From f4d65dea8ca3351b10d894850c7009ded80c326c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Imobach=20Gonz=C3=A1lez=20Sosa?= Date: Mon, 20 Mar 2023 16:57:22 +0000 Subject: [PATCH 1/7] Drop Leap 15.4 and Leap Micro 5.3 --- service/etc/d-installer.yaml | 185 ----------------------------------- 1 file changed, 185 deletions(-) diff --git a/service/etc/d-installer.yaml b/service/etc/d-installer.yaml index c9a1d6d789..581286e217 100644 --- a/service/etc/d-installer.yaml +++ b/service/etc/d-installer.yaml @@ -11,19 +11,6 @@ products: of openSUSE containing the latest "stable" versions of all software instead of relying on rigid periodic release cycles. The project does this for users that want the newest stable software.' - Leap Micro: - name: openSUSE Leap Micro 5.3 - archs: x86_64,aarch64 - description: 'Leap Micro is an ultra-reliable, lightweight operating system - built for containerized and virtualized workloads. This community version - is based on SUSE Linux Enterprise Micro, which leverages the enterprise - hardened security and compliance components of SUSE Linux Enterprise.' - Leap: - name: openSUSE Leap 15.4 - description: 'Leap uses source from SUSE Linux Enterprise (SLE), which - gives Leap a level of stability unmatched by other Linux distributions, - and combines that with community developments to give users, developers - and sysadmins the best stable Linux experience available.' Leap16: name: openSUSE Leap 16.0 archs: x86_64,aarch64 @@ -297,175 +284,3 @@ Leap16: archs: x86_64 - path: var copy_on_write: false - -Leap: - software: - installation_repositories: - # TODO: support somehow $releasever in URL - - https://download.opensuse.org/distribution/leap/15.4/repo/oss/ - - https://download.opensuse.org/distribution/leap/15.4/repo/non-oss/ - - https://download.opensuse.org/update/leap/15.4/oss/ - - https://download.opensuse.org/update/leap/15.4/non-oss/ - - https://download.opensuse.org/update/leap/15.4/sle/ - - https://download.opensuse.org/update/leap/15.4/backports/ - mandatory_patterns: - - enhanced_base # For now lets pick some minimal one - optional_patterns: null # no optional pattern shared - mandatory_packages: - - NetworkManager - optional_packages: null - base_product: Leap - - security: - # TODO: check if skelcd for Leap 15.4 is correct as code is using lsm in globals, but skelcd contain selinux only - lsm: apparmor - available_lsms: - apparmor: - patterns: - - apparmor - selinux: - patterns: - - selinux - policy: disabled - none: - patterns: null - - storage: - volumes: - - mount_point: "/" - fs_type: btrfs - desired_size: 10 GiB - min_size: 5 GiB - max_size: unlimited - weight: 30 - - # There must always be a root - proposed_configurable: false - - snapshots: true - snapshots_percentage: 250 - snapshots_configurable: true - # Disable snapshots if there is not enough room - disable_order: 3 - - btrfs_default_subvolume: "@" - subvolumes: - - path: home - - path: opt - - path: root - - path: srv - - path: usr/local - # Unified var subvolume - https://lists.opensuse.org/opensuse-packaging/2017-11/msg00017.html - - path: var - copy_on_write: false - - # Architecture specific subvolumes - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - - mount_point: "/home" - fs_type: xfs - desired_size: 40 GiB - min_size: 10 GiB - max_size: unlimited - weight: 60 - - proposed: false - proposed_configurable: true - disable_order: 1 - - - mount_point: "swap" - fs_type: swap - desired_size: 2 GiB - min_size: 1 GiB - max_size: 2 GiB - weight: 10 - - adjust_by_ram: false - adjust_by_ram_configurable: true - - proposed_configurable: true - disable_order: 2 - - -Leap Micro: - software: - installation_repositories: - - url: https://download.opensuse.org/distribution/leap-micro/5.3/product/repo/Leap-Micro-5.3-x86_64-Media/ - archs: x86_64 - - url: https://download.opensuse.org/distribution/leap-micro/5.3/product/repo/Leap-Micro-5.3-aarch64-Media/ - archs: aarch64 - mandatory_patterns: - - microos-base - - microos-container_runtime - - microos-hardware - optional_patterns: null # no optional pattern shared - mandatory_packages: null - optional_packages: null - base_product: Leap-Micro - - security: - lsm: selinux - available_lsms: - selinux: - patterns: - - microos-selinux - policy: enforcing - none: - patterns: null - - storage: - volumes: - - mount_point: "/" - fs_type: btrfs - desired_size: 20 GiB - min_size: 5 GiB - max_size: 20 GiB - fs_types: - - btrfs - weight: 20 - snapshots: true - snapshots_configurable: false - proposed_configurable: false - btrfs_default_subvolume: "@" - btrfs_read_only: true - subvolumes: - - path: root - - path: home - - path: opt - - path: srv - - path: root - - path: boot/writable - - path: usr/local - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - mount_point: "/var" - fs_type: btrfs - fs_types: - - btrfs - desired_size: 19 GiB - min_size: 5 GiB - max_size: unlimited - weight: 40 - snapshots: false - snapshots_configurable: false - disable_order: 1 - fallback_for_desired_size: "/" - fallback_for_max_size: "/" - fallback_for_weight: "/" From 3c4445e240f78b86ede2b1a9a7ad2aa0da5c0c7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Imobach=20Gonz=C3=A1lez=20Sosa?= Date: Mon, 20 Mar 2023 16:55:59 +0000 Subject: [PATCH 2/7] Add ALP Bedrock and ALP Micro configuration --- service/etc/d-installer.yaml | 109 ++++++++++++++++++++++++++++------- 1 file changed, 89 insertions(+), 20 deletions(-) diff --git a/service/etc/d-installer.yaml b/service/etc/d-installer.yaml index 581286e217..cf0648d86c 100644 --- a/service/etc/d-installer.yaml +++ b/service/etc/d-installer.yaml @@ -1,10 +1,15 @@ products: - ALP: - name: SUSE ALP ContainerHost OS - description: 'The Adaptable Linux Platform (ALP), the next generation of Linux, - allow users to focus on their workloads while abstracting from the hardware - and the application layer. The preview of ContainerHost OS is one of the - first prototypes based on that platform.' + ALP-Bedrock: + name: SUSE ALP Bedrock + description: 'SUSE ALP Bedrock is a flexible, secure, customizable and + modular Server allowing an enterprise to run a variety of services, + workloads and application in a compartmentalized form. Based on an + immutable root filesystem, Security has been built into it from the ground.' + ALP-Micro: + name: SUSE ALP Micro + description: 'SUSE ALP Micro is a minimum immutable OS core, focused on + security to provide the bare minimum to run workloads and services as + containers or virtual machines.' Tumbleweed: name: openSUSE Tumbleweed description: 'The Tumbleweed distribution is a pure rolling release version @@ -137,31 +142,94 @@ Tumbleweed: proposed_configurable: true disable_order: 2 -ALP: +ALP-Bedrock: software: installation_repositories: - url: https://download.opensuse.org/repositories/SUSE:/ALP/standard/ - archs: x86_64 - - url: https://download.opensuse.org/repositories/SUSE:/ALP/standard/ - archs: aarch64 + - url: https://download.opensuse.org/repositories/SUSE:/ALP:/Products:/Bedrock:/0.1/standard/ + + mandatory_patterns: + - alp-bedrock-base + - alp-bedrock-cockpit + - alp-bedrock-hardware + - alp-bedrock-container_runtime + optional_patterns: null # no optional pattern shared + mandatory_packages: + - device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) + - fde-tools # Needed for FDE with TPM, hardcoded here temporarily (aarch64, x86_64 specific) + - libtss2-tcti-device0 # Same than fde-tools + optional_packages: null + base_product: ALP-Bedrock + + security: + tpm_luks_open: true + lsm: selinux + available_lsms: + # apparmor: + # patterns: + # - apparmor + selinux: + patterns: + - alp-bedrock-selinux + policy: enforcing + none: + patterns: null + + storage: + encryption: + method: luks2 + pbkdf: pbkdf2 + volumes: + - mount_point: "/" + fs_type: btrfs + desired_size: 20 GiB + min_size: 5 GiB + fs_types: + - btrfs + weight: 20 + snapshots: true + snapshots_configurable: false + proposed_configurable: false + btrfs_default_subvolume: "@" + btrfs_read_only: true + subvolumes: + - path: root + - path: home + - path: opt + - path: srv + - path: boot/writable + - path: usr/local + - path: boot/grub2/arm64-efi + archs: aarch64 + - path: boot/grub2/i386-pc + archs: x86_64 + - path: boot/grub2/powerpc-ieee1275 + archs: ppc,!board_powernv + - path: boot/grub2/s390x-emu + archs: s390 + - path: boot/grub2/x86_64-efi + archs: x86_64 + - path: var + copy_on_write: false + +ALP-Micro: + software: + installation_repositories: - url: https://download.opensuse.org/repositories/SUSE:/ALP/standard/ - archs: s390 - - url: https://download.opensuse.org/repositories/SUSE:/ALP:/zSystems/standard/ - archs: s390 + - url: https://download.opensuse.org/repositories/SUSE:/ALP:/Products:/Micro:/0.1/standard/ mandatory_patterns: - - alp_base - - alp_base_zypper - - alp_cockpit - - alp-container_runtime - - alp_defaults + - alp-micro-base + - alp-micro-cockpit + - alp-micro-container_runtime + - alp-micro-hardware optional_patterns: null # no optional pattern shared mandatory_packages: - device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) - fde-tools # Needed for FDE with TPM, hardcoded here temporarily (aarch64, x86_64 specific) - libtss2-tcti-device0 # Same than fde-tools optional_packages: null - base_product: ALP + base_product: ALP-Micro security: tpm_luks_open: true @@ -172,7 +240,7 @@ ALP: # - apparmor selinux: patterns: - - alp_selinux + - alp-micro-selinux policy: enforcing none: patterns: null @@ -213,6 +281,7 @@ ALP: archs: x86_64 - path: var copy_on_write: false + Leap16: software: installation_repositories: From 1a0c5315c6562c08c995837902d9fdd38c618af4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Imobach=20Gonz=C3=A1lez=20Sosa?= Date: Tue, 21 Mar 2023 09:46:45 +0000 Subject: [PATCH 3/7] Add a script to build single product configurations --- service/share/filter-config.rb | 57 ++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100755 service/share/filter-config.rb diff --git a/service/share/filter-config.rb b/service/share/filter-config.rb new file mode 100755 index 0000000000..1b0b6c22f1 --- /dev/null +++ b/service/share/filter-config.rb @@ -0,0 +1,57 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# Copyright (c) [2023] SUSE LLC +# +# All Rights Reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of version 2 of the GNU General Public License as published +# by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, contact SUSE LLC. +# +# To contact SUSE LLC about this file by physical or electronic mail, you may +# find current contact information at www.suse.com. + +# Helper script to create a configuration file for a selected list of products. +# +# filter-config.rb /etc/d-installer.yaml ALP-Bedrock ALP-Micro + +require "yast" +require "dinstaller/config" +require "yaml" + +if ARGV.size < 2 + warn("Please, specify a file and, at least, a product ID") + exit(1) +end + +path = ARGV[0] +product_ids = ARGV[1..-1] + +unless File.exist?(path) + warn("The specified file does not exist: #{path}") + exit(2) +end + +config = DInstaller::Config.from_file(path) + +unknown_products = product_ids - config.products.keys +unless unknown_products.empty? + warn(format("The following products are unknown: %{products}.", + products: unknown_products.join(", "))) + exit(3) +end + +keys_to_filter = (["products"] + config.products.keys) - product_ids +products = product_ids.reduce({}) { |all, id| all.merge(id => config.data["products"][id]) } +new_config = { "products" => products } +new_config.merge!(config.pure_data.reject { |k, _v| keys_to_filter.include?(k) }) +puts YAML.dump(new_config) From f007e863fa03f48fe820ac3a4cd7abfebe434073 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Imobach=20Gonz=C3=A1lez=20Sosa?= Date: Tue, 21 Mar 2023 11:49:52 +0000 Subject: [PATCH 4/7] Update the changes file --- service/package/rubygem-d-installer.changes | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/service/package/rubygem-d-installer.changes b/service/package/rubygem-d-installer.changes index 18b5fc20f2..04ce03dbb3 100644 --- a/service/package/rubygem-d-installer.changes +++ b/service/package/rubygem-d-installer.