rancher · Ludea · Feb 7, 2022 · Feb 7, 2022 · Feb 7, 2022 · Feb 10, 2022
@@ -0,0 +1,53 @@
+ARG LUET_VERSION=0.20.6
+FROM quay.io/luet/base:$LUET_VERSION AS luet
+
+FROM fedora:35
+
+ENV COSIGN_EXPERIMENTAL=1
+ENV COSIGN_REPOSITORY=raccos/releases-orange
+
+RUN dnf install -y \
+    NetworkManager \
+    squashfs-tools \ 
+    dracut-live \
+    efibootmgr \
+    audit \
+    kernel \
+    systemd \
+    parted \
+    dracut \
+    e2fsprogs \
+    dosfstools \
+    coreutils \
+    device-mapper \
+    grub2 \
+    which \
+    curl \
+    nano \
+    gawk \
+    haveged \
+    tar \
+    rsync
+
+# Copy the luet config file pointing to the upgrade repository
+COPY conf/luet.yaml /etc/luet/luet.yaml
+
+# Copy luet from the official images
+COPY --from=luet /usr/bin/luet /usr/bin/luet
+
+RUN luet install -y meta/cos-verify
+
+RUN luet install --plugin luet-cosign -y \
+    meta/cos-minimal \
+    utils/k9s \
+    utils/nerdctl
+
+COPY files/ /
+
+RUN dracut --regenerate-all -f
+RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && \
+    ln -sf "${kernel#/boot/}" /boot/vmlinuz
+
+RUN kernel=$(ls /lib/modules | head -n1) && \
+    cd /boot && \
+    ln -sf *.img initrd
@@ -0,0 +1,16 @@
+logging:
+  color: false
+  enable_emoji: false
+general:
+   debug: false
+   spinner_charset: 9
+repositories:
+- name: "cos"
+  description: "cOS official"
+  type: "docker"
+  enable: true
+  cached: true
+  priority: 1
+  verify: false
+  urls:
+  - "quay.io/costoolkit/releases-blue"
@@ -0,0 +1,45 @@
+# cOS configuration file
+# This file allows to tweak cOS configuration such as: default upgrade/recovery image and GRUB menu entry
+
+# Disable/enable image verification during upgrades ( default: true )
+VERIFY=false
+
+# Disable/enable upgrades via release channels instead of container images. ( default: true )
+CHANNEL_UPGRADES=false
+
+# Default container image used for upgrades. ( defaults to system/cos with channel CHANNEL_UPGRADES enabled )
+UPGRADE_IMAGE="quay.io/mudler/cos-test:cos-standard"
+
+# Default recovery image to use when upgrading the recovery partition
+# ( defaults to recovery/cos in vanilla cOS images with channel CHANNEL_UPGRADES enabled. Otherwise it defaults to UPGRADE_IMAGE ).
+RECOVERY_IMAGE="quay.io/mudler/cos-test:cos-standard"
+
+# GRUB entry to display on boot. ( defaults: cOS )
+GRUB_ENTRY_NAME="example"
+
+# Space separated list of additional paths that are used to
+# source cloud-config from. ( defaults paths are: /system/oem /oem/ /usr/local/cloud-config/ )
+CLOUD_INIT_PATHS=""
+
+# This is the directory that can be used to store cloud-init files that can be enabled/disabled in runtime
+# by cos-features. ( defaults to /system/features )
+COS_FEATURESDIR="/system/features"
+
+# This is the repository that hosts the signature files used by cosign and luet-cosign plugin during upgrade/deploy to
+# check the artifact signatures
+COSIGN_REPOSITORY="raccos/releases-blue"
+
+# This sets keyless verify on building packages with luet and the luet-cosign plugin.
+# 1  = enabled keyless, 0 = disabled, uses normal public key verification
+COSIGN_EXPERIMENTAL=1
+
+# This sets the location of the public key to use to verify the packages installed by luet during upgrade/deploy
+# This can be set to file, URL, KMS URI or Kubernetes Secret
+# This is only used if COSIGN_EXPERIMENTAL is set to 0
+COSIGN_PUBLIC_KEY_LOCATION=""
+
+# Default size (in MB) of disk image files (.img) created during upgrades
+DEFAULT_IMAGE_SIZE=3240
+
+# Path to default configuration grub file
+GRUBCONF="/etc/cos/grub.cfg"
@@ -0,0 +1,2 @@
+VERSION="35"
+PRETTY_NAME="Fedora"
@@ -0,0 +1,17 @@
+# Default cOS OEM configuration file
+#
+# This file is part of cOS and will get reset during upgrades.
