diff --git a/Earthfile b/Earthfile index e7ad6e23d..e331c2872 100644 --- a/Earthfile +++ b/Earthfile @@ -613,7 +613,12 @@ netboot: RUN isoinfo -x /rootfs.squashfs -R -i kairos.iso > ${ISO_NAME}.squashfs RUN isoinfo -x /boot/kernel -R -i kairos.iso > ${ISO_NAME}-kernel RUN isoinfo -x /boot/initrd -R -i kairos.iso > ${ISO_NAME}-initrd - RUN envsubst >> ${ISO_NAME}.ipxe < /ipxe.tmpl + RUN printf "#!ipxe\n" > ${ISO_NAME}.ipxe + RUN printf "set dns 8.8.8.8\n" >> ${ISO_NAME}.ipxe + RUN printf "ifconf\n" >> ${ISO_NAME}.ipxe + RUN printf "kernel ${RELEASE_URL}/${VERSION}/${ISO_NAME}-kernel root=live:${RELEASE_URL}/${VERSION}/${ISO_NAME}.squashfs initrd=${ISO_NAME}-initrd rd.neednet=1 ip=dhcp rd.cos.disable netboot install-mode config_url=${config} console=tty1 console=ttyS0 rd.live.overlay.overlayfs\n" >> ${ISO_NAME}.ipxe + RUN printf "initrd ${RELEASE_URL}/${VERSION}/${ISO_NAME}-initrd\n" >> ${ISO_NAME}.ipxe + RUN printf "boot\n" >> ${ISO_NAME}.ipxe SAVE ARTIFACT /build/$ISO_NAME.squashfs squashfs AS LOCAL build/$ISO_NAME.squashfs SAVE ARTIFACT /build/$ISO_NAME-kernel kernel AS LOCAL build/$ISO_NAME-kernel diff --git a/examples/byoi/fedora-fips/Dockerfile b/examples/byoi/fedora-fips/Dockerfile index 4b94cdde1..db32e3b6d 100644 --- a/examples/byoi/fedora-fips/Dockerfile +++ b/examples/byoi/fedora-fips/Dockerfile @@ -1,35 +1,17 @@ ARG BASE_IMAGE=fedora:36 -FROM $BASE_IMAGE as base - -# Generate os-release file -FROM quay.io/kairos/osbuilder-tools:latest as osbuilder -RUN zypper install -y gettext && zypper clean -RUN mkdir /workspace -COPY --from=base /etc/os-release /workspace/os-release -# You should change the following values according to your own versioning and other details -RUN OS_NAME=kairos-core-fedora-fips \ - OS_VERSION=v9.9.9 \ - OS_ID="kairos" \ - OS_NAME=kairos-fedora-fips \ - BUG_REPORT_URL="https://github.com/YOUR_ORG/YOUR_PROJECT/issues" \ - HOME_URL="https://github.com/YOUR_ORG/YOUR_PROJECT" \ - OS_REPO="quay.io/YOUR_ORG/fedora-fips" \ - OS_LABEL="latest" \ - GITHUB_REPO="YOUR_ORG/YOUR_PROJECT" \ - VARIANT="fips" \ - FLAVOR="fedora" \ - /update-os-release.sh - -FROM base +FROM $BASE_IMAGE AS base +ARG TARGETARCH RUN echo "install_weak_deps=False" >> /etc/dnf/dnf.conf RUN dnf install -y \ audit \ coreutils \ + cloud-utils-growpart \ curl \ device-mapper \ dosfstools \ + dhcp-client \ dracut \ dracut-live \ dracut-network \ @@ -64,28 +46,45 @@ RUN dnf install -y \ which \ && dnf clean all -RUN mkdir -p /run/lock && \ - touch /usr/libexec/.keep && \ - systemctl enable getty@tty1.service && \ - systemctl enable getty@tty2.service && \ - systemctl enable getty@tty3.service && \ - systemctl enable systemd-networkd && \ - systemctl enable systemd-resolved && \ - systemctl enable sshd +RUN mkdir -p /run/lock +RUN touch /usr/libexec/.keep +RUN systemctl enable getty@tty1.service +RUN systemctl enable getty@tty2.service +RUN systemctl enable getty@tty3.service +RUN systemctl enable systemd-networkd +RUN systemctl enable systemd-resolved +RUN systemctl disable dnf-makecache.service +RUN systemctl disable dnf-makecache.timer +RUN systemctl enable sshd + + +COPY --from=quay.io/kairos/framework:latest-fips / / -# Copy the