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Mar 21 11:42:51 UTC 2023 - Imobach Gonzalez Sosa + +- Update the products definitions (gh#yast/d-installer#485): + * Replace "ALP" with "ALP Bedrock" and "ALP Micro". + * Drop Leap 15.4 and Leap Micro 5.3. +- Add a script to auto-generate the configuration file when + building the ISO. + ------------------------------------------------------------------- Thu Mar 16 16:13:21 UTC 2023 - Imobach Gonzalez Sosa From 4f8d0e90787edd3a145738207f0b3a2c69852c97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Imobach=20Gonz=C3=A1lez=20Sosa?= Date: Tue, 21 Mar 2023 12:09:38 +0000 Subject: [PATCH 5/7] Fix a typo in the Bedrock description --- service/etc/d-installer.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/etc/d-installer.yaml b/service/etc/d-installer.yaml index cf0648d86c..f5357bac16 100644 --- a/service/etc/d-installer.yaml +++ b/service/etc/d-installer.yaml @@ -4,7 +4,7 @@ products: description: 'SUSE ALP Bedrock is a flexible, secure, customizable and modular Server allowing an enterprise to run a variety of services, workloads and application in a compartmentalized form. Based on an - immutable root filesystem, Security has been built into it from the ground.' + immutable root filesystem, security has been built into it from the ground.' ALP-Micro: name: SUSE ALP Micro description: 'SUSE ALP Micro is a minimum immutable OS core, focused on From 5049e9af446fd86df16e866eee2986d79b971c84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Imobach=20Gonz=C3=A1lez=20Sosa?= Date: Tue, 21 Mar 2023 12:09:57 +0000 Subject: [PATCH 6/7] Drop the old ALP repositories --- service/etc/d-installer.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/service/etc/d-installer.yaml b/service/etc/d-installer.yaml index f5357bac16..5ad2d28d92 100644 --- a/service/etc/d-installer.yaml +++ b/service/etc/d-installer.yaml @@ -145,7 +145,6 @@ Tumbleweed: ALP-Bedrock: software: installation_repositories: - - url: https://download.opensuse.org/repositories/SUSE:/ALP/standard/ - url: https://download.opensuse.org/repositories/SUSE:/ALP:/Products:/Bedrock:/0.1/standard/ mandatory_patterns: @@ -215,7 +214,6 @@ ALP-Bedrock: ALP-Micro: software: installation_repositories: - - url: https://download.opensuse.org/repositories/SUSE:/ALP/standard/ - url: https://download.opensuse.org/repositories/SUSE:/ALP:/Products:/Micro:/0.1/standard/ mandatory_patterns: From 19bfa92ffff5aa38040d458055ff26b466efac19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Imobach=20Gonz=C3=A1lez=20Sosa?= Date: Tue, 21 Mar 2023 12:57:10 +0000 Subject: [PATCH 7/7] Adjust ALP products repositories for x86_64 and aarch64 --- service/etc/d-installer.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/service/etc/d-installer.yaml b/service/etc/d-installer.yaml index 5ad2d28d92..75df468dd9 100644 --- a/service/etc/d-installer.yaml +++ b/service/etc/d-installer.yaml @@ -145,7 +145,10 @@ Tumbleweed: ALP-Bedrock: software: installation_repositories: - - url: https://download.opensuse.org/repositories/SUSE:/ALP:/Products:/Bedrock:/0.1/standard/ + - url: https://download.opensuse.org/repositories/SUSE:/ALP:/Products:/Bedrock:/0.1/images/repo/ALP-Bedrock-0.1-x86_64-Media1/ + archs: x86_64 + - url: https://download.opensuse.org/repositories/SUSE:/ALP:/Products:/Bedrock:/0.1/images/repo/ALP-Bedrock-0.1-aarch64-Media1/ + archs: aarch64 mandatory_patterns: - alp-bedrock-base @@ -214,7 +217,10 @@ ALP-Bedrock: ALP-Micro: software: installation_repositories: - - url: https://download.opensuse.org/repositories/SUSE:/ALP:/Products:/Micro:/0.1/standard/ + - url: https://download.opensuse.org/repositories/SUSE:/ALP:/Products:/Micro:/0.1/images/repo/ALP-Micro-0.1-x86_64-Media1/ + archs: x86_64 + - url: https://download.opensuse.org/repositories/SUSE:/ALP:/Products:/Micro:/0.1/images/repo/ALP-Micro-0.1-aarch64-Media1/ + archs: aarch64 mandatory_patