From 126255d5214313c3791fa503c6dfe5d23dcf75a9 Mon Sep 17 00:00:00 2001 From: gerblesh <101901964+gerblesh@users.noreply.github.com> Date: Wed, 6 Nov 2024 21:01:20 -0800 Subject: [PATCH] update --- Containerfile | 57 +++++++++++++++++++++++---- Containerfile.builder | 27 ------------- Containerfile.test | 87 ----------------------------------------- justfile | 32 +++++---------- src/ublue_update/cli.py | 2 + 5 files changed, 62 insertions(+), 143 deletions(-) delete mode 100644 Containerfile.builder delete mode 100644 Containerfile.test diff --git a/Containerfile b/Containerfile index e321a9d..4d15ef1 100644 --- a/Containerfile +++ b/Containerfile @@ -1,4 +1,5 @@ -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-41}" +ARG TEST_IMAGE="${TEST_IMAGE:-ghcr.io/ublue-os/base-main:40}" +ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" FROM registry.fedoraproject.org/fedora:${FEDORA_MAJOR_VERSION} AS builder @@ -20,7 +21,7 @@ RUN dnf install \ mkdir -p "$UBLUE_ROOT" && \ rpkg spec --outdir "$UBLUE_ROOT" && \ dnf builddep -y output/ublue-update.spec && \ - make build-rpm + just build-rpm # Dump a file list for each RPM for easier consumption RUN \ @@ -32,13 +33,55 @@ RUN \ cp "${RPM}" "${UBLUE_ROOT}/ublue-os/rpms/$(rpm -q "${RPM}" --queryformat='%{NAME}.%{ARCH}.rpm')"; \ done -FROM scratch +FROM ${TEST_IMAGE} ENV UBLUE_ROOT=/app/output -# Copy RPMs -COPY --from=builder ${UBLUE_ROOT}/ublue-os/rpms /rpms -# Copy dumped contents -COPY --from=builder ${UBLUE_ROOT}/ublue-os/files /files +COPY --from=builder ${UBLUE_ROOT}/ublue-os/rpms /tmp/rpms +RUN rpm-ostree install python3-pip +RUN pip3 install --prefix /usr topgrade && rpm-ostree install /tmp/rpms/ublue-update.noarch.rpm +# FROM: https://github.com/containers/image_build/blob/main/podman/Containerfile, sets up podman to work in the container +RUN useradd -G wheel podman && \ + echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid && \ + echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid && \ + echo "podman:" | chpasswd + +ADD ./containers.conf /etc/containers/containers.conf +ADD ./podman-containers.conf /home/podman/.config/containers/containers.conf + +RUN mkdir -p /home/podman/.local/share/containers && \ + chown podman:podman -R /home/podman && \ + chmod 644 /etc/containers/containers.conf + +# Copy & modify the defaults to provide reference if runtime changes needed. +# Changes here are required for running with fuse-overlay storage inside container. +RUN sed -e 's|^#mount_program|mount_program|g' \ + -e '/additionalimage.*/a "/var/lib/shared",' \ + -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \ + /usr/share/containers/storage.conf \ + > /etc/containers/storage.conf + +# Setup internal Podman to pass subscriptions down from host to internal container +RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf + +# Note VOLUME options must always happen after the chown call above +# RUN commands can not modify existing volumes +VOLUME /var/lib/containers +VOLUME /home/podman/.local/share/containers + +RUN mkdir -p /var/lib/shared/overlay-images \ + /var/lib/shared/overlay-layers \ + /var/lib/shared/vfs-images \ + /var/lib/shared/vfs-layers && \ + touch /var/lib/shared/overlay-images/images.lock && \ + touch /var/lib/shared/overlay-layers/layers.lock && \ + touch /var/lib/shared/vfs-images/images.lock && \ + touch /var/lib/shared/vfs-layers/layers.lock + +ENV _CONTAINERS_USERNS_CONFIGURED="" \ + BUILDAH_ISOLATION=chroot +# RUN useradd -m -G wheel user && echo "user:" | chpasswd + +CMD [ "/sbin/init" ] diff --git a/Containerfile.builder b/Containerfile.builder deleted file mode 100644 index c75da03..0000000 --- a/Containerfile.builder +++ /dev/null @@ -1,27 +0,0 @@ -ARG FEDORA_VERSION="${FEDORA_VERSION:-41}" -FROM registry.fedoraproject.org/fedora:latest AS builder - -ENV UBLUE_ROOT=/app/output - -WORKDIR /app - -ADD . /app - -RUN dnf install --assumeyes python3-pip && pip install topgrade - -RUN dnf install \ - --disablerepo='*' \ - --enablerepo='fedora,updates' \ - --setopt install_weak_deps=0 \ - --nodocs \ - --assumeyes \ - 'dnf-command(builddep)' \ - rpkg \ - rpm-build && \ - mkdir -p "$UBLUE_ROOT" && \ - rpkg spec --outdir "$UBLUE_ROOT" && \ - dnf builddep -y output/ublue-update.spec - -FROM builder AS rpm - -RUN just build-rpm diff --git a/Containerfile.test b/Containerfile.test deleted file mode 100644 index 4d15ef1..0000000 --- a/Containerfile.test +++ /dev/null @@ -1,87 +0,0 @@ -ARG TEST_IMAGE="${TEST_IMAGE:-ghcr.io/ublue-os/base-main:40}" -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" - -FROM registry.fedoraproject.org/fedora:${FEDORA_MAJOR_VERSION} AS builder - -ENV UBLUE_ROOT=/app/output - -WORKDIR /app - -ADD . /app - -RUN dnf install \ - --disablerepo='*' \ - --enablerepo='fedora,updates' \ - --setopt install_weak_deps=0 \ - --nodocs \ - --assumeyes \ - 'dnf-command(builddep)' \ - rpkg \ - rpm-build && \ - mkdir -p "$UBLUE_ROOT" && \ - rpkg spec --outdir "$UBLUE_ROOT" && \ - dnf builddep -y output/ublue-update.spec && \ - just build-rpm - -# Dump a file list for each RPM for easier consumption -RUN \ - for RPM in ${UBLUE_ROOT}/noarch/*.rpm; do \ - NAME="$(rpm -q $RPM --queryformat='%{NAME}')"; \ - mkdir -p "${UBLUE_ROOT}/ublue-os/files/${NAME}"; \ - rpm2cpio "${RPM}" | cpio -idmv --directory "${UBLUE_ROOT}/ublue-os/files/${NAME}"; \ - mkdir -p ${UBLUE_ROOT}/ublue-os/rpms/; \ - cp "${RPM}" "${UBLUE_ROOT}/ublue-os/rpms/$(rpm -q "${RPM}" --queryformat='%{NAME}.%{ARCH}.rpm')"; \ - done - -FROM ${TEST_IMAGE} - -ENV UBLUE_ROOT=/app/output - - -COPY --from=builder ${UBLUE_ROOT}/ublue-os/rpms /tmp/rpms -RUN rpm-ostree install python3-pip -RUN pip3 install --prefix /usr topgrade && rpm-ostree install /tmp/rpms/ublue-update.noarch.rpm - -# FROM: https://github.com/containers/image_build/blob/main/podman/Containerfile, sets up podman to work in the container -RUN useradd -G wheel podman && \ - echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid && \ - echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid && \ - echo "podman:" | chpasswd - -ADD ./containers.conf /etc/containers/containers.conf -ADD ./podman-containers.conf /home/podman/.config/containers/containers.conf - -RUN mkdir -p /home/podman/.local/share/containers && \ - chown podman:podman -R /home/podman && \ - chmod 644 /etc/containers/containers.conf - -# Copy & modify the defaults to provide reference if runtime changes needed. -# Changes here are required for running with fuse-overlay storage inside container. -RUN sed -e 's|^#mount_program|mount_program|g' \ - -e '/additionalimage.