os-release file to identify the OS -COPY --from=osbuilder /workspace/os-release /etc/os-release +# This is the version of your image +ENV RELEASE=v9.9.9 +# This is the version of the upstream image +ENV FLAVOR_RELEASE=36 +# This is the remote repository where you push your images to. It will be used for upgrades and such to search for latest releases +ENV REGISTRY_AND_ORG="quay.io/YOUR_ORG/fedora-fips" +# This is the model for which the os was built, i.e. rpi4, rpi3 or generic for x86/arm64 +ENV MODEL="generic" +# This is the variant of the image, i.e. fips, core, standard +ENV VARIANT="fips" +# Flavor being used, i.e. fedora, ubuntu, alpine +ENV FLAVOR="fedora" +# Family being used, i.e. debian, rhel, arch, suse +ENV FAMILY="rhel" +# This is the architecture of the image, i.e. x86_64, arm64. Gets autofilled by docker +ENV TARGETARCH=$TARGETARCH -COPY --from=quay.io/kairos/framework:master_fips-systemd / / +# Create the kairos-release file to identify the OS +RUN kairos-agent --debug versioneer os-release-variables > /etc/kairos-release # Copy the custom dracut config file COPY dracut.conf /etc/dracut.conf.d/kairos-fips.conf -# Activate Kairos services -RUN systemctl enable cos-setup-reconcile.timer && \ - systemctl enable cos-setup-fs.service && \ - systemctl enable cos-setup-boot.service && \ - systemctl enable cos-setup-network.service +# Empty the /etc/machine-id file +RUN printf "" > /etc/machine-id || true ## Generate initrd SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -98,4 +97,7 @@ RUN kernel=$(ls /lib/modules | head -n1) && \ # Symlink kernel HMAC RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && ln -sf ."${kernel#/boot/}".hmac /boot/.vmlinuz.hmac +# Cleanup RUN rm -rf /boot/initramfs-* +RUN rm /var/lib/dbus/machine-id || true +RUN rm /etc/hostname || true diff --git a/examples/byoi/fedora/Dockerfile b/examples/byoi/fedora/Dockerfile index 96b9d8ade..ec72c4cff 100644 --- a/examples/byoi/fedora/Dockerfile +++ b/examples/byoi/fedora/Dockerfile @@ -1,19 +1,21 @@ ARG BASE_IMAGE=fedora:36 FROM $BASE_IMAGE - +ARG TARGETARCH RUN echo "install_weak_deps=False" >> /etc/dnf/dnf.conf RUN dnf install -y \ audit \ coreutils \ curl \ + cloud-utils-growpart \ device-mapper \ dosfstools \ dracut \ dracut-live \ dracut-network \ dracut-squash \ + dhcp-client \ e2fsprogs \ efibootmgr \ gawk \ @@ -46,7 +48,28 @@ RUN dnf install -y \ RUN mkdir -p /run/lock RUN touch /usr/libexec/.keep -COPY --from=quay.io/kairos/framework:master_fedora / / +COPY --from=quay.io/kairos/framework:latest / / +# This is the version of your image +ENV RELEASE=v9.9.9 +# This is the version of the upstream image +ENV FLAVOR_RELEASE=focal +# This is the remote repository where you push your images to. It will be used for upgrades and such to search for latest releases +ENV REGISTRY_AND_ORG="quay.io/YOUR_ORG/ubuntu-fips" +# This is the model for which the os was built, i.e. rpi4, rpi3 or generic for x86/arm64 +ENV MODEL="generic" +# This is the variant of the image, i.e. fips, core, standard +ENV VARIANT="fips" +# Flavor being used, i.e. fedora, ubuntu, alpine +ENV FLAVOR="ubuntu" +# Family being used, i.e. debian, rhel, arch, suse +ENV