From 11b0a0d5d85a075ae8d17bc3a6dbbdc3c1ef050b Mon Sep 17 00:00:00 2001 From: Mohan Boddu Date: Aug 15 2017 15:01:35 +0000 Subject: [PATCH 1/8] Setup for rawhide being f28 Signed-off-by: Mohan Boddu --- diff --git a/config.ini b/config.ini index bbe9ade..6bc3882 100644 --- a/config.ini +++ b/config.ini @@ -10,7 +10,7 @@ os_pretty_name = Fedora Atomic tree_name = docker-host tree_file = %(os_name)s-%(tree_name)s.json arch = x86_64 -release = f23 +release = f28 ref = %(os_name)s/%(release)s/%(arch)s/%(tree_name)s yum_baseurl = http://dl.fedoraproject.org/pub/fedora/linux//development/rawhide/%(arch)s/os/ # lorax_additional_repos = http://127.0.0.1/fedora-atomic/local-overrides diff --git a/fedora-atomic-host.json b/fedora-atomic-host.json index 47e6a2b..1cc9a9b 100644 --- a/fedora-atomic-host.json +++ b/fedora-atomic-host.json @@ -7,8 +7,8 @@ "documentation": false, - "automatic_version_prefix": "25", - "mutate-os-release": "25", + "automatic_version_prefix": "28", + "mutate-os-release": "28", "initramfs-args": ["--no-hostonly", "--add", "iscsi"], From e62816bc7d8699b2642d283d40b98567e2667568 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Aug 18 2017 13:40:26 +0000 Subject: [PATCH 2/8] manifest: Add microcode_ctl This came up downstream: https://bugzilla.redhat.com/show_bug.cgi?id=1199582 A reason to do this is the recent bug: https://arstechnica.com/information-technology/2017/06/skylake-kaby-lake-chips-have-a-crash-bug-with-hyperthreading-enabled/ --- diff --git a/fedora-atomic-host.json b/fedora-atomic-host.json index 1cc9a9b..598cacf 100644 --- a/fedora-atomic-host.json +++ b/fedora-atomic-host.json @@ -85,6 +85,7 @@ "bridge-utils", "which", "nfs-utils", + "microcode_ctl", "curl", "iptables-services", "iptables", "NetworkManager", From 174e04cb6c268ce32135e8e70194b3ee42fb6f9d Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Aug 22 2017 14:57:48 +0000 Subject: [PATCH 3/8] post: Re-instate systemd ProtectHome/ProtectSystem and PrivateTmp This reverts https://pagure.io/fedora-atomic/c/6a8ee9a65491d5a37c9177a6d8a709a4ecb3baf7?branch=master I've tested that a rebase of F26AH works with the latest systemd there; for example it looks like `chronyd.service` uses `PrivateTmp=yes` and `ProtectSystem=full`, and it's running fine. --- diff --git a/treecompose-post.sh b/treecompose-post.sh index 5bb7034..2aa1068 100755 --- a/treecompose-post.sh +++ b/treecompose-post.sh @@ -4,6 +4,3 @@ set -xeuo pipefail # Work around https://bugzilla.redhat.com/show_bug.cgi?id=1265295 echo 'Storage=persistent' >> /etc/systemd/journald.conf - -# Work around https://github.com/systemd/systemd/issues/4082 -find /usr/lib/systemd/system/ -type f -exec sed -i -e '/^PrivateTmp=/d' -e '/^Protect\(Home\|System\)=/d' {} \; From 0435250a9308ba55e56f3c31edfe63aab2c41d8d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Aug 27 2017 02:58:41 +0000 Subject: [PATCH 4/8] add in dnsmasq since NM dropped the dep dnsmasq was dropped as a dep of NM [1], but openshift-ansible uses dnsmasq so let's add it back. [1] http://pkgs.fedoraproject.org/cgit/rpms/NetworkManager.git/commit/NetworkManager.spec?h=f26&id=ce85c6f (cherry picked from commit ec559e229d3c1f9ae3eb0362215b0e6de5cb89c4 on the f26 branch) Signed-off-by: Dusty Mabe --- diff --git a/fedora-atomic-host.json b/fedora-atomic-host.json index 598cacf..9f1a821 100644 --- a/fedora-atomic-host.json +++ b/fedora-atomic-host.json @@ -89,6 +89,7 @@ "curl", "iptables-services", "iptables", "NetworkManager", + "dnsmasq", "hostname", "initscripts", "iproute", "iputils", "less", "sos", "openssh-clients", "openssh-server", "passwd", From 