01 and is passing so let's remove it from the list. Resolves https://github.com/coreos/fedora-coreos-tracker/issues/901 --- kola-denylist.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/kola-denylist.yaml b/kola-denylist.yaml index 05d61c6722..cf3a3d8c88 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -5,8 +5,3 @@ tracker: https://github.com/coreos/coreos-assembler/pull/1478 - pattern: podman.workflow tracker: https://github.com/coreos/coreos-assembler/pull/1478 -- pattern: podman.network-single - tracker: https://github.com/coreos/fedora-coreos-tracker/issues/901 - snooze: 2021-09-01 - platforms: - - openstack From 83f5e120101b125ad399acfc87fbf9d2744108c3 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 15 Sep 2021 21:35:14 +0000 Subject: [PATCH 458/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/454/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 26 +++++++++++++------------- manifest-lock.x86_64.json | 26 +++++++++++++------------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 30bda6663e..574af366b2 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -67,7 +67,7 @@ "evra": "3.5.2-2.fc34.aarch64" }, "btrfs-progs": { - "evra": "5.13.1-1.fc34.aarch64" + "evra": "5.14-2.fc34.aarch64" }, "bubblewrap": { "evra": "0.4.1-3.fc34.aarch64" @@ -226,7 +226,7 @@ "evra": "3.7-8.fc34.aarch64" }, "dnsmasq": { - "evra": "2.85-3.fc34.aarch64" + "evra": "2.86-1.fc34.aarch64" }, "dosfstools": { "evra": "4.2-1.fc34.aarch64" @@ -262,7 +262,7 @@ "evra": "0.185-2.fc34.aarch64" }, "ethtool": { - "evra": "2:5.13-1.fc34.aarch64" + "evra": "2:5.14-1.fc34.aarch64" }, "expat": { "evra": "2.4.1-1.fc34.aarch64" @@ -274,13 +274,13 @@ "evra": "34-2.noarch" }, "fedora-release-common": { - "evra": "34-36.noarch" + "evra": "34-37.noarch" }, "fedora-release-coreos": { - "evra": "34-36.noarch" + "evra": "34-37.noarch" }, "fedora-release-identity-coreos": { - "evra": "34-36.noarch" + "evra": "34-37.noarch" }, "fedora-repos": { "evra": "34-2.noarch" @@ -628,7 +628,7 @@ "evra": "1.0.4-13.fc34.aarch64" }, "libmodulemd": { - "evra": "2.13.0-1.fc34.aarch64" + "evra": "2.13.0-2.fc34.aarch64" }, "libmount": { "evra": "2.36.2-1.fc34.aarch64" @@ -778,7 +778,7 @@ "evra": "2.36.2-1.fc34.aarch64" }, "libuv": { - "evra": "1:1.41.0-1.fc34.aarch64" + "evra": "1:1.42.0-2.fc34.aarch64" }, "libvarlink-util": { "evra": "22-2.fc34.aarch64" @@ -916,10 +916,10 @@ "evra": "1.77-7.fc34.aarch64" }, "ostree": { - "evra": "2021.3-1.fc34.aarch64" + "evra": "2021.4-2.fc34.aarch64" }, "ostree-libs": { - "evra": "2021.3-1.fc34.aarch64" + "evra": "2021.4-2.fc34.aarch64" }, "p11-kit": { "evra": "0.23.22-3.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-14T15:01:51Z", + "generated": "2021-09-15T20:54:20Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-13T21:55:30Z" + "generated": "2021-09-14T16:10:51Z" }, "fedora-updates": { - "generated": "2021-09-14T14:49:53Z" + "generated": "2021-09-15T18:06:59Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 432b53b60c..4e209406f7 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -67,7 +67,7 @@ "evra": "3.5.2-2.fc34.x86_64" }, "btrfs-progs": { - "evra": "5.13.1-1.fc34.x86_64" + "evra": "5.14-2.fc34.x86_64" }, "bubblewrap": { "evra": "0.4.1-3.fc34.x86_64" @@ -226,7 +226,7 @@ "evra": "3.7-8.fc34.x86_64" }, "dnsmasq": { - "evra": "2.85-3.fc34.x86_64" + "evra": "2.86-1.fc34.x86_64" }, "dosfstools": { "evra": "4.2-1.fc34.x86_64" @@ -262,7 +262,7 @@ "evra": "0.185-2.fc34.x86_64" }, "ethtool": { - "evra": "2:5.13-1.fc34.x86_64" + "evra": "2:5.14-1.fc34.x86_64" }, "expat": { "evra": "2.4.1-1.fc34.x86_64" @@ -274,13 +274,13 @@ "evra": "34-2.noarch" }, "fedora-release-common": { - "evra": "34-36.noarch" + "evra": "34-37.noarch" }, "fedora-release-coreos": { - "evra": "34-36.noarch" + "evra": "34-37.noarch" }, "fedora-release-identity-coreos": { - "evra": "34-36.noarch" + "evra": "34-37.noarch" }, "fedora-repos": { "evra": "34-2.noarch" @@ -634,7 +634,7 @@ "evra": "1.0.4-13.fc34.x86_64" }, "libmodulemd": { - "evra": "2.13.0-1.fc34.x86_64" + "evra": "2.13.0-2.fc34.x86_64" }, "libmount": { "evra": "2.36.2-1.fc34.x86_64" @@ -787,7 +787,7 @@ "evra": "2.36.2-1.fc34.x86_64" }, "libuv": { - "evra": "1:1.41.0-1.fc34.x86_64" + "evra": "1:1.42.0-2.fc34.x86_64" }, "libvarlink-util": { "evra": "22-2.fc34.x86_64" @@ -928,10 +928,10 @@ "evra": "1.77-7.fc34.x86_64" }, "ostree": { - "evra": "2021.3-1.fc34.x86_64" + "evra": "2021.4-2.fc34.x86_64" }, "ostree-libs": { - "evra": "2021.3-1.fc34.x86_64" + "evra": "2021.4-2.fc34.x86_64" }, "p11-kit": { "evra": "0.23.22-3.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-14T15:02:43Z", + "generated": "2021-09-15T20:54:05Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-13T22:00:15Z" + "generated": "2021-09-14T16:12:39Z" }, "fedora-updates": { - "generated": "2021-09-14T14:50:23Z" + "generated": "2021-09-15T18:07:28Z" } } } From 196c0f02050e513cf118bd05313702f527ef0384 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 16 Sep 2021 08:21:11 -0400 Subject: [PATCH 459/489] ci/buildroot: Blow out quay.io cache Again. --- ci/buildroot/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/buildroot/Dockerfile b/ci/buildroot/Dockerfile index 135644f473..8d086c1330 100644 --- a/ci/buildroot/Dockerfile +++ b/ci/buildroot/Dockerfile @@ -7,4 +7,4 @@ # Ignition, rpm-ostree, ostree, coreos-installer, etc... FROM registry.fedoraproject.org/fedora:34 COPY . /src -RUN ./src/install-buildroot.sh && yum clean all && rm /src -rf # nocache 20210706 +RUN ./src/install-buildroot.sh && yum clean all && rm /src -rf # nocache 20210916 From 38e5f0c7165d42fded8aabace27aa2a35856ac5a Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 16 Sep 2021 00:33:30 -0400 Subject: [PATCH 460/489] live/grub.cfg: update incorrect comment This file is shipped in the ISO itself, and efiboot.img contains a stub config that points to it. --- live/EFI/fedora/grub.cfg | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/live/EFI/fedora/grub.cfg b/live/EFI/fedora/grub.cfg index c833dc2171..6f881fef62 100644 --- a/live/EFI/fedora/grub.cfg +++ b/live/EFI/fedora/grub.cfg @@ -4,9 +4,11 @@ # # One diff to note is we use linux and initrd instead of linuxefi and # initrdefi. We do this because it works and allows us to use this same -# file on other architecutres. https://github.com/coreos/fedora-coreos-config/issues/63 +# file on other architectures. https://github.com/coreos/fedora-coreos-config/issues/63 # -# This file gets embedded into the efiboot.img on our Fedora CoreOS ISO. +# This file is loaded directly when booting via El Torito, and indirectly +# from a stub config in efiboot.img when booting via the hybrid ESP. + set default="1" function load_video { From b9229f23b559cab5ae64520f1a8c702bb05abc32 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 17 Sep 2021 01:52:28 +0000 Subject: [PATCH 461/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/458/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 14 +++++++------- manifest-lock.x86_64.json | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 574af366b2..66101d1a00 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -322,7 +322,7 @@ "evra": "2.9.9-11.fc34.aarch64" }, "fuse-overlayfs": { - "evra": "1.7.1-1.fc34.aarch64" + "evra": "1.7.1-2.fc34.aarch64" }, "fuse-sshfs": { "evra": "3.7.2-1.fc34.aarch64" @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.15-200.fc34.aarch64" + "evra": "5.13.16-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.15-200.fc34.aarch64" + "evra": "5.13.16-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.15-200.fc34.aarch64" + "evra": "5.13.16-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-15T20:54:20Z", + "generated": "2021-09-17T01:13:57Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-14T16:10:51Z" + "generated": "2021-09-15T21:42:30Z" }, "fedora-updates": { - "generated": "2021-09-15T18:06:59Z" + "generated": "2021-09-16T18:52:23Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 4e209406f7..67f38cffca 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -322,7 +322,7 @@ "evra": "2.9.9-11.fc34.x86_64" }, "fuse-overlayfs": { - "evra": "1.7.1-1.fc34.x86_64" + "evra": "1.7.1-2.fc34.x86_64" }, "fuse-sshfs": { "evra": "3.7.2-1.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.15-200.fc34.x86_64" + "evra": "5.13.16-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.15-200.fc34.x86_64" + "evra": "5.13.16-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.15-200.fc34.x86_64" + "evra": "5.13.16-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-15T20:54:05Z", + "generated": "2021-09-17T01:13:49Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-14T16:12:39Z" + "generated": "2021-09-15T21:49:13Z" }, "fedora-updates": { - "generated": "2021-09-15T18:07:28Z" + "generated": "2021-09-16T18:52:53Z" } } } From c095fba69cd3efa683a6050097daaf2c165b763c Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 19 Sep 2021 20:54:57 +0000 Subject: [PATCH 462/489] lockfiles: bump timestamp Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/464/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 6 +++--- manifest-lock.x86_64.json | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 66101d1a00..a21523b231 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-17T01:13:57Z", + "generated": "2021-09-19T20:54:30Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-15T21:42:30Z" + "generated": "2021-09-18T21:35:36Z" }, "fedora-updates": { - "generated": "2021-09-16T18:52:23Z" + "generated": "2021-09-19T04:39:00Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 67f38cffca..bd478bfba4 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-17T01:13:49Z", + "generated": "2021-09-19T20:54:14Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-15T21:49:13Z" + "generated": "2021-09-18T21:37:41Z" }, "fedora-updates": { - "generated": "2021-09-16T18:52:53Z" + "generated": "2021-09-19T04:39:30Z" } } } From f743a1d7aad2b43dc3ecf545179955416c7e552b Mon Sep 17 00:00:00 2001 From: Julian Wiedmann Date: Mon, 20 Sep 2021 13:38:05 +0300 Subject: [PATCH 463/489] tests/kola/var-mount: add a TPM-less variant for s390x The var-mount test currently only fails on s390x because it uses LUKS and requires a TPM. Thus add a simple test without TPM, and restrict the LUKS version to non-s390x. Also see 51ee72c2b0f2 ("tests: Enable TPM test for all arches except s390x") Signed-off-by: Julian Wiedmann --- tests/kola/var-mount/{ => luks}/config.fcc | 0 tests/kola/var-mount/{ => luks}/test.sh | 2 +- tests/kola/var-mount/simple/config.fcc | 20 ++++++++++ tests/kola/var-mount/simple/test.sh | 44 ++++++++++++++++++++++ 4 files changed, 65 insertions(+), 1 deletion(-) rename tests/kola/var-mount/{ => luks}/config.fcc (100%) rename tests/kola/var-mount/{ => luks}/test.sh (94%) create mode 100644 tests/kola/var-mount/simple/config.fcc create mode 100755 tests/kola/var-mount/simple/test.sh diff --git a/tests/kola/var-mount/config.fcc b/tests/kola/var-mount/luks/config.fcc similarity index 100% rename from tests/kola/var-mount/config.fcc rename to tests/kola/var-mount/luks/config.fcc diff --git a/tests/kola/var-mount/test.sh b/tests/kola/var-mount/luks/test.sh similarity index 94% rename from tests/kola/var-mount/test.sh rename to tests/kola/var-mount/luks/test.sh index ba6565e80b..172fd62122 100755 --- a/tests/kola/var-mount/test.sh +++ b/tests/kola/var-mount/luks/test.sh @@ -2,7 +2,7 @@ set -xeuo pipefail # restrict to qemu for now because the primary disk path is platform-dependent -# kola: {"platforms": "qemu"} +# kola: {"platforms": "qemu", "architectures": "!s390x"} ok() { echo "ok" "$@" diff --git a/tests/kola/var-mount/simple/config.fcc b/tests/kola/var-mount/simple/config.fcc new file mode 100644 index 0000000000..b32fd3611d --- /dev/null +++ b/tests/kola/var-mount/simple/config.fcc @@ -0,0 +1,20 @@ +variant: fcos +version: 1.3.0 +storage: + disks: + - device: /dev/vda + partitions: + - label: var + size_mib: 1000 + start_mib: 5000 + - label: varlog + wipe_table: false + filesystems: + - device: /dev/disk/by-partlabel/var + format: xfs + path: /var + with_mount_unit: true + - device: /dev/disk/by-partlabel/varlog + format: ext4 + path: /var/log + with_mount_unit: true diff --git a/tests/kola/var-mount/simple/test.sh b/tests/kola/var-mount/simple/test.sh new file mode 100755 index 0000000000..8bfcae589f --- /dev/null +++ b/tests/kola/var-mount/simple/test.sh @@ -0,0 +1,44 @@ +#!/bin/bash +set -xeuo pipefail + +# restrict to qemu for now because the primary disk path is platform-dependent +# kola: {"platforms": "qemu"} + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +# /var + +src=$(findmnt -nvr /var -o SOURCE) +[[ $(realpath "$src") == $(realpath /dev/disk/by-partlabel/var) ]] + +fstype=$(findmnt -nvr /var -o FSTYPE) +[[ $fstype == xfs ]] + +# /var/log + +src=$(findmnt -nvr /var/log -o SOURCE) +[[ $(realpath "$src") == $(realpath /dev/disk/by-partlabel/varlog) ]] + +fstype=$(findmnt -nvr /var/log -o FSTYPE) +[[ $fstype == ext4 ]] + +case "${AUTOPKGTEST_REBOOT_MARK:-}" in + "") + ok "mounted on first boot" + + # reboot once to sanity-check we can mount on second boot + /tmp/autopkgtest-reboot rebooted + ;; + + rebooted) + ok "mounted on reboot" + ;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; +esac From e499c8de3c2603d3b7ad8c5f48943251aac53faf Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 21 Sep 2021 16:11:24 +0000 Subject: [PATCH 464/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/472/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 8 ++++---- manifest-lock.x86_64.json | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index a21523b231..dde761791b 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -1012,7 +1012,7 @@ "evra": "3.2.3-5.fc34.aarch64" }, "runc": { - "evra": "2:1.0.1-1.fc34.aarch64" + "evra": "2:1.0.2-2.fc34.aarch64" }, "samba-client-libs": { "evra": "2:4.14.7-0.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-19T20:54:30Z", + "generated": "2021-09-21T15:19:01Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-18T21:35:36Z" + "generated": "2021-09-20T18:29:26Z" }, "fedora-updates": { - "generated": "2021-09-19T04:39:00Z" + "generated": "2021-09-20T13:37:03Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index bd478bfba4..966175350f 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1024,7 +1024,7 @@ "evra": "3.2.3-5.fc34.x86_64" }, "runc": { - "evra": "2:1.0.1-1.fc34.x86_64" + "evra": "2:1.0.2-2.fc34.x86_64" }, "samba-client-libs": { "evra": "2:4.14.7-0.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-19T20:54:14Z", + "generated": "2021-09-21T15:18:58Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-18T21:37:41Z" + "generated": "2021-09-20T18:32:47Z" }, "fedora-updates": { - "generated": "2021-09-19T04:39:30Z" + "generated": "2021-09-20T13:37:34Z" } } } From 5c6bd4c75b9f34a9f2d5719e0e2e4232ff44d1cf Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 21 Sep 2021 21:34:42 -0400 Subject: [PATCH 465/489] tests: use F34 container in podman.rootless-systemd test Fedora Linux 33 is old. Let's use Fedora Linux 34. --- tests/kola/podman/rootless-systemd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/kola/podman/rootless-systemd b/tests/kola/podman/rootless-systemd index e41df869c0..d64784dc1c 100755 --- a/tests/kola/podman/rootless-systemd +++ b/tests/kola/podman/rootless-systemd @@ -25,7 +25,7 @@ set -euxo pipefail # https://github.com/coreos/coreos-assembler/issues/1645 cd $(mktemp -d) cat < Containerfile -FROM registry.fedoraproject.org/fedora:33 +FROM registry.fedoraproject.org/fedora:34 RUN dnf -y update \ && dnf -y install systemd httpd \ && dnf clean all \ From 9eab16244f2493c5ae21535315621e3104c550fd Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 22 Sep 2021 21:06:33 +0000 Subject: [PATCH 466/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/475/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 24 ++++++++++++------------ manifest-lock.x86_64.json | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index dde761791b..7d4d81bea6 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -67,7 +67,7 @@ "evra": "3.5.2-2.fc34.aarch64" }, "btrfs-progs": { - "evra": "5.14-2.fc34.aarch64" + "evra": "5.14.1-1.fc34.aarch64" }, "bubblewrap": { "evra": "0.4.1-3.fc34.aarch64" @@ -127,7 +127,7 @@ "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.167.0-1.fc34.noarch" + "evra": "2:2.168.0-1.fc34.noarch" }, "containerd": { "evra": "1.5.5-1.fc34.aarch64" @@ -181,7 +181,7 @@ "evra": "1:2.3.3op2-7.fc34.aarch64" }, "curl": { - "evra": "7.76.1-7.fc34.aarch64" + "evra": "7.76.1-12.fc34.aarch64" }, "cyrus-sasl-gssapi": { "evra": "2.1.27-8.fc34.aarch64" @@ -535,7 +535,7 @@ "evra": "1.45.6-5.fc34.aarch64" }, "libcurl": { - "evra": "7.76.1-7.fc34.aarch64" + "evra": "7.76.1-12.fc34.aarch64" }, "libdaemon": { "evra": "0.14-21.fc34.aarch64" @@ -790,7 +790,7 @@ "evra": "2:4.14.7-0.fc34.aarch64" }, "libxcrypt": { - "evra": "4.4.25-1.fc34.aarch64" + "evra": "4.4.26-2.fc34.aarch64" }, "libxml2": { "evra": "2.9.12-4.fc34.aarch64" @@ -907,10 +907,10 @@ "evra": "8.6p1-3.fc34.aarch64" }, "openssl": { - "evra": "1:1.1.1l-1.fc34.aarch64" + "evra": "1:1.1.1l-2.fc34.aarch64" }, "openssl-libs": { - "evra": "1:1.1.1l-1.fc34.aarch64" + "evra": "1:1.1.1l-2.fc34.aarch64" }, "os-prober": { "evra": "1.77-7.fc34.aarch64" @@ -1027,10 +1027,10 @@ "evra": "4.8-7.fc34.aarch64" }, "selinux-policy": { - "evra": "34.19-1.fc34.noarch" + "evra": "34.20-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.19-1.fc34.noarch" + "evra": "34.20-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-21T15:19:01Z", + "generated": "2021-09-22T19:58:16Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-20T18:29:26Z" + "generated": "2021-09-21T16:17:35Z" }, "fedora-updates": { - "generated": "2021-09-20T13:37:03Z" + "generated": "2021-09-22T16:18:21Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 966175350f..4484f9676d 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -67,7 +67,7 @@ "evra": "3.5.2-2.fc34.x86_64" }, "btrfs-progs": { - "evra": "5.14-2.fc34.x86_64" + "evra": "5.14.1-1.fc34.x86_64" }, "bubblewrap": { "evra": "0.4.1-3.fc34.x86_64" @@ -127,7 +127,7 @@ "evra": "0.21.2-1.fc34.noarch" }, "container-selinux": { - "evra": "2:2.167.0-1.fc34.noarch" + "evra": "2:2.168.0-1.fc34.noarch" }, "containerd": { "evra": "1.5.5-1.fc34.x86_64" @@ -181,7 +181,7 @@ "evra": "1:2.3.3op2-7.fc34.x86_64" }, "curl": { - "evra": "7.76.1-7.fc34.x86_64" + "evra": "7.76.1-12.fc34.x86_64" }, "cyrus-sasl-gssapi": { "evra": "2.1.27-8.fc34.x86_64" @@ -541,7 +541,7 @@ "evra": "1.45.6-5.fc34.x86_64" }, "libcurl": { - "evra": "7.76.1-7.fc34.x86_64" + "evra": "7.76.1-12.fc34.x86_64" }, "libdaemon": { "evra": "0.14-21.fc34.x86_64" @@ -799,7 +799,7 @@ "evra": "2:4.14.7-0.fc34.x86_64" }, "libxcrypt": { - "evra": "4.4.25-1.fc34.x86_64" + "evra": "4.4.26-2.fc34.x86_64" }, "libxml2": { "evra": "2.9.12-4.fc34.x86_64" @@ -919,10 +919,10 @@ "evra": "8.6p1-3.fc34.x86_64" }, "openssl": { - "evra": "1:1.1.1l-1.fc34.x86_64" + "evra": "1:1.1.1l-2.fc34.x86_64" }, "openssl-libs": { - "evra": "1:1.1.1l-1.fc34.x86_64" + "evra": "1:1.1.1l-2.fc34.x86_64" }, "os-prober": { "evra": "1.77-7.fc34.x86_64" @@ -1039,10 +1039,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.19-1.fc34.noarch" + "evra": "34.20-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.19-1.fc34.noarch" + "evra": "34.20-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-21T15:18:58Z", + "generated": "2021-09-22T19:58:30Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-20T18:32:47Z" + "generated": "2021-09-21T16:22:30Z" }, "fedora-updates": { - "generated": "2021-09-20T13:37:34Z" + "generated": "2021-09-22T16:18:49Z" } } } From 7d524f1a0c2b5ce8345ddd1e9ab10fcc0e7e0664 Mon Sep 17 00:00:00 2001 From: Huijing Hei Date: Wed, 22 Sep 2021 13:31:36 +0800 Subject: [PATCH 467/489] Add tests/kola/ignition/remote/remote.ign The remote ignition file will be used to verify BZ1980679, including inject kernel arguments and write something to /etc/testfile --- tests/kola/ignition/remote/remote.ign | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 tests/kola/ignition/remote/remote.ign diff --git a/tests/kola/ignition/remote/remote.ign b/tests/kola/ignition/remote/remote.ign new file mode 100644 index 0000000000..1323ca2b40 --- /dev/null +++ b/tests/kola/ignition/remote/remote.ign @@ -0,0 +1,21 @@ +{ + "ignition": { + "version": "3.3.0" + }, + "kernelArguments": { + "shouldExist": [ + "foobar" + ] + }, + "storage": { + "files": [ + { + "path": "/etc/testfile", + "contents": { + "source": "data:,test" + }, + "mode": 420 + } + ] + } +} From c7f95e43f1786ebf7a1cc904551af3ed54bbd48c Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 23 Sep 2021 21:33:49 +0000 Subject: [PATCH 468/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/478/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 12 ++++++------ manifest-lock.x86_64.json | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 7d4d81bea6..1b40efde45 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.16-200.fc34.aarch64" + "evra": "5.13.19-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.16-200.fc34.aarch64" + "evra": "5.13.19-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.16-200.fc34.aarch64" + "evra": "5.13.19-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-22T19:58:16Z", + "generated": "2021-09-23T20:53:57Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-21T16:17:35Z" + "generated": "2021-09-22T22:19:13Z" }, "fedora-updates": { - "generated": "2021-09-22T16:18:21Z" + "generated": "2021-09-23T19:14:22Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 4484f9676d..e025090b9f 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.16-200.fc34.x86_64" + "evra": "5.13.19-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.16-200.fc34.x86_64" + "evra": "5.13.19-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.16-200.fc34.x86_64" + "evra": "5.13.19-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-22T19:58:30Z", + "generated": "2021-09-23T20:54:13Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-21T16:22:30Z" + "generated": "2021-09-22T22:21:56Z" }, "fedora-updates": { - "generated": "2021-09-22T16:18:49Z" + "generated": "2021-09-23T19:14:52Z" } } } From 76a10fab07879cd0754ade6709197b273faa9797 Mon Sep 17 00:00:00 2001 From: Huijing Hei Date: Fri, 24 Sep 2021 10:13:05 +0800 Subject: [PATCH 469/489] Add test script for verify BZ1980679 config.bu to include remote.ign verify kernel arg and exists /etc/testfile --- tests/kola/ignition/remote/config.bu | 8 ++++++++ tests/kola/ignition/remote/test.sh | 29 ++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 tests/kola/ignition/remote/config.bu create mode 100755 tests/kola/ignition/remote/test.sh diff --git a/tests/kola/ignition/remote/config.bu b/tests/kola/ignition/remote/config.bu new file mode 100644 index 0000000000..9750fddd77 --- /dev/null +++ b/tests/kola/ignition/remote/config.bu @@ -0,0 +1,8 @@ +variant: fcos +version: 1.4.0 +ignition: + config: + merge: + - source: https://raw.githubusercontent.com/coreos/fedora-coreos-config/testing-devel/tests/kola/ignition/remote/remote.ign + verification: + hash: sha512-1c840823419a2eae431356b58d0c498f4ec84ef3d2b9a4fa42f75749a89fe1f413a848d9082d5dc6c243324b57fa7a76b4ef6dde5d023f9bba549b7755836170 diff --git a/tests/kola/ignition/remote/test.sh b/tests/kola/ignition/remote/test.sh new file mode 100755 index 0000000000..dc01bc0b42 --- /dev/null +++ b/tests/kola/ignition/remote/test.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -xeuo pipefail + +# To test https://bugzilla.redhat.com/show_bug.cgi?id=1980679 +# remote.ign on github: inject kernelArguments and write something to /etc/testfile +# config.ign to include remote kargsfile.ign + +# kola: { "tags": "needs-internet" } + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +if ! grep -q foobar /proc/cmdline; then + fatal "missing foobar in kernel cmdline" +else + ok "find foobar in kernel cmdline" +fi +if ! test -e /etc/testfile; then + fatal "not found /etc/testfile" +else + ok "find expected file /etc/testfile" +fi +ok "Ignition remote config test" From bdb1f57b5b20f3af23cd67fe3f7972f1e7838958 Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Fri, 24 Sep 2021 14:06:17 +0000 Subject: [PATCH 470/489] overlay/dracut/multipath: remove problematic stop command This is a temporary workaround to remove a problematic stop command from `multipathd.service`, until the already-merged proper fix gets released in dracut. --- .../35coreos-multipath/90-multipathd-remove-execstop.conf | 3 +++ .../lib/dracut/modules.d/35coreos-multipath/module-setup.sh | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/90-multipathd-remove-execstop.conf diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/90-multipathd-remove-execstop.conf b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/90-multipathd-remove-execstop.conf new file mode 100644 index 0000000000..ec9e14e7ca --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/90-multipathd-remove-execstop.conf @@ -0,0 +1,3 @@ +# Temporary workaround for https://github.com/dracutdevs/dracut/pull/1606. +[Service] +ExecStop= diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh index 4ab4bc4006..bcd530b678 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh @@ -12,6 +12,11 @@ install_ignition_unit() { } install() { + # Temporary workaround for https://github.com/dracutdevs/dracut/pull/1606. + mkdir -p "$systemdsystemunitdir/multipathd.service.d" + inst_simple "$moddir/90-multipathd-remove-execstop.conf" \ + "$systemdsystemunitdir/multipathd.service.d/90-multipathd-remove-execstop.conf" + inst_script "$moddir/coreos-propagate-multipath-conf.sh" \ "/usr/sbin/coreos-propagate-multipath-conf" From de62fb029748440ff04476aa40882f9e4b98d271 Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Fri, 24 Sep 2021 14:43:19 +0000 Subject: [PATCH 471/489] kola: check for fixed dracut multipath XOR quickfix in overlay --- tests/kola/misc-ro | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 05d91c2927..9002bc3a86 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -198,3 +198,16 @@ if find ${tmpd}/usr/{bin,sbin,libexec} ! -perm -0111 | grep -v clevis-luks-commo fi rm -r ${tmpd} ok "All initrd scripts are executable" + +# We need either a fixed dracut or temporary workaround, no need for both. +# See https://github.com/coreos/fedora-coreos-tracker/issues/803. +has_fixed_dracut=$(grep -q 'ExecStop=/sbin/multipathd shutdown' /usr/lib/dracut/modules.d/90multipath/multipathd.service; echo $?) +has_overlay_quickfix=$(test ! -f /usr/lib/dracut/modules.d/35coreos-multipath/90-multipathd-remove-execstop.conf; echo $?) +if test "${has_fixed_dracut}" -eq "${has_overlay_quickfix}"; then + if test "${has_fixed_dracut}" -eq 1; then + fatal "Found fixed dracut multipath module but quickfix is present too" + else + fatal "Found buggy dracut multipath module but quickfix is missing too" + fi +fi +ok "either dracut multipath module fixed or quickfix present" From f4a0a484adf843ef64d05a6c493cc7cb4aa85c8b Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 24 Sep 2021 21:53:30 +0000 Subject: [PATCH 472/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/481/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 16 ++++++++-------- manifest-lock.x86_64.json | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 1b40efde45..9ae075cfff 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -61,7 +61,7 @@ "evra": "32:9.16.20-3.fc34.aarch64" }, "bootupd": { - "evra": "0.2.5-3.fc34.aarch64" + "evra": "0.2.6-1.fc34.aarch64" }, "bsdtar": { "evra": "3.5.2-2.fc34.aarch64" @@ -85,7 +85,7 @@ "evra": "2021.2.50-1.0.fc34.noarch" }, "catatonit": { - "evra": "0.1.5-4.fc34.aarch64" + "evra": "0.1.6-1.fc34.aarch64" }, "chrony": { "evra": "4.1-1.fc34.aarch64" @@ -646,7 +646,7 @@ "evra": "1.0.1-19.fc34.aarch64" }, "libnfsidmap": { - "evra": "1:2.5.4-0.fc34.aarch64" + "evra": "1:2.5.4-2.rc3.fc34.aarch64" }, "libnftnl": { "evra": "1.1.9-2.fc34.aarch64" @@ -682,7 +682,7 @@ "evra": "0.1.5-47.fc34.aarch64" }, "librepo": { - "evra": "1.14.1-1.fc34.aarch64" + "evra": "1.14.2-1.fc34.aarch64" }, "libreport-filesystem": { "evra": "2.15.2-2.fc34.noarch" @@ -874,7 +874,7 @@ "evra": "0.52.21-9.fc34.aarch64" }, "nfs-utils-coreos": { - "evra": "1:2.5.4-0.fc34.aarch64" + "evra": "1:2.5.4-2.rc3.fc34.aarch64" }, "nftables": { "evra": "1:0.9.8-3.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-23T20:53:57Z", + "generated": "2021-09-24T20:54:37Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-22T22:19:13Z" + "generated": "2021-09-24T18:50:21Z" }, "fedora-updates": { - "generated": "2021-09-23T19:14:22Z" + "generated": "2021-09-24T20:25:30Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index e025090b9f..c473f79ba4 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -61,7 +61,7 @@ "evra": "32:9.16.20-3.fc34.x86_64" }, "bootupd": { - "evra": "0.2.5-3.fc34.x86_64" + "evra": "0.2.6-1.fc34.x86_64" }, "bsdtar": { "evra": "3.5.2-2.fc34.x86_64" @@ -85,7 +85,7 @@ "evra": "2021.2.50-1.0.fc34.noarch" }, "catatonit": { - "evra": "0.1.5-4.fc34.x86_64" + "evra": "0.1.6-1.fc34.x86_64" }, "chrony": { "evra": "4.1-1.fc34.x86_64" @@ -652,7 +652,7 @@ "evra": "1.0.1-19.fc34.x86_64" }, "libnfsidmap": { - "evra": "1:2.5.4-0.fc34.x86_64" + "evra": "1:2.5.4-2.rc3.fc34.x86_64" }, "libnftnl": { "evra": "1.1.9-2.fc34.x86_64" @@ -688,7 +688,7 @@ "evra": "0.1.5-47.fc34.x86_64" }, "librepo": { - "evra": "1.14.1-1.fc34.x86_64" + "evra": "1.14.2-1.fc34.x86_64" }, "libreport-filesystem": { "evra": "2.15.2-2.fc34.noarch" @@ -886,7 +886,7 @@ "evra": "0.52.21-9.fc34.x86_64" }, "nfs-utils-coreos": { - "evra": "1:2.5.4-0.fc34.x86_64" + "evra": "1:2.5.4-2.rc3.fc34.x86_64" }, "nftables": { "evra": "1:0.9.8-3.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-23T20:54:13Z", + "generated": "2021-09-24T20:54:56Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-22T22:21:56Z" + "generated": "2021-09-24T18:54:17Z" }, "fedora-updates": { - "generated": "2021-09-23T19:14:52Z" + "generated": "2021-09-24T20:26:31Z" } } } From 7b09ca9ecb412352e12858148152dbb7bdadc500 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sun, 26 Sep 2021 21:07:06 +0000 Subject: [PATCH 473/489] lockfiles: bump timestamp Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/485/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 4 ++-- manifest-lock.x86_64.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 9ae075cfff..01d18cd48b 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -1178,13 +1178,13 @@ } }, "metadata": { - "generated": "2021-09-24T20:54:37Z", + "generated": "2021-09-26T20:55:05Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-24T18:50:21Z" + "generated": "2021-09-24T22:17:24Z" }, "fedora-updates": { "generated": "2021-09-24T20:25:30Z" diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index c473f79ba4..e41ddfcd19 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1190,13 +1190,13 @@ } }, "metadata": { - "generated": "2021-09-24T20:54:56Z", + "generated": "2021-09-26T20:55:43Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-24T18:54:17Z" + "generated": "2021-09-24T22:18:16Z" }, "fedora-updates": { "generated": "2021-09-24T20:26:31Z" From 0cb7934f9cf57c0368c6a36a483310146972b2a5 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 27 Sep 2021 13:10:49 -0400 Subject: [PATCH 474/489] tests: add ext.config.firewall.iptables-legacy test Let's confirm for now that we're using iptables-legacy by default until we switch to defaulting to iptables-nft. See https://github.com/coreos/fedora-coreos-tracker/issues/676 --- tests/kola/firewall/iptables-legacy | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100755 tests/kola/firewall/iptables-legacy diff --git a/tests/kola/firewall/iptables-legacy b/tests/kola/firewall/iptables-legacy new file mode 100755 index 0000000000..c21373026e --- /dev/null +++ b/tests/kola/firewall/iptables-legacy @@ -0,0 +1,20 @@ +#!/bin/bash +# kola: { "exclusive": false } +set -xeuo pipefail + +ok() { + echo "ok" "$@" +} + +fatal() { + echo "$@" >&2 + exit 1 +} + +# Make sure we're still on legacy iptables for now +# https://github.com/coreos/fedora-coreos-tracker/issues/676#issuecomment-928028451 +if ! iptables --version | grep legacy; then + iptables --version # output for logs + fatal "iptables version is not legacy" +fi +ok "iptables still in legacy mode" From 02302b97c9e5aadc38a1186fcf7ac4fada35c705 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Mon, 20 Sep 2021 09:34:42 +0200 Subject: [PATCH 475/489] Revert "overaly/preset: Enable Count Me by default" This is now enabled via the `90-default.preset` from fedora-release (included since commit 83f5e120101b125ad399acfc87fbf9d2744108c3). See: - https://src.fedoraproject.org/rpms/fedora-release/pull-request/203 - https://bugzilla.redhat.com/show_bug.cgi?id=1995495 This reverts commit 12ba5c2922d59fb2451ff3fbbb033913538b9460. --- overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset | 3 --- 1 file changed, 3 deletions(-) diff --git a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset index c007234c9d..ad40cb9d2c 100644 --- a/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset +++ b/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset @@ -8,6 +8,3 @@ enable coreos-check-cgroups.service # Clean up injected Ignition config in /boot on upgrade # https://github.com/coreos/fedora-coreos-tracker/issues/889 enable coreos-cleanup-ignition-config.service -# Temporary fast track for rpm-ostree count me enablement -# https://github.com/coreos/fedora-coreos-tracker/issues/717 -enable rpm-ostree-countme.timer From fd1e43fb1ca8bbdb216042960bc3773bf2f85842 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 27 Sep 2021 15:55:44 -0400 Subject: [PATCH 476/489] denylist: snooze podman.base test on aws/gcp See https://github.com/coreos/fedora-coreos-tracker/issues/966 There is a fix upstream but we need to wait for it to propagate down into FCOS. --- kola-denylist.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kola-denylist.yaml b/kola-denylist.yaml index cf3a3d8c88..9bccb8bea5 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -5,3 +5,9 @@ tracker: https://github.com/coreos/coreos-assembler/pull/1478 - pattern: podman.workflow tracker: https://github.com/coreos/coreos-assembler/pull/1478 +- pattern: podman.base + tracker: https://github.com/coreos/fedora-coreos-tracker/issues/966 + snooze: 2021-10-20 + platforms: + - aws + - gcp From 89fd06cf8ec2cfb312662c475edc0a8259925285 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 28 Sep 2021 02:27:55 +0000 Subject: [PATCH 477/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/489/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 14 +++++++------- manifest-lock.x86_64.json | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 01d18cd48b..7c2893a1e3 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -52,13 +52,13 @@ "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.16.20-3.fc34.aarch64" + "evra": "32:9.16.21-1.fc34.aarch64" }, "bind-license": { - "evra": "32:9.16.20-3.fc34.noarch" + "evra": "32:9.16.21-1.fc34.noarch" }, "bind-utils": { - "evra": "32:9.16.20-3.fc34.aarch64" + "evra": "32:9.16.21-1.fc34.aarch64" }, "bootupd": { "evra": "0.2.6-1.fc34.aarch64" @@ -133,7 +133,7 @@ "evra": "1.5.5-1.fc34.aarch64" }, "containernetworking-plugins": { - "evra": "1.0.0-1.fc34.aarch64" + "evra": "1.0.1-1.fc34.aarch64" }, "containers-common": { "evra": "4:1-21.fc34.noarch" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-26T20:55:05Z", + "generated": "2021-09-28T01:49:24Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-24T22:17:24Z" + "generated": "2021-09-27T18:08:44Z" }, "fedora-updates": { - "generated": "2021-09-24T20:25:30Z" + "generated": "2021-09-27T01:00:19Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index e41ddfcd19..501eed7fc2 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -52,13 +52,13 @@ "evra": "1:2.11-2.fc34.noarch" }, "bind-libs": { - "evra": "32:9.16.20-3.fc34.x86_64" + "evra": "32:9.16.21-1.fc34.x86_64" }, "bind-license": { - "evra": "32:9.16.20-3.fc34.noarch" + "evra": "32:9.16.21-1.fc34.noarch" }, "bind-utils": { - "evra": "32:9.16.20-3.fc34.x86_64" + "evra": "32:9.16.21-1.fc34.x86_64" }, "bootupd": { "evra": "0.2.6-1.fc34.x86_64" @@ -133,7 +133,7 @@ "evra": "1.5.5-1.fc34.x86_64" }, "containernetworking-plugins": { - "evra": "1.0.0-1.fc34.x86_64" + "evra": "1.0.1-1.fc34.x86_64" }, "containers-common": { "evra": "4:1-21.fc34.noarch" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-26T20:55:43Z", + "generated": "2021-09-28T01:49:16Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-24T22:18:16Z" + "generated": "2021-09-27T18:13:12Z" }, "fedora-updates": { - "generated": "2021-09-24T20:26:31Z" + "generated": "2021-09-27T01:00:51Z" } } } From 94df078060504a99caa7e95cb37ee9348c92a40e Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 27 Sep 2021 22:12:44 -0400 Subject: [PATCH 478/489] denylist: switch podman.base snooze to gce `gce` is the proper platform name, though we should consider renaming it. --- kola-denylist.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kola-denylist.yaml b/kola-denylist.yaml index 9bccb8bea5..1d59ef44e4 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -10,4 +10,4 @@ snooze: 2021-10-20 platforms: - aws - - gcp + - gce From 7ab896f650e65c1eb10f045ae161a6117494426f Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Tue, 28 Sep 2021 10:09:24 +0000 Subject: [PATCH 479/489] kola/misc-ro: rework test conditions This rework test logic following review feedback, in order to be easier to read. --- tests/kola/misc-ro | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index 9002bc3a86..c731a16038 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -201,10 +201,12 @@ ok "All initrd scripts are executable" # We need either a fixed dracut or temporary workaround, no need for both. # See https://github.com/coreos/fedora-coreos-tracker/issues/803. -has_fixed_dracut=$(grep -q 'ExecStop=/sbin/multipathd shutdown' /usr/lib/dracut/modules.d/90multipath/multipathd.service; echo $?) -has_overlay_quickfix=$(test ! -f /usr/lib/dracut/modules.d/35coreos-multipath/90-multipathd-remove-execstop.conf; echo $?) -if test "${has_fixed_dracut}" -eq "${has_overlay_quickfix}"; then - if test "${has_fixed_dracut}" -eq 1; then +has_fixed_dracut_multipathd_service=0 +grep -q 'ExecStop=/sbin/multipathd shutdown' /usr/lib/dracut/modules.d/90multipath/multipathd.service || has_fixed_dracut_multipathd_service=1 +has_overlay_multipathd_service_quickfix=1 +test -f /usr/lib/dracut/modules.d/35coreos-multipath/90-multipathd-remove-execstop.conf || has_overlay_multipathd_service_quickfix=0 +if test "${has_fixed_dracut_multipathd_service}" -eq "${has_overlay_multipathd_service_quickfix}"; then + if test "${has_fixed_dracut_multipathd_service}" -eq 1; then fatal "Found fixed dracut multipath module but quickfix is present too" else fatal "Found buggy dracut multipath module but quickfix is missing too" From 2063c864e2e53d966e1503111cc4da8941a9da4b Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Tue, 28 Sep 2021 10:11:27 +0000 Subject: [PATCH 480/489] multipathd.socket: add start conditions via dropin This adds a dropin for 'multipathd.socket' adding the same start conditions that are present on the service unit. It is a temporary workaround that can be removed once the packaged one is fixed. Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2008098 --- .../system/multipathd.socket.d/50-start-conditions.conf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 overlay.d/05core/usr/lib/systemd/system/multipathd.socket.d/50-start-conditions.conf diff --git a/overlay.d/05core/usr/lib/systemd/system/multipathd.socket.d/50-start-conditions.conf b/overlay.d/05core/usr/lib/systemd/system/multipathd.socket.d/50-start-conditions.conf new file mode 100644 index 0000000000..8b7f585550 --- /dev/null +++ b/overlay.d/05core/usr/lib/systemd/system/multipathd.socket.d/50-start-conditions.conf @@ -0,0 +1,6 @@ +# Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2008098 +[Unit] +ConditionKernelCommandLine=!multipath=off +ConditionKernelCommandLine=!nompath +ConditionPathExists=/etc/multipath.conf +ConditionVirtualization=!container From 28d5409999ff20eac4cd42832f12f038e029b94d Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Tue, 28 Sep 2021 10:11:39 +0000 Subject: [PATCH 481/489] kola/misc-ro: test for fixed multipathd.socket XOR quickfix --- tests/kola/misc-ro | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index c731a16038..9dfa024ce1 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -213,3 +213,18 @@ if test "${has_fixed_dracut_multipathd_service}" -eq "${has_overlay_multipathd_s fi fi ok "either dracut multipath module fixed or quickfix present" + +# We need either a fixed multipathd.socket or temporary workaround, no need for both. +# See https://bugzilla.redhat.com/show_bug.cgi?id=2008098. +has_fixed_multipathd_socket=1 +grep -q 'ConditionPathExists=/etc/multipath.conf' /usr/lib/systemd/system/multipathd.socket || has_fixed_multipathd_socket=0 +has_overlay_multipathd_socket_quickfix=1 +test -f /usr/lib/dracut/modules.d/35coreos-multipath/90-multipathd-remove-execstop.conf || has_overlay_multipathd_socket_quickfix=0 +if test "${has_fixed_multipathd_socket}" -eq "${has_overlay_multipathd_socket_quickfix}"; then + if test "${has_fixed_multipathd_socket}" -eq 1; then + fatal "Found fixed multipathd.socket but quickfix is present too" + else + fatal "Found buggy multipathd.socket but quickfix is missing too" + fi +fi +ok "either multipathd.socket fixed or quickfix present" From 904141f8f599971aca306a98070f46152530c6b6 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Wed, 29 Sep 2021 21:29:17 +0000 Subject: [PATCH 482/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/493/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 12 ++++++------ manifest-lock.x86_64.json | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 7c2893a1e3..9f8064f350 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -589,7 +589,7 @@ "evra": "36.0-1.fc34.aarch64" }, "libicu": { - "evra": "67.1-6.fc34.aarch64" + "evra": "67.1-7.fc34.aarch64" }, "libidn2": { "evra": "2.3.2-1.fc34.aarch64" @@ -721,10 +721,10 @@ "evra": "1.45.6-5.fc34.aarch64" }, "libssh": { - "evra": "0.9.5-2.fc34.aarch64" + "evra": "0.9.6-1.fc34.aarch64" }, "libssh-config": { - "evra": "0.9.5-2.fc34.noarch" + "evra": "0.9.6-1.fc34.noarch" }, "libsss_certmap": { "evra": "2.5.2-2.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-28T01:49:24Z", + "generated": "2021-09-29T20:53:19Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-27T18:08:44Z" + "generated": "2021-09-28T22:40:50Z" }, "fedora-updates": { - "generated": "2021-09-27T01:00:19Z" + "generated": "2021-09-29T00:55:29Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 501eed7fc2..1af239fd72 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -595,7 +595,7 @@ "evra": "36.0-1.fc34.x86_64" }, "libicu": { - "evra": "67.1-6.fc34.x86_64" + "evra": "67.1-7.fc34.x86_64" }, "libidn2": { "evra": "2.3.2-1.fc34.x86_64" @@ -730,10 +730,10 @@ "evra": "1.45.6-5.fc34.x86_64" }, "libssh": { - "evra": "0.9.5-2.fc34.x86_64" + "evra": "0.9.6-1.fc34.x86_64" }, "libssh-config": { - "evra": "0.9.5-2.fc34.noarch" + "evra": "0.9.6-1.fc34.noarch" }, "libsss_certmap": { "evra": "2.5.2-2.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-28T01:49:16Z", + "generated": "2021-09-29T20:53:16Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-27T18:13:12Z" + "generated": "2021-09-28T22:45:28Z" }, "fedora-updates": { - "generated": "2021-09-27T01:00:51Z" + "generated": "2021-09-29T00:56:02Z" } } } From 384d8d11a6968ca21ebc23d2d216ce1d1ebbb53a Mon Sep 17 00:00:00 2001 From: gursewak Date: Wed, 29 Sep 2021 12:56:32 -0700 Subject: [PATCH 483/489] tests/kola: Rename config files from .fcc to .bu --- tests/kola/authentication/passwd/{config.fcc => config.bu} | 0 .../systemd-enable-instance-unit/{config.fcc => config.bu} | 0 tests/kola/ignition/systemd-unmasking/{config.fcc => config.bu} | 0 tests/kola/misc-ign-ro/{config.fcc => config.bu} | 0 tests/kola/swap/zram-generator/{config.fcc => config.bu} | 0 tests/kola/var-mount/luks/{config.fcc => config.bu} | 0 tests/kola/var-mount/simple/{config.fcc => config.bu} | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename tests/kola/authentication/passwd/{config.fcc => config.bu} (100%) rename tests/kola/ignition/systemd-enable-instance-unit/{config.fcc => config.bu} (100%) rename tests/kola/ignition/systemd-unmasking/{config.fcc => config.bu} (100%) rename tests/kola/misc-ign-ro/{config.fcc => config.bu} (100%) rename tests/kola/swap/zram-generator/{config.fcc => config.bu} (100%) rename tests/kola/var-mount/luks/{config.fcc => config.bu} (100%) rename tests/kola/var-mount/simple/{config.fcc => config.bu} (100%) diff --git a/tests/kola/authentication/passwd/config.fcc b/tests/kola/authentication/passwd/config.bu similarity index 100% rename from tests/kola/authentication/passwd/config.fcc rename to tests/kola/authentication/passwd/config.bu diff --git a/tests/kola/ignition/systemd-enable-instance-unit/config.fcc b/tests/kola/ignition/systemd-enable-instance-unit/config.bu similarity index 100% rename from tests/kola/ignition/systemd-enable-instance-unit/config.fcc rename to tests/kola/ignition/systemd-enable-instance-unit/config.bu diff --git a/tests/kola/ignition/systemd-unmasking/config.fcc b/tests/kola/ignition/systemd-unmasking/config.bu similarity index 100% rename from tests/kola/ignition/systemd-unmasking/config.fcc rename to tests/kola/ignition/systemd-unmasking/config.bu diff --git a/tests/kola/misc-ign-ro/config.fcc b/tests/kola/misc-ign-ro/config.bu similarity index 100% rename from tests/kola/misc-ign-ro/config.fcc rename to tests/kola/misc-ign-ro/config.bu diff --git a/tests/kola/swap/zram-generator/config.fcc b/tests/kola/swap/zram-generator/config.bu similarity index 100% rename from tests/kola/swap/zram-generator/config.fcc rename to tests/kola/swap/zram-generator/config.bu diff --git a/tests/kola/var-mount/luks/config.fcc b/tests/kola/var-mount/luks/config.bu similarity index 100% rename from tests/kola/var-mount/luks/config.fcc rename to tests/kola/var-mount/luks/config.bu diff --git a/tests/kola/var-mount/simple/config.fcc b/tests/kola/var-mount/simple/config.bu similarity index 100% rename from tests/kola/var-mount/simple/config.fcc rename to tests/kola/var-mount/simple/config.bu From 6a41390efd99a446162a9bc449171ca1c818c7c7 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Thu, 30 Sep 2021 21:42:43 +0000 Subject: [PATCH 484/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/495/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 14 +++++++------- manifest-lock.x86_64.json | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 9f8064f350..659cd2ee9a 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -1027,10 +1027,10 @@ "evra": "4.8-7.fc34.aarch64" }, "selinux-policy": { - "evra": "34.20-1.fc34.noarch" + "evra": "34.21-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.20-1.fc34.noarch" + "evra": "34.21-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1135,7 +1135,7 @@ "evra": "3.1.0-1.fc34.aarch64" }, "tzdata": { - "evra": "2021a-1.fc34.noarch" + "evra": "2021b-1.fc34.noarch" }, "userspace-rcu": { "evra": "0.12.1-3.fc34.aarch64" @@ -1150,7 +1150,7 @@ "evra": "2.21-26.fc34.aarch64" }, "wireguard-tools": { - "evra": "1.0.20210424-1.fc34.aarch64" + "evra": "1.0.20210914-1.fc34.aarch64" }, "xfsprogs": { "evra": "5.10.0-2.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-29T20:53:19Z", + "generated": "2021-09-30T20:53:46Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-28T22:40:50Z" + "generated": "2021-09-29T21:37:56Z" }, "fedora-updates": { - "generated": "2021-09-29T00:55:29Z" + "generated": "2021-09-30T00:57:54Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 1af239fd72..e80f517310 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -1039,10 +1039,10 @@ "evra": "4.8-7.fc34.x86_64" }, "selinux-policy": { - "evra": "34.20-1.fc34.noarch" + "evra": "34.21-1.fc34.noarch" }, "selinux-policy-targeted": { - "evra": "34.20-1.fc34.noarch" + "evra": "34.21-1.fc34.noarch" }, "setup": { "evra": "2.13.7-3.fc34.noarch" @@ -1147,7 +1147,7 @@ "evra": "3.1.0-1.fc34.x86_64" }, "tzdata": { - "evra": "2021a-1.fc34.noarch" + "evra": "2021b-1.fc34.noarch" }, "userspace-rcu": { "evra": "0.12.1-3.fc34.x86_64" @@ -1162,7 +1162,7 @@ "evra": "2.21-26.fc34.x86_64" }, "wireguard-tools": { - "evra": "1.0.20210424-1.fc34.x86_64" + "evra": "1.0.20210914-1.fc34.x86_64" }, "xfsprogs": { "evra": "5.10.0-2.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-29T20:53:16Z", + "generated": "2021-09-30T20:53:41Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-28T22:45:28Z" + "generated": "2021-09-29T21:45:52Z" }, "fedora-updates": { - "generated": "2021-09-29T00:56:02Z" + "generated": "2021-09-30T00:58:25Z" } } } From 182dba500ca5b626ead275ad579daf904c6d1dfa Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 30 Sep 2021 17:27:26 -0400 Subject: [PATCH 485/489] overrides: fast-track rpm-ostree-2021.11-2.fc34 It's just sitting there in Bodhi. We want it for its own sake, but also for https://github.com/coreos/rpm-ostree/pull/3103 because of https://github.com/fedora-silverblue/issue-tracker/issues/210 which can also apply to FCOS, even if having it as a layer is likely rarer here. --- manifest-lock.overrides.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 62cfbe5a1d..29eb489d5d 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -8,4 +8,14 @@ # in the `metadata.reason` key, though it's acceptable to omit a `reason` # for FCOS-specific packages (ignition, afterburn, etc.). -packages: {} +packages: + rpm-ostree: + evr: 2021.11-2.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-03a5539124 + type: fast-track + rpm-ostree-libs: + evr: 2021.11-2.fc34 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2021-03a5539124 + type: fast-track From 51194e0aacb3deda7fba24418298a788817ba38e Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 1 Oct 2021 10:08:02 -0400 Subject: [PATCH 486/489] initramfs: ignore `udevadm settle` errors We do `udevadm settle` in a few places to e.g. wait for symlinks to update based on whatever operation we just did. But if `udevadm settle` fails, we shouldn't fail the boot for it. It could be failing on some completely unrelated thing (since it waits for all events). Ideally in those scripts, we'd wait only for the specific events that we care about. But even so, we should just opportunistically keep booting. As a plus, even if we end up failing further down, we'll get a clearer error. Related: https://bugzilla.redhat.com/show_bug.cgi?id=2009662 --- .../lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh | 2 +- .../modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid | 2 +- .../modules.d/40ignition-ostree/ignition-ostree-growfs.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh index ee2fc4f4c0..dc55409429 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh @@ -39,4 +39,4 @@ fi echo "Randomizing disk GUID" sgdisk --disk-guid=R --move-second-header "$PKNAME" -udevadm settle +udevadm settle || : diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid index 0318471354..b2177352e8 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid @@ -61,7 +61,7 @@ if [ "${TYPE}" == "${orig_type}" ] && [ "${UUID}" == "${orig_uuid}" ]; then xfs) xfs_admin -U generate "${target}" ;; *) echo "unexpected filesystem type ${TYPE}" 1>&2; exit 1 ;; esac - udevadm settle + udevadm settle || : echo "Regenerated UUID for ${target}" else echo "No changes required for ${target} TYPE=${TYPE} UUID=${UUID}" diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh index 2dfaf13d00..d20b6a08d9 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh @@ -72,7 +72,7 @@ while true; do if [ -n "${DM_MPATH:-}" ]; then # Since growpart does not understand device mapper, we have to use sfdisk. echo ", +" | sfdisk --no-reread --no-tell-kernel --force -N "${DM_PART}" "/dev/mapper/${DM_MPATH}" - udevadm settle # Wait for udev-triggered kpartx to update mappings + udevadm settle || : # Wait for udev-triggered kpartx to update mappings else partnum=$(cat "/sys/dev/block/${MAJMIN}/partition") # XXX: ideally this'd be idempotent and we wouldn't `|| :` From 9e3a63119b910e189499c6c248cb2edef4ffcf5c Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Sat, 2 Oct 2021 21:29:26 +0000 Subject: [PATCH 487/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/499/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 34 +++++++++++++++++----------------- manifest-lock.x86_64.json | 34 +++++++++++++++++----------------- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 659cd2ee9a..d108856a8a 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -91,7 +91,7 @@ "evra": "4.1-1.fc34.aarch64" }, "cifs-utils": { - "evra": "6.11-3.fc34.aarch64" + "evra": "6.13-3.fc34.aarch64" }, "clevis": { "evra": "18-1.fc34.aarch64" @@ -160,10 +160,10 @@ "evra": "2.9.6-27.fc34.aarch64" }, "criu": { - "evra": "3.15-3.fc34.aarch64" + "evra": "3.16-2.fc34.aarch64" }, "criu-libs": { - "evra": "3.15-3.fc34.aarch64" + "evra": "3.16-2.fc34.aarch64" }, "crun": { "evra": "1.0-1.fc34.aarch64" @@ -295,10 +295,10 @@ "evra": "34-2.noarch" }, "file": { - "evra": "5.39-6.fc34.aarch64" + "evra": "5.39-7.fc34.aarch64" }, "file-libs": { - "evra": "5.39-6.fc34.aarch64" + "evra": "5.39-7.fc34.aarch64" }, "filesystem": { "evra": "3.14-5.fc34.aarch64" @@ -307,7 +307,7 @@ "evra": "1:4.8.0-2.fc34.aarch64" }, "flatpak-session-helper": { - "evra": "1.10.2-4.fc34.aarch64" + "evra": "1.10.3-1.fc34.aarch64" }, "fstrm": { "evra": "0.6.1-2.fc34.aarch64" @@ -457,13 +457,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.19-200.fc34.aarch64" + "evra": "5.14.9-200.fc34.aarch64" }, "kernel-core": { - "evra": "5.13.19-200.fc34.aarch64" + "evra": "5.14.9-200.fc34.aarch64" }, "kernel-modules": { - "evra": "5.13.19-200.fc34.aarch64" + "evra": "5.14.9-200.fc34.aarch64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.aarch64" @@ -898,13 +898,13 @@ "evra": "2.4.57-5.fc34.aarch64" }, "openssh": { - "evra": "8.6p1-3.fc34.aarch64" + "evra": "8.6p1-5.fc34.aarch64" }, "openssh-clients": { - "evra": "8.6p1-3.fc34.aarch64" + "evra": "8.6p1-5.fc34.aarch64" }, "openssh-server": { - "evra": "8.6p1-3.fc34.aarch64" + "evra": "8.6p1-5.fc34.aarch64" }, "openssl": { "evra": "1:1.1.1l-2.fc34.aarch64" @@ -1000,10 +1000,10 @@ "evra": "4.16.1.3-1.fc34.aarch64" }, "rpm-ostree": { - "evra": "2021.10-2.fc34.aarch64" + "evra": "2021.11-2.fc34.aarch64" }, "rpm-ostree-libs": { - "evra": "2021.10-2.fc34.aarch64" + "evra": "2021.11-2.fc34.aarch64" }, "rpm-plugin-selinux": { "evra": "4.16.1.3-1.fc34.aarch64" @@ -1178,16 +1178,16 @@ } }, "metadata": { - "generated": "2021-09-30T20:53:46Z", + "generated": "2021-10-02T20:54:36Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" }, "fedora-coreos-pool": { - "generated": "2021-09-29T21:37:56Z" + "generated": "2021-10-01T21:33:42Z" }, "fedora-updates": { - "generated": "2021-09-30T00:57:54Z" + "generated": "2021-10-02T00:58:24Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index e80f517310..0aef2e88ca 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -91,7 +91,7 @@ "evra": "4.1-1.fc34.x86_64" }, "cifs-utils": { - "evra": "6.11-3.fc34.x86_64" + "evra": "6.13-3.fc34.x86_64" }, "clevis": { "evra": "18-1.fc34.x86_64" @@ -160,10 +160,10 @@ "evra": "2.9.6-27.fc34.x86_64" }, "criu": { - "evra": "3.15-3.fc34.x86_64" + "evra": "3.16-2.fc34.x86_64" }, "criu-libs": { - "evra": "3.15-3.fc34.x86_64" + "evra": "3.16-2.fc34.x86_64" }, "crun": { "evra": "1.0-1.fc34.x86_64" @@ -295,10 +295,10 @@ "evra": "34-2.noarch" }, "file": { - "evra": "5.39-6.fc34.x86_64" + "evra": "5.39-7.fc34.x86_64" }, "file-libs": { - "evra": "5.39-6.fc34.x86_64" + "evra": "5.39-7.fc34.x86_64" }, "filesystem": { "evra": "3.14-5.fc34.x86_64" @@ -307,7 +307,7 @@ "evra": "1:4.8.0-2.fc34.x86_64" }, "flatpak-session-helper": { - "evra": "1.10.2-4.fc34.x86_64" + "evra": "1.10.3-1.fc34.x86_64" }, "fstrm": { "evra": "0.6.1-2.fc34.x86_64" @@ -463,13 +463,13 @@ "evra": "2.4.0-2.fc34.noarch" }, "kernel": { - "evra": "5.13.19-200.fc34.x86_64" + "evra": "5.14.9-200.fc34.x86_64" }, "kernel-core": { - "evra": "5.13.19-200.fc34.x86_64" + "evra": "5.14.9-200.fc34.x86_64" }, "kernel-modules": { - "evra": "5.13.19-200.fc34.x86_64" + "evra": "5.14.9-200.fc34.x86_64" }, "kexec-tools": { "evra": "2.0.21-5.fc34.x86_64" @@ -910,13 +910,13 @@ "evra": "2.4.57-5.fc34.x86_64" }, "openssh": { - "evra": "8.6p1-3.fc34.x86_64" + "evra": "8.6p1-5.fc34.x86_64" }, "openssh-clients": { - "evra": "8.6p1-3.fc34.x86_64" + "evra": "8.6p1-5.fc34.x86_64" }, "openssh-server": { - "evra": "8.6p1-3.fc34.x86_64" + "evra": "8.6p1-5.fc34.x86_64" }, "openssl": { "evra": "1:1.1.1l-2.fc34.x86_64" @@ -1012,10 +1012,10 @@ "evra": "4.16.1.3-1.fc34.x86_64" }, "rpm-ostree": { - "evra": "2021.10-2.fc34.x86_64" + "evra": "2021.11-2.fc34.x86_64" }, "rpm-ostree-libs": { - "evra": "2021.10-2.fc34.x86_64" + "evra": "2021.11-2.fc34.x86_64" }, "rpm-plugin-selinux": { "evra": "4.16.1.3-1.fc34.x86_64" @@ -1190,16 +1190,16 @@ } }, "metadata": { - "generated": "2021-09-30T20:53:41Z", + "generated": "2021-10-02T20:55:00Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" }, "fedora-coreos-pool": { - "generated": "2021-09-29T21:45:52Z" + "generated": "2021-10-01T21:38:29Z" }, "fedora-updates": { - "generated": "2021-09-30T00:58:25Z" + "generated": "2021-10-02T00:58:54Z" } } } From 08954efa915abd3e52240935d7e27235388f5533 Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Mon, 4 Oct 2021 13:27:02 +0000 Subject: [PATCH 488/489] lockfiles: bump to latest Job URL: https://jenkins-fedora-coreos.apps.ocp.ci.centos.org/job/bump-lockfile/503/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile --- manifest-lock.aarch64.json | 14 +++++++------- manifest-lock.x86_64.json | 18 +++++++++--------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index d108856a8a..3de5d22310 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -37,7 +37,7 @@ "evra": "2.5.1-1.fc34.aarch64" }, "audit-libs": { - "evra": "3.0.5-1.fc34.aarch64" + "evra": "3.0.6-1.fc34.aarch64" }, "avahi-libs": { "evra": "0.8-14.fc34.aarch64" @@ -379,16 +379,16 @@ "evra": "3.6-2.fc34.aarch64" }, "grub2-common": { - "evra": "1:2.06-2.fc34.noarch" + "evra": "1:2.06-6.fc34b.noarch" }, "grub2-efi-aa64": { - "evra": "1:2.06-2.fc34.aarch64" + "evra": "1:2.06-6.fc34b.aarch64" }, "grub2-tools": { - "evra": "1:2.06-2.fc34.aarch64" + "evra": "1:2.06-6.fc34b.aarch64" }, "grub2-tools-minimal": { - "evra": "1:2.06-2.fc34.aarch64" + "evra": "1:2.06-6.fc34b.aarch64" }, "gzip": { "evra": "1.10-4.fc34.aarch64" @@ -1178,7 +1178,7 @@ } }, "metadata": { - "generated": "2021-10-02T20:54:36Z", + "generated": "2021-10-04T12:35:32Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:46Z" @@ -1187,7 +1187,7 @@ "generated": "2021-10-01T21:33:42Z" }, "fedora-updates": { - "generated": "2021-10-02T00:58:24Z" + "generated": "2021-10-04T00:54:42Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 0aef2e88ca..44ecd00425 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -37,7 +37,7 @@ "evra": "2.5.1-1.fc34.x86_64" }, "audit-libs": { - "evra": "3.0.5-1.fc34.x86_64" + "evra": "3.0.6-1.fc34.x86_64" }, "avahi-libs": { "evra": "0.8-14.fc34.x86_64" @@ -379,22 +379,22 @@ "evra": "3.6-2.fc34.x86_64" }, "grub2-common": { - "evra": "1:2.06-2.fc34.noarch" + "evra": "1:2.06-6.fc34b.noarch" }, "grub2-efi-x64": { - "evra": "1:2.06-2.fc34.x86_64" + "evra": "1:2.06-6.fc34b.x86_64" }, "grub2-pc": { - "evra": "1:2.06-2.fc34.x86_64" + "evra": "1:2.06-6.fc34b.x86_64" }, "grub2-pc-modules": { - "evra": "1:2.06-2.fc34.noarch" + "evra": "1:2.06-6.fc34b.noarch" }, "grub2-tools": { - "evra": "1:2.06-2.fc34.x86_64" + "evra": "1:2.06-6.fc34b.x86_64" }, "grub2-tools-minimal": { - "evra": "1:2.06-2.fc34.x86_64" + "evra": "1:2.06-6.fc34b.x86_64" }, "gzip": { "evra": "1.10-4.fc34.x86_64" @@ -1190,7 +1190,7 @@ } }, "metadata": { - "generated": "2021-10-02T20:55:00Z", + "generated": "2021-10-04T12:35:35Z", "rpmmd_repos": { "fedora": { "generated": "2021-04-23T10:47:57Z" @@ -1199,7 +1199,7 @@ "generated": "2021-10-01T21:38:29Z" }, "fedora-updates": { - "generated": "2021-10-02T00:58:54Z" + "generated": "2021-10-04T00:55:48Z" } } } From 60d92d73c06debaf4a88f56f896f8afaa5b62bca Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 9 Jul 2021 16:17:22 -0400 Subject: [PATCH 489/489] Switch to ostree-format: "oci" Part of https://github.com/coreos/fedora-coreos-tracker/issues/812 In this initial step, we're merely switching the internal tarball to be a different format. A future step will change the FCOS pipeline to automatically push this container to quay.io. --- image.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/image.yaml b/image.yaml index 1bf800cca2..414a444ee1 100644 --- a/image.yaml +++ b/image.yaml @@ -2,3 +2,6 @@ # similarly to manifest.yaml. Unlike image-base.yaml, which is shared by all # streams. include: image-base.yaml + +# https://github.com/coreos/coreos-assembler/pull/2216 +ostree-format: "oci"