FAMILY="debian" +# This is the architecture of the image, i.e. x86_64, arm64. Gets autofilled by docker +ENV TARGETARCH=$TARGETARCH + +# Create the kairos-release file to identify the OS +RUN kairos-agent --debug versioneer os-release-variables > /etc/kairos-release +# Empty the /etc/machine-id file +RUN printf "" > /etc/machine-id || true # Activate Kairos services RUN systemctl enable cos-setup-reconcile.timer && \ @@ -61,4 +84,8 @@ RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && \ RUN kernel=$(ls /lib/modules | head -n1) && \ dracut -v -N -f "/boot/initrd-${kernel}" "${kernel}" && \ ln -sf "initrd-${kernel}" /boot/initrd && depmod -a "${kernel}" + +# Cleanup RUN rm -rf /boot/initramfs-* +RUN rm /var/lib/dbus/machine-id || true +RUN rm /etc/hostname || true \ No newline at end of file diff --git a/examples/byoi/rockylinux-fips/Dockerfile b/examples/byoi/rockylinux-fips/Dockerfile index 090642cb6..c181f7369 100644 --- a/examples/byoi/rockylinux-fips/Dockerfile +++ b/examples/byoi/rockylinux-fips/Dockerfile @@ -1,26 +1,7 @@ ARG BASE_IMAGE=rockylinux:9 -FROM $BASE_IMAGE as base -# Generate os-release file -FROM quay.io/kairos/osbuilder-tools:latest as osbuilder -RUN zypper install -y gettext && zypper clean -RUN mkdir /workspace -COPY --from=base /etc/os-release /workspace/os-release -# You should change the following values according to your own versioning and other details -RUN OS_NAME=kairos-core-rockylinux-fips \ - OS_VERSION=v9.9.9 \ - OS_ID="kairos" \ - OS_NAME=kairos-rockylinux-fips \ - BUG_REPORT_URL="https://github.com/YOUR_ORG/YOUR_PROJECT/issues" \ - HOME_URL="https://github.com/YOUR_ORG/YOUR_PROJECT" \ - OS_REPO="quay.io/YOUR_ORG/rockylinux-fips" \ - OS_LABEL="latest" \ - GITHUB_REPO="YOUR_ORG/YOUR_PROJECT" \ - VARIANT="fips" \ - FLAVOR="rockylinux" \ - /update-os-release.sh - -FROM base +FROM $BASE_IMAGE AS base +ARG TARGETARCH RUN echo "install_weak_deps=False" >> /etc/dnf/dnf.conf RUN dnf install -y epel-release && dnf clean all @@ -28,12 +9,14 @@ RUN dnf update -y RUN dnf makecache RUN dnf install -y \ audit \ + cloud-utils-growpart \ device-mapper \ dosfstools \ dracut \ dracut-live \ dracut-network \ dracut-squash \ + dhcp-client \ e2fsprogs \ efibootmgr \ epel-release \ @@ -42,6 +25,7 @@ RUN dnf install -y \ grub2-efi-x64 \ grub2-efi-x64-modules \ grub2-pc \ + gdisk \ kernel \ kernel-modules \ kernel-modules-extra \ @@ -75,19 +59,34 @@ RUN systemctl enable systemd-resolved RUN systemctl disable dnf-makecache.service RUN systemctl enable sshd -# Copy the os-release file to identify the OS -COPY --from=osbuilder /workspace/os-release /etc/os-release +COPY --from=quay.io/kairos/framework:latest-fips / / + +# This is the version of your image +ENV RELEASE=v9.9.9 +# This is the version of the upstream image +ENV FLAVOR_RELEASE=9 +# This is the remote repository where you push your images to. It will be used for upgrades and such to search for latest releases +ENV REGISTRY_AND_ORG="quay.io/YOUR_ORG/rockylinux-fips" +# This is the model for which the os was built, i.e. rpi4, rpi3 or generic for x86/arm64 +ENV MODEL="generic" +# This is the variant of the image, i.e. fips, core, standard +ENV VARIANT="fips" +# Flavor