From cf75093163688e8e4e4a4a317248baca397725a1 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Fri, 3 May 2024 13:38:32 +0200 Subject: [PATCH] Update osbuild/images v0.59.0 Pulling in: - https://github.com/osbuild/images/pull/650 - https://github.com/osbuild/images/pull/651 --- go.mod | 4 +- go.sum | 8 +- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/service/ec2/api.go | 255 ++++++++++++++++++ .../osbuild/images/pkg/distro/rhel/images.go | 9 +- .../osbuild/images/pkg/dnfjson/dnfjson.go | 6 + .../osbuild/images/pkg/manifest/os.go | 46 ++++ .../osbuild/images/pkg/manifest/raw_bootc.go | 45 +++- vendor/modules.txt | 4 +- 9 files changed, 357 insertions(+), 22 deletions(-) diff --git a/go.mod b/go.mod index 849cb9392e..0eacf707e7 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 github.com/BurntSushi/toml v1.3.2 - github.com/aws/aws-sdk-go v1.52.0 + github.com/aws/aws-sdk-go v1.52.1 github.com/coreos/go-semver v0.3.1 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf github.com/deepmap/oapi-codegen v1.8.2 @@ -36,7 +36,7 @@ require ( github.com/labstack/gommon v0.4.2 github.com/openshift-online/ocm-sdk-go v0.1.418 github.com/oracle/oci-go-sdk/v54 v54.0.0 - github.com/osbuild/images v0.58.0 + github.com/osbuild/images v0.59.0 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 github.com/osbuild/pulp-client v0.1.0 github.com/prometheus/client_golang v1.19.0 diff --git a/go.sum b/go.sum index 73677a024e..a23175c99e 100644 --- a/go.sum +++ b/go.sum @@ -80,8 +80,8 @@ github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat6 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go v1.52.0 h1:ptgek/4B2v/ljsjYSEvLQ8LTD+SQyrqhOOWvHc/VGPI= -github.com/aws/aws-sdk-go v1.52.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.52.1 h1:pYpPIuvVsawYDR0Nt3VrceizUAbtpTN3Z7xBzcZWwfI= +github.com/aws/aws-sdk-go v1.52.1/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -501,8 +501,8 @@ github.com/openshift-online/ocm-sdk-go v0.1.418 h1:UgMcx16YOS0cs6c0b0ZXbffnjciiu github.com/openshift-online/ocm-sdk-go v0.1.418/go.mod h1:CiAu2jwl3ITKOxkeV0Qnhzv4gs35AmpIzVABQLtcI2Y= github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXchUUZ+LS4= github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc= -github.com/osbuild/images v0.58.0 h1:BKmePx5SyOMPP5pQyi0X40iIO7vjdUCfhNsIqRzRQfU= -github.com/osbuild/images v0.58.0/go.mod h1:nt/e/QnHQ0qdznAbfbLQs44Iz9kjV9NammmNZ7UI12U= +github.com/osbuild/images v0.59.0 h1:6TmPP58/OWKz53fPeuJTQTv4gVzghPgAnYfxNh3frTU= +github.com/osbuild/images v0.59.0/go.mod h1:wXimLIwsSsTFH8JyZOqwLNOPseCgzOH52DNGexJnL64= github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 h1:UFEJIcPa46W8gtWgOYzriRKYyy1t6SWL0BI7fPTuVvc= github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1/go.mod h1:z+WA+dX6qMwc7fqY5jCzESDIlg4WR2sBQezxsoXv9Ik= github.com/osbuild/pulp-client v0.1.0 h1:L0C4ezBJGTamN3BKdv+rKLuq/WxXJbsFwz/Hj7aEmJ8= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index d0d3118f27..25f2c8b55a 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.52.0" +const SDKVersion = "1.52.1" diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index 220a7a49db..08ae0cc38e 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -41430,6 +41430,80 @@ func (c *EC2) GetInstanceMetadataDefaultsWithContext(ctx aws.Context, input *Get return out, req.Send() } +const opGetInstanceTpmEkPub = "GetInstanceTpmEkPub" + +// GetInstanceTpmEkPubRequest generates a "aws/request.Request" representing the +// client's request for the GetInstanceTpmEkPub operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetInstanceTpmEkPub for more information on using the GetInstanceTpmEkPub +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetInstanceTpmEkPubRequest method. +// req, resp := client.GetInstanceTpmEkPubRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetInstanceTpmEkPub +func (c *EC2) GetInstanceTpmEkPubRequest(input *GetInstanceTpmEkPubInput) (req *request.Request, output *GetInstanceTpmEkPubOutput) { + op := &request.Operation{ + Name: opGetInstanceTpmEkPub, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetInstanceTpmEkPubInput{} + } + + output = &GetInstanceTpmEkPubOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetInstanceTpmEkPub API operation for Amazon Elastic Compute Cloud. +// +// Gets the public endorsement key associated with the Nitro Trusted Platform +// Module (NitroTPM) for the specified instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetInstanceTpmEkPub for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetInstanceTpmEkPub +func (c *EC2) GetInstanceTpmEkPub(input *GetInstanceTpmEkPubInput) (*GetInstanceTpmEkPubOutput, error) { + req, out := c.GetInstanceTpmEkPubRequest(input) + return out, req.Send() +} + +// GetInstanceTpmEkPubWithContext is the same as GetInstanceTpmEkPub with the addition of +// the ability to pass a context and additional request options. +// +// See GetInstanceTpmEkPub for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetInstanceTpmEkPubWithContext(ctx aws.Context, input *GetInstanceTpmEkPubInput, opts ...request.Option) (*GetInstanceTpmEkPubOutput, error) { + req, out := c.GetInstanceTpmEkPubRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetInstanceTypesFromInstanceRequirements = "GetInstanceTypesFromInstanceRequirements" // GetInstanceTypesFromInstanceRequirementsRequest generates a "aws/request.Request" representing the @@ -126617,6 +126691,155 @@ func (s *GetInstanceMetadataDefaultsOutput) SetAccountLevel(v *InstanceMetadataD return s } +type GetInstanceTpmEkPubInput struct { + _ struct{} `type:"structure"` + + // Specify this parameter to verify whether the request will succeed, without + // actually making the request. If the request will succeed, the response is + // DryRunOperation. Otherwise, the response is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the instance for which to get the public endorsement key. + // + // InstanceId is a required field + InstanceId *string `type:"string" required:"true"` + + // The required public endorsement key format. Specify der for a DER-encoded + // public key that is compatible with OpenSSL. Specify tpmt for a TPM 2.0 format + // that is compatible with tpm2-tools. The returned key is base64 encoded. + // + // KeyFormat is a required field + KeyFormat *string `type:"string" required:"true" enum:"EkPubKeyFormat"` + + // The required public endorsement key type. + // + // KeyType is a required field + KeyType *string `type:"string" required:"true" enum:"EkPubKeyType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetInstanceTpmEkPubInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetInstanceTpmEkPubInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetInstanceTpmEkPubInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetInstanceTpmEkPubInput"} + if s.InstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceId")) + } + if s.KeyFormat == nil { + invalidParams.Add(request.NewErrParamRequired("KeyFormat")) + } + if s.KeyType == nil { + invalidParams.Add(request.NewErrParamRequired("KeyType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetInstanceTpmEkPubInput) SetDryRun(v bool) *GetInstanceTpmEkPubInput { + s.DryRun = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *GetInstanceTpmEkPubInput) SetInstanceId(v string) *GetInstanceTpmEkPubInput { + s.InstanceId = &v + return s +} + +// SetKeyFormat sets the KeyFormat field's value. +func (s *GetInstanceTpmEkPubInput) SetKeyFormat(v string) *GetInstanceTpmEkPubInput { + s.KeyFormat = &v + return s +} + +// SetKeyType sets the KeyType field's value. +func (s *GetInstanceTpmEkPubInput) SetKeyType(v string) *GetInstanceTpmEkPubInput { + s.KeyType = &v + return s +} + +type GetInstanceTpmEkPubOutput struct { + _ struct{} `type:"structure"` + + // The ID of the instance. + InstanceId *string `locationName:"instanceId" type:"string"` + + // The public endorsement key format. + KeyFormat *string `locationName:"keyFormat" type:"string" enum:"EkPubKeyFormat"` + + // The public endorsement key type. + KeyType *string `locationName:"keyType" type:"string" enum:"EkPubKeyType"` + + // The public endorsement key material. + // + // KeyValue is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetInstanceTpmEkPubOutput's + // String and GoString methods. + KeyValue *string `locationName:"keyValue" type:"string" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetInstanceTpmEkPubOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetInstanceTpmEkPubOutput) GoString() string { + return s.String() +} + +// SetInstanceId sets the InstanceId field's value. +func (s *GetInstanceTpmEkPubOutput) SetInstanceId(v string) *GetInstanceTpmEkPubOutput { + s.InstanceId = &v + return s +} + +// SetKeyFormat sets the KeyFormat field's value. +func (s *GetInstanceTpmEkPubOutput) SetKeyFormat(v string) *GetInstanceTpmEkPubOutput { + s.KeyFormat = &v + return s +} + +// SetKeyType sets the KeyType field's value. +func (s *GetInstanceTpmEkPubOutput) SetKeyType(v string) *GetInstanceTpmEkPubOutput { + s.KeyType = &v + return s +} + +// SetKeyValue sets the KeyValue field's value. +func (s *GetInstanceTpmEkPubOutput) SetKeyValue(v string) *GetInstanceTpmEkPubOutput { + s.KeyValue = &v + return s +} + type GetInstanceTypesFromInstanceRequirementsInput struct { _ struct{} `type:"structure"` @@ -192751,6 +192974,38 @@ func Ec2InstanceConnectEndpointState_Values() []string { } } +const ( + // EkPubKeyFormatDer is a EkPubKeyFormat enum value + EkPubKeyFormatDer = "der" + + // EkPubKeyFormatTpmt is a EkPubKeyFormat enum value + EkPubKeyFormatTpmt = "tpmt" +) + +// EkPubKeyFormat_Values returns all elements of the EkPubKeyFormat enum +func EkPubKeyFormat_Values() []string { + return []string{ + EkPubKeyFormatDer, + EkPubKeyFormatTpmt, + } +} + +const ( + // EkPubKeyTypeRsa2048 is a EkPubKeyType enum value + EkPubKeyTypeRsa2048 = "rsa-2048" + + // EkPubKeyTypeEccSecP384 is a EkPubKeyType enum value + EkPubKeyTypeEccSecP384 = "ecc-sec-p384" +) + +// EkPubKeyType_Values returns all elements of the EkPubKeyType enum +func EkPubKeyType_Values() []string { + return []string{ + EkPubKeyTypeRsa2048, + EkPubKeyTypeEccSecP384, + } +} + const ( // ElasticGpuStateAttached is a ElasticGpuState enum value ElasticGpuStateAttached = "ATTACHED" diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go index 40343f9f0c..813cb5307d 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go @@ -524,7 +524,7 @@ func EdgeInstallerImage(workload workload.Workload, img.Product = t.Arch().Distro().Product() img.Variant = "edge" - img.OSName = "rhel" + img.OSName = "rhel-edge" img.OSVersion = t.Arch().Distro().OsVersion() img.Release = fmt.Sprintf("%s %s", t.Arch().Distro().Product(), t.Arch().Distro().OsVersion()) img.FIPS = customizations.GetFIPS() @@ -561,7 +561,7 @@ func EdgeRawImage(workload workload.Workload, URL: options.OSTree.URL, ContentURL: options.OSTree.ContentURL, } - img.OSName = "redhat" + img.OSName = "rhel-edge" // TODO: move generation into LiveImage pt, err := t.GetPartitionTable(customizations.GetFilesystems(), options, rng) @@ -603,7 +603,7 @@ func EdgeSimplifiedInstallerImage(workload workload.Workload, URL: options.OSTree.URL, ContentURL: options.OSTree.ContentURL, } - rawImg.OSName = "redhat" + rawImg.OSName = "rhel-edge" // TODO: move generation into LiveImage pt, err := t.GetPartitionTable(customizations.GetFilesystems(), options, rng) @@ -641,7 +641,7 @@ func EdgeSimplifiedInstallerImage(workload workload.Workload, d := t.arch.distro img.Product = d.product img.Variant = "edge" - img.OSName = "redhat" + img.OSName = "rhel-edge" img.OSVersion = d.osVersion installerConfig, err := t.getDefaultInstallerConfig() @@ -708,7 +708,6 @@ func ImageInstallerImage(workload workload.Workload, d := t.arch.distro img.Product = d.product - img.OSName = "redhat" img.OSVersion = d.osVersion img.Release = fmt.Sprintf("%s %s", d.product, d.osVersion) diff --git a/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go b/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go index e95920495e..a0cabf4194 100644 --- a/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go +++ b/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go @@ -50,6 +50,12 @@ type BaseSolver struct { // doesn't use libexec. func findDepsolveDnf() string { locations := []string{"/usr/libexec/osbuild-depsolve-dnf", "/usr/lib/osbuild/osbuild-depsolve-dnf"} + + // Override the default location + testLocation := os.Getenv("OSBUILD_DEPSOLVE_DNF") + if len(testLocation) > 0 { + locations = []string{testLocation} + } for _, djPath := range locations { _, err := os.Stat(djPath) if !os.IsNotExist(err) { diff --git a/vendor/github.com/osbuild/images/pkg/manifest/os.go b/vendor/github.com/osbuild/images/pkg/manifest/os.go index 36b3114d7e..8350e33185 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/os.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/os.go @@ -577,6 +577,9 @@ func (p *OS) serialize() osbuild.Pipeline { commands = append(commands, "restorecon -R /root/.gnupg") // execute the rhc post install script as the selinuxenabled check doesn't work in the buildroot container commands = append(commands, "/usr/sbin/semanage permissive --add rhcd_t") + if p.OSTreeRef != "" { + p.runInsightsClientOnBoot() + } } else { commands = []string{fmt.Sprintf("/usr/sbin/subscription-manager register --org=${ORG_ID} --activationkey=${ACTIVATION_KEY} --serverurl %s --baseurl %s", p.Subscription.ServerUrl, p.Subscription.BaseUrl)} @@ -585,6 +588,9 @@ func (p *OS) serialize() osbuild.Pipeline { commands = append(commands, "/usr/bin/insights-client --register") // insights-client creates the .gnupg directory during boot process, and is labeled incorrectly commands = append(commands, "restorecon -R /root/.gnupg") + if p.OSTreeRef != "" { + p.runInsightsClientOnBoot() + } } } @@ -882,3 +888,43 @@ func (p *OS) getInline() []string { return inlineData } + +// For ostree-based systems, creates a drop-in file for the insights-client +// service to run on boot and enables the service. This is only meant for +// ostree-based systems. +func (p *OS) runInsightsClientOnBoot() { + // Insights-client collection must occur at boot time so + // that the current ostree commit hash can be reflected + // after upgrade. Otherwise, the upgrade shows as failed in + // the console UI. + // Add a drop-in file that enables insights-client.service to + // run on successful boot. + // See https://issues.redhat.com/browse/HMS-4031 + // + // NOTE(akoutsou): drop-in files can normally be created with the + // org.osbuild.systemd.unit stage but the stage doesn't support + // all the options we need. This is a temporary workaround + // until we get the stage updated to support everything we need. + icDropinFilepath, icDropinContents := insightsClientDropin() + if icDropinDirectory, err := fsnode.NewDirectory(filepath.Dir(icDropinFilepath), nil, "root", "root", true); err == nil { + p.Directories = append(p.Directories, icDropinDirectory) + } + if icDropinFile, err := fsnode.NewFile(icDropinFilepath, nil, "root", "root", []byte(icDropinContents)); err == nil { + p.Files = append(p.Files, icDropinFile) + } else { + panic(err) + } + // Enable the service now that it's "enable-able" + p.EnabledServices = append(p.EnabledServices, "insights-client.service") +} + +// Filename and contents for the insights-client service drop-in. +// This is a temporary workaround until the org.osbuild.systemd.unit stage +// gains support for all the options we need. +func insightsClientDropin() (string, string) { + return "/etc/systemd/system/insights-client.service.d/override.conf", `[Unit] +Requisite=greenboot-healthcheck.service +After=network-online.target greenboot-healthcheck.service osbuild-first-boot.service +[Install] +WantedBy=multi-user.target` +} diff --git a/vendor/github.com/osbuild/images/pkg/manifest/raw_bootc.go b/vendor/github.com/osbuild/images/pkg/manifest/raw_bootc.go index aef78642aa..00245fca9f 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/raw_bootc.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/raw_bootc.go @@ -85,6 +85,39 @@ func (p *RawBootcImage) serializeEnd() { p.containerSpecs = nil } +func buildHomedirPaths(users []users.User) []osbuild.MkdirStagePath { + var containsRootUser, containsNormalUser bool + + for _, user := range users { + if user.Name == "root" { + containsRootUser = true + } else { + containsNormalUser = true + } + } + + rootHomePath := osbuild.MkdirStagePath{ + Path: "/var/roothome", + Mode: common.ToPtr(os.FileMode(0700)), + ExistOk: true, + } + userHomePath := osbuild.MkdirStagePath{ + Path: "/var/home", + Mode: common.ToPtr(os.FileMode(0755)), + ExistOk: true, + } + switch { + case containsRootUser && containsNormalUser: + return []osbuild.MkdirStagePath{rootHomePath, userHomePath} + case containsRootUser: + return []osbuild.MkdirStagePath{rootHomePath} + case containsNormalUser: + return []osbuild.MkdirStagePath{userHomePath} + default: + return nil + } +} + func (p *RawBootcImage) serialize() osbuild.Pipeline { pipeline := p.Base.serialize() @@ -148,16 +181,12 @@ func (p *RawBootcImage) serialize() osbuild.Pipeline { groupsStage.Devices = devices pipeline.AddStage(groupsStage) } + if len(p.Users) > 0 { - // ensure /var/home is available + // ensure home root dir (currently /var/home, /var/roothome) is + // available mkdirStage := osbuild.NewMkdirStage(&osbuild.MkdirStageOptions{ - Paths: []osbuild.MkdirStagePath{ - { - Path: "/var/home", - Mode: common.ToPtr(os.FileMode(0755)), - ExistOk: true, - }, - }, + Paths: buildHomedirPaths(p.Users), }) mkdirStage.Mounts = mounts mkdirStage.Devices = devices diff --git a/vendor/modules.txt b/vendor/modules.txt index 26026d9163..ef346b2d56 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -212,7 +212,7 @@ github.com/acarl005/stripansi # github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 ## explicit; go 1.13 github.com/asaskevich/govalidator -# github.com/aws/aws-sdk-go v1.52.0 +# github.com/aws/aws-sdk-go v1.52.1 ## explicit; go 1.19 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn @@ -865,7 +865,7 @@ github.com/oracle/oci-go-sdk/v54/identity github.com/oracle/oci-go-sdk/v54/objectstorage github.com/oracle/oci-go-sdk/v54/objectstorage/transfer github.com/oracle/oci-go-sdk/v54/workrequests -# github.com/osbuild/images v0.58.0 +# github.com/osbuild/images v0.59.0 ## explicit; go 1.20 github.com/osbuild/images/internal/common github.com/osbuild/images/internal/environment