+#
+# Before you change this file manually,
+# consider copying this file to /usr/local/cloud-config or
+# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml
+name: "Default user"
+stages:
+   initramfs:
+     - name: "Setup users"
+       ensure_entities:
+       - path: /etc/shadow
+         entity: |
+            kind: "shadow"
+            username: "root"
+            password: "cos"
@@ -0,0 +1,43 @@
+ARG LUET_VERSION=0.20.6
+FROM quay.io/luet/base:$LUET_VERSION AS luet
+
+FROM ubuntu:20.04
+
+ENV COSIGN_EXPERIMENTAL=1
+ENV COSIGN_REPOSITORY=raccos/releases-orange
+
+RUN apt install -y \
+	systemd \
+	grub2-common \
+	iproute2 \
+	squashfs-tools \
+	parted dracut \
+	dracut-network \
+	e2fsprogs \
+	dosfstools \
+	coreutils \
+	debianutils \
+	curl \
+	nano \
+	gawk \
+	haveged \
+	rsync
+
+# Copy the luet config file pointing to the upgrade repository
+COPY conf/luet.yaml /etc/luet/luet.yaml
+
+# Copy luet from the official images
+COPY --from=luet /usr/bin/luet /usr/bin/luet
+
+RUN luet install -y meta/cos-verify
+
+RUN luet install --plugin luet-cosign -y \
+    meta/cos-minimal \
+    utils/k9s \
+    utils/nerdctl
+
+COPY files/ /
+
+RUN dracut --regenerate-all -f
+RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && \
+    ln -sf "${kernel#/boot/}" /boot/vmlinuz
@@ -0,0 +1,45 @@
+# cOS configuration file
+# This file allows to tweak cOS configuration such as: default upgrade/recovery image and GRUB menu entry
+
+# Disable/enable image verification during upgrades ( default: true )
+VERIFY=false
+
+# Disable/enable upgrades via release channels instead of container images. ( default: true )
+CHANNEL_UPGRADES=false
+
+# Default container image used for upgrades. ( defaults to system/cos with channel CHANNEL_UPGRADES enabled )
+UPGRADE_IMAGE="quay.io/mudler/cos-test:cos-standard"
+
+# Default recovery image to use when upgrading the recovery partition
+# ( defaults to recovery/cos in vanilla cOS images with channel CHANNEL_UPGRADES enabled. Otherwise it defaults to UPGRADE_IMAGE ).
+RECOVERY_IMAGE="quay.io/mudler/cos-test:cos-standard"
+
+# GRUB entry to display on boot. ( defaults: cOS )
+GRUB_ENTRY_NAME="example"
+
+# Space separated list of additional paths that are used to
+# source cloud-config from. ( defaults paths are: /system/oem /oem/ /usr/local/cloud-config/ )
+CLOUD_INIT_PATHS=""
+
+# This is the directory that can be used to store cloud-init files that can be enabled/disabled in runtime
+# by cos-features. ( defaults to /system/features )
+COS_FEATURESDIR="/system/features"
+
+# This is the repository that hosts the signature files used by cosign and luet-cosign plugin during upgrade/deploy to
+# check the artifact signatures
+COSIGN_REPOSITORY="raccos/releases-orange"
+
+# This sets keyless verify on building packages with luet and the luet-cosign plugin.
+# 1  = enabled keyless, 0 = disabled, uses normal public key verification
+COSIGN_EXPERIMENTAL=1
+
+# This sets the location of the public key to use to verify the packages installed by luet during upgrade/deploy
+# This can be set to file, URL, KMS URI or Kubernetes Secret
+# This is only used if COSIGN_EXPERIMENTAL is set to 0
+COSIGN_PUBLIC_KEY_LOCATION=""
+
+# Default size (in MB) of disk image files (.img) created during upgrades
+DEFAULT_IMAGE_SIZE=3240
+
+# Path to default configuration grub file
+GRUBCONF="/etc/cos/grub.cfg"
@@ -0,0 +1,2 @@
+VERSION="20.04"
+PRETTY_NAME="Ubuntu"
@@ -0,0 +1,17 @@
+# Default cOS OEM configuration file
+#
+# This file is part of cOS and will get reset during upgrades.
+#
+# Before you change this file manually,
+# consider copying this file to /usr/local/cloud-config or
+# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml
+name: "Default user"
+stages:
+   initramfs:
+     - name: "Setup users"
+       ensure_entities:
+       - path: /etc/shadow
+         entity: |
+            kind: "shadow"
+            username: "root"
+            password: "cos"
diff --git a/examples/standard/ubuntu/luet.yaml b/examples/standard/ubuntu/luet.yaml
@@ -0,0 +1,16 @@
+logging:
+  color: false
+  enable_emoji: false
+general:
+   debug: false
+   spinner_charset: 9
+repositories:
+- name: "cos"
+  description: "cOS official"
+  type: "docker"
+  enable: true
+  cached: true
+  priority: 1
+  verify: false
+  urls:
+  - "quay.io/costoolkit/releases-orange"