being used, i.e. fedora, ubuntu, alpine +ENV FLAVOR="rockylinux" +# Family being used, i.e. debian, rhel, arch, suse +ENV FAMILY="rhel" +# This is the architecture of the image, i.e. x86_64, arm64. Gets autofilled by docker +ENV TARGETARCH=$TARGETARCH -COPY --from=quay.io/kairos/framework:master_fips-systemd / / +# Create the kairos-release file to identify the OS +RUN kairos-agent --debug versioneer os-release-variables > /etc/kairos-release # Copy the custom dracut config file COPY dracut.conf /etc/dracut.conf.d/kairos-fips.conf -# Activate Kairos services -RUN systemctl enable cos-setup-reconcile.timer && \ - systemctl enable cos-setup-fs.service && \ - systemctl enable cos-setup-boot.service && \ - systemctl enable cos-setup-network.service +# Empty the /etc/machine-id file +RUN printf "" > /etc/machine-id || true + ## Generate initrd SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -100,4 +99,8 @@ RUN kernel=$(ls /lib/modules | head -n1) && \ # Symlink kernel HMAC RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && ln -sf ."${kernel#/boot/}".hmac /boot/.vmlinuz.hmac +# Cleanup RUN rm -rf /boot/initramfs-* +RUN rm /var/lib/dbus/machine-id || true +RUN rm /etc/hostname || true + diff --git a/examples/byoi/ubuntu-fips/Dockerfile b/examples/byoi/ubuntu-fips/Dockerfile index 51aaa1c18..7f8239017 100644 --- a/examples/byoi/ubuntu-fips/Dockerfile +++ b/examples/byoi/ubuntu-fips/Dockerfile @@ -1,32 +1,6 @@ - -# Kairos framework packages for ubuntu fips -FROM quay.io/kairos/framework:master_fips-systemd as kairos-fips - -# Base ubuntu image (focal) -FROM ubuntu:focal as base - -# Generate os-release file -FROM quay.io/kairos/osbuilder-tools:latest as osbuilder -RUN zypper install -y gettext && zypper clean -RUN mkdir /workspace -COPY --from=base /etc/os-release /workspace/os-release -# You should change the following values according to your own versioning and other details -RUN OS_NAME=kairos-core-ubuntu-fips \ - OS_VERSION=v9.9.9 \ - OS_ID="kairos" \ - OS_NAME=kairos-ubuntu-fips \ - BUG_REPORT_URL="https://github.com/YOUR_ORG/YOUR_PROJECT/issues" \ - HOME_URL="https://github.com/YOUR_ORG/YOUR_PROJECT" \ - OS_REPO="quay.io/YOUR_ORG/ubuntu-fips" \ - OS_LABEL="latest" \ - GITHUB_REPO="YOUR_ORG/YOUR_PROJECT" \ - VARIANT="fips" \ - FLAVOR="ubuntu" \ - /update-os-release.sh - # Build the custom ubuntu image -FROM base - +FROM ubuntu:24.04 AS base +ARG TARGETARCH # Don't get asked while running apt commands ENV DEBIAN_FRONTEND=noninteractive @@ -118,21 +92,31 @@ RUN apt-get install -y --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Copy the Kairos framework files. We use master builds here for fedora. See https://quay.io/repository/kairos/framework?tab=tags for a list -COPY --from=kairos-fips / / -# Copy the os-release file to identify the OS -COPY --from=osbuilder /workspace/os-release /etc/os-release - -# Activate Kairos services -RUN systemctl enable cos-setup-reconcile.timer && \ - systemctl enable cos-setup-fs.service && \ - systemctl enable cos-setup-boot.service && \ - systemctl enable cos-setup-network.service +COPY --from=quay.io/kairos/framework:latest-fips / / + +# This is the version of your