357bfe429d6e24f0f899337db5c3b25c0303255b Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sep 01 2017 23:24:30 +0000 Subject: [PATCH 5/8] microcode_ctl is x86_64 only --- diff --git a/fedora-atomic-host.json b/fedora-atomic-host.json index 9f1a821..c259a2f 100644 --- a/fedora-atomic-host.json +++ b/fedora-atomic-host.json @@ -85,7 +85,6 @@ "bridge-utils", "which", "nfs-utils", - "microcode_ctl", "curl", "iptables-services", "iptables", "NetworkManager", @@ -133,7 +132,8 @@ "packages-ppc64le": ["grub2", "ostree-grub2", "atomic-devmode"], "packages-x86_64": ["grub2", "grub2-efi", "ostree-grub2", - "efibootmgr", "shim", "atomic-devmode"], + "efibootmgr", "shim", "atomic-devmode", + "microcode_ctl"], "default_target": "multi-user.target", From 07d38077bf76cf4f70b8f7a75d43d9f5530d6cde Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sep 19 2017 21:18:06 +0000 Subject: [PATCH 6/8] manifest: Use 64 bit grub2 EFI Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1492145 --- diff --git a/fedora-atomic-host.json b/fedora-atomic-host.json index c259a2f..94d2c45 100644 --- a/fedora-atomic-host.json +++ b/fedora-atomic-host.json @@ -131,7 +131,7 @@ "packages-ppc64le": ["grub2", "ostree-grub2", "atomic-devmode"], - "packages-x86_64": ["grub2", "grub2-efi", "ostree-grub2", + "packages-x86_64": ["grub2", "grub2-efi-x64", "ostree-grub2", "efibootmgr", "shim", "atomic-devmode", "microcode_ctl"], From 69175122091a813c78bc3f75ec2f89d09772cf53 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sep 27 2017 13:39:37 +0000 Subject: [PATCH 7/8] add back in gluster/ceph They were originally removed when kube was removed [1], but recent developments with container native storage make it advantageous to leave them in. It will be easier to take them out when kube supports a sidecar style use of storage tools [2]. We could also possibly take them out when ansible supports package layering and rpm-ostree livefs is no longer experimental. See more discussion here [3]. [1] https://pagure.io/fedora-atomic/c/7d50906d91097f6eef4af91a6f693b98c57a9b91?branch=master [2] https://pagure.io/atomic-wg/issue/333#comment-467286 [3] https://pagure.io/atomic-wg/issue/333 --- diff --git a/fedora-atomic-host.json b/fedora-atomic-host.json index 94d2c45..4c63c76 100644 --- a/fedora-atomic-host.json +++ b/fedora-atomic-host.json @@ -115,6 +115,8 @@ "docker", "python-docker-py", "iscsi-initiator-utils", + "glusterfs", "glusterfs-fuse", + "ceph-common", "oddjob-mkhomedir", "oci-register-machine", "oci-systemd-hook", From 489bbcf9dd941d82f6f5723323d7369cf3245d35 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Dec 05 2017 15:23:01 +0000 Subject: [PATCH 8/8] Add rpm-ostree jigdo spec For https://github.com/projectatomic/rpm-ostree/pull/1103 --- diff --git a/fedora-atomic-host-oirpm.spec b/fedora-atomic-host-oirpm.spec new file mode 100644 index 0000000..2b14faf --- /dev/null +++ b/fedora-atomic-host-oirpm.spec @@ -0,0 +1,21 @@ +# Suppress most build root processing since we are just carrying binary data +%global __os_install_post /usr/lib/rpm/brp-compress %{nil} +Name: fedora-atomic-host +Version: %{ostree_version} +Release: 1%{?dist} +Summary: Image (rpm-ostree jigdo) for Fedora Atomic Host +License: MIT + +%description +%{summary} + +%prep + +%build + +%install +mkdir -p %{buildroot}%{_prefix}/lib/ostree-jigdo/%{name} +for x in *; do mv ${x} %{buildroot}%{_prefix}/lib/ostree-jigdo/%{name}; done + +%files +%{_prefix}/lib/ostree-jigdo/%{name}