Merge pull request #3341 from Jakob-Naucke/centos-stream

osbuilder: Add CentOS Stream rootfs

tools/osbuilder/.gitignore

@@ -3,7 +3,7 @@ dracut/Dockerfile
 dracut/dracut.conf.d/15-extra-libs.conf
 /.*.done
 /*_rootfs
-/kata-Centos-dnf.conf
+/kata-centos-dnf.conf
 /kata-containers-initrd.img
 /kata-containers.img
 rootfs-builder/centos/RPM-GPG-KEY-*

tools/osbuilder/README.md

@@ -209,9 +209,9 @@ of the the osbuilder distributions.
 > Note: this table is not relevant for the dracut build method, since it supports
 any Linux distribution and architecture where dracut is available.
 
-|           |Alpine            |Clear Linux       |Debian/Ubuntu     |
+|           |Alpine            |CentOS Stream     |Clear Linux       |Debian/Ubuntu     |
-|--         |--                |--                |--                |
+|--         |--                |--                |--                |--                |
-|**ARM64**  |:heavy_check_mark:|                  |                  |
+|**ARM64**  |:heavy_check_mark:|:heavy_check_mark:|                  |                  |
-|**PPC64le**|:heavy_check_mark:|                  |:heavy_check_mark:|
+|**PPC64le**|                  |:heavy_check_mark:|                  |:heavy_check_mark:|
-|**s390x**  |                  |                  |:heavy_check_mark:|
+|**s390x**  |                  |:heavy_check_mark:|                  |:heavy_check_mark:|
-|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
+|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|

tools/osbuilder/rootfs-builder/centos/Dockerfile.in

@@ -0,0 +1,18 @@
+# Copyright (c) 2018 Intel Corporation, 2021 IBM Corp.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM quay.io/centos/centos:@OS_VERSION@
+@SET_PROXY@
+
+RUN dnf -y update && \
+    dnf -y install dnf-plugins-core && \
+    dnf config-manager --set-enabled crb && \
+    dnf -y install \
+    diffutils \
+    file \
+    g++ \
+    git \
+    protobuf-compiler
+
+@INSTALL_RUST@

tools/osbuilder/rootfs-builder/centos/config.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+# Copyright (c) 2018 Intel Corporation, 2021 IBM Corp.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+OS_NAME=centos
+OS_VERSION=${OS_VERSION:-stream9}
+PACKAGES=chrony
+[ "$AGENT_INIT" = no ] && PACKAGES+=" systemd"
+[ "$SECCOMP" = yes ] && PACKAGES+=" libseccomp"
+
+# Container registry tag is different from metalink repo, e.g. "stream9" => "9-stream"
+os_repo_version="$(sed -E "s/(stream)(.+)/\2-\1/" <<< "$OS_VERSION")"
+
+METALINK="https://mirrors.centos.org/metalink?repo=centos-baseos-$os_repo_version&arch=\$basearch"
+GPG_KEY_FILE=RPM-GPG-KEY-CentOS-Official
+GPG_KEY_URL="https://centos.org/keys/$GPG_KEY_FILE"

tools/osbuilder/rootfs-builder/rootfs.sh

@@ -45,9 +45,6 @@ ARCH=$(uname -m)
 # distro-specific config file
 typeset -r CONFIG_SH="config.sh"
 
-# optional arch-specific config file
-typeset -r CONFIG_ARCH_SH="config_${ARCH}.sh"
-
 # Name of an optional distro-specific file which, if it exists, must implement the
 # build_rootfs() function.
 typeset -r LIB_SH="rootfs_lib.sh"
@@ -308,12 +305,6 @@ build_rootfs_distro()
 	rootfs_config="${distro_config_dir}/${CONFIG_SH}"
 	source "${rootfs_config}"
 
-	# Source arch-specific config file
-	rootfs_arch_config="${distro_config_dir}/${CONFIG_ARCH_SH}"
-	if [ -f "${rootfs_arch_config}" ]; then
-		source "${rootfs_arch_config}"
-	fi
-
 	if [ -z "$ROOTFS_DIR" ]; then
 		 ROOTFS_DIR="${script_dir}/rootfs-${OS_NAME}"
 	fi
@@ -554,6 +545,7 @@ EOT
 			echo "WARNING: Forcing LIBC=gnu because $ARCH has no musl Rust target"
 		fi
 		[ "$LIBC" == "musl" ] && bash ${script_dir}/../../../ci/install_musl.sh
+		test -r "${HOME}/.cargo/env" && source "${HOME}/.cargo/env"
 		# rust agent needs ${arch}-unknown-linux-${LIBC}
 		if ! (rustup show | grep -v linux-${LIBC} > /dev/null); then
 			if [ "$RUST_VERSION" == "null" ]; then

tools/osbuilder/scripts/lib.sh

@@ -57,36 +57,18 @@ check_root()
 
 generate_dnf_config()
 {
-	REPO_NAME=${REPO_NAME:-"base"}
-	CACHE_DIR=${CACHE_DIR:-"/var/cache/dnf"}
 	cat > "${DNF_CONF}" << EOF
 [main]
-cachedir=${CACHE_DIR}
-logfile=${LOG_FILE}
-keepcache=0
-debuglevel=2
-exactarch=1
-obsoletes=1
-plugins=0
-installonly_limit=3
 reposdir=/root/mash
-retries=5
+
+[base]
+name=${OS_NAME}-${OS_VERSION} base
+releasever=${OS_VERSION}
 EOF
 	if [ "$BASE_URL" != "" ]; then
-		cat >> "${DNF_CONF}" << EOF
+		echo "baseurl=$BASE_URL" >> "$DNF_CONF"
-[base]
+	elif [ "$METALINK" != "" ]; then
-name=${OS_NAME}-${OS_VERSION} ${REPO_NAME}
+		echo "metalink=$METALINK" >> "$DNF_CONF"
-failovermethod=priority
-baseurl=${BASE_URL}
-enabled=1
-EOF
-	elif [ "$MIRROR_LIST" != "" ]; then
-		cat >> "${DNF_CONF}" << EOF
-[base]
-name=${OS_NAME}-${OS_VERSION} ${REPO_NAME}
-mirrorlist=${MIRROR_LIST}
-enabled=1
-EOF
 	fi
 
 	if [ -n "$GPG_KEY_URL" ]; then
@@ -99,15 +81,6 @@ gpgkey=file://${CONFIG_DIR}/${GPG_KEY_FILE}
 EOF
 	fi
 
-	if [ -n "$GPG_KEY_ARCH_URL" ]; then
-		if [ ! -f "${CONFIG_DIR}/${GPG_KEY_ARCH_FILE}" ]; then
-			 curl -L "${GPG_KEY_ARCH_URL}" -o "${CONFIG_DIR}/${GPG_KEY_ARCH_FILE}"
-		fi
-		cat >> "${DNF_CONF}" << EOF
-       file://${CONFIG_DIR}/${GPG_KEY_ARCH_FILE}
-EOF
-	fi
-
 }
 
 build_rootfs()
@@ -151,6 +124,8 @@ build_rootfs()
 
 	info "install packages for rootfs"
 	$DNF install ${EXTRA_PKGS} ${PACKAGES}
+
+	rm -rf ${ROOTFS_DIR}/usr/share/{bash-completion,cracklib,doc,info,locale,man,misc,pixmaps,terminfo,zoneinfo,zsh}
 }
 
 # Create a YAML metadata file inside the rootfs.