image +ENV RELEASE=v9.9.9 +# This is the version of the upstream image +ENV FLAVOR_RELEASE=24.04 +# This is the remote repository where you push your images to. It will be used for upgrades and such to search for latest releases +ENV REGISTRY_AND_ORG="quay.io/YOUR_ORG/ubuntu-fips" +# This is the model for which the os was built, i.e. rpi4, rpi3 or generic for x86/arm64 +ENV MODEL="generic" +# This is the variant of the image, i.e. fips, core, standard +ENV VARIANT="fips" +# Flavor being used, i.e. fedora, ubuntu, alpine +ENV FLAVOR="ubuntu" +# Family being used, i.e. debian, rhel, arch, suse +ENV FAMILY="debian" +# This is the architecture of the image, i.e. x86_64, arm64. Gets autofilled by docker +ENV TARGETARCH=$TARGETARCH + +# Create the kairos-release file to identify the OS +RUN kairos-agent --debug versioneer os-release-variables > /etc/kairos-release +# Empty the /etc/machine-id file +RUN printf "" > /etc/machine-id || true ## Configuration -## Took from: https://github.com/kairos-io/kairos/blob/master/images/Dockerfile.ubuntu-20-lts -# workaround https://github.com/kairos-io/kairos/issues/949 -COPY dracut-broken-iscsi-ubuntu-20.patch / -RUN cd /usr/lib/dracut/modules.d/95iscsi && patch < /dracut-broken-iscsi-ubuntu-20.patch && rm -rf /dracut-broken-iscsi-ubuntu-20.patch COPY dracut.conf /etc/dracut.conf.d/kairos-fips.conf # CLEANUP @@ -158,5 +142,8 @@ RUN chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo # Symlink kernel HMAC RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && ln -sf ."${kernel#/boot/}".hmac /boot/.vmlinuz.hmac -# Clear cache +# Cleanup RUN rm -rf /var/cache/* && journalctl --vacuum-size=1K && rm /etc/machine-id && rm /var/lib/dbus/machine-id && rm /etc/hostname +RUN rm -rf /boot/initramfs-* +RUN rm /var/lib/dbus/machine-id || true +RUN rm /etc/hostname || true \ No newline at end of file diff --git a/examples/byoi/ubuntu-fips/dracut-broken-iscsi-ubuntu-20.patch b/examples/byoi/ubuntu-fips/dracut-broken-iscsi-ubuntu-20.patch deleted file mode 100644 index 7fba71378..000000000 --- a/examples/byoi/ubuntu-fips/dracut-broken-iscsi-ubuntu-20.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff --git a/module-setup.sh b/module-setup.sh -index 59ea5e089..fe40547d1 100755 ---- a/module-setup.sh -+++ b/module-setup.sh -@@ -265,6 +265,23 @@ install() { - echo "After=dracut-cmdline.service" - echo "Before=dracut-initqueue.service" - ) > "${initdir}/$systemdsystemunitdir/iscsid.service.d/dracut.conf" -+ -+ # The iscsi deamon does not need to wait for any storage inside initrd -+ mkdir -p "${initdir}/$systemdsystemunitdir/iscsid.socket.d" -+ ( -+ echo "[Unit]" -+ echo "DefaultDependencies=no" -+ echo "Conflicts=shutdown.target" -+ echo "Before=shutdown.target sockets.target" -+ ) > "${initdir}/$systemdsystemunitdir/iscsid.socket.d/dracut.conf" -+ mkdir -p "${initdir}/$systemdsystemunitdir/iscsuio.socket.d" -+ ( -+ echo "[Unit]" -+ echo "DefaultDependencies=no" -+ echo "Conflicts=shutdown.target" -+ echo "Before=shutdown.target sockets.target" -+ ) > "${initdir}/$systemdsystemunitdir/iscsuio.socket.d/dracut.conf" -+ - fi - inst_dir /var/lib/iscsi - dracut_need_initqueue \ No newline at end of file