*/a "/var/lib/shared",' \ - -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \ - /usr/share/containers/storage.conf \ - > /etc/containers/storage.conf - -# Setup internal Podman to pass subscriptions down from host to internal container -RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf - -# Note VOLUME options must always happen after the chown call above -# RUN commands can not modify existing volumes -VOLUME /var/lib/containers -VOLUME /home/podman/.local/share/containers - -RUN mkdir -p /var/lib/shared/overlay-images \ - /var/lib/shared/overlay-layers \ - /var/lib/shared/vfs-images \ - /var/lib/shared/vfs-layers && \ - touch /var/lib/shared/overlay-images/images.lock && \ - touch /var/lib/shared/overlay-layers/layers.lock && \ - touch /var/lib/shared/vfs-images/images.lock && \ - touch /var/lib/shared/vfs-layers/layers.lock - -ENV _CONTAINERS_USERNS_CONFIGURED="" \ - BUILDAH_ISOLATION=chroot -# RUN useradd -m -G wheel user && echo "user:" | chpasswd - -CMD [ "/sbin/init" ] diff --git a/justfile b/justfile index ac25f52..342b23c 100644 --- a/justfile +++ b/justfile @@ -1,4 +1,4 @@ -set shell := ["bash", "-c"] +set shell := ["bash", "-uc"] export UBLUE_ROOT := env_var_or_default("UBLUE_ROOT", "/app/output") export TARGET := "ublue-update" export SOURCE_DIR := UBLUE_ROOT + "/" + TARGET @@ -39,27 +39,15 @@ dnf-install: dnf install -y "output/noarch/*.rpm" build-test: - podman build . -t testing -f Containerfile.test - podman run -it --security-opt label=disable --device /dev/fuse:rw --privileged testing -# -#builder-image: -# podman build -t "$TARGET:builder" -f Containerfile.builder . -# -#builder-exec: -# podman run --rm -it \ -# -v "$PWD:$PWD" \ -# -w "$PWD" \ -# -e DISPLAY \ -# -e DBUS_SESSION_BUS_ADDRESS \ -# -e XDG_RUNTIME_DIR \ -# --ipc host \ -# -v "/tmp/.X11-unix:/tmp/.X11-unix" \ -# -v /var/run/dbus:/var/run/dbus \ -# -v /run/user/1000/bus:/run/user/1000/bus \ -# -v /run/dbus:/run/dbus \ -# -v "${XDG_RUNTIME_DIR}:${XDG_RUNTIME_DIR}" \ -# --security-opt label=disable \ -# $TARGET:builder + #!/usr/bin/env bash + podman build . -t testing -f Containerfile + podman run -d --name ublue_update_test --security-opt label=disable --device /dev/fuse:rw --privileged testing + while [[ "$(podman exec ublue_update_test systemctl is-system-running)" != "running" && "$(podman exec ublue_update_test systemctl is-system-running)" != "degraded" ]]; do + echo "Waiting for systemd to finish booting..." + sleep 1 + done + + podman exec -it ublue_update_test systemd-run --user --machine podman@ --pipe --quiet sudo /usr/bin/ublue-update --dry-run clean: rm -rf "$UBLUE_ROOT" diff --git a/src/ublue_update/cli.py b/src/ublue_update/cli.py index ff2439b..da02766 100644 --- a/src/ublue_update/cli.py +++ b/src/ublue_update/cli.py @@ -103,6 +103,8 @@ def run_updates(system, system_update_available, dry_run): if dry_run: topgrade_args.append("--dry-run") + # disable toolbox during dry run because it doesn't want to run in the container: github.com/containers/toolbox/issues/989 + topgrade_args.extend(["--disable", "toolbx"]) else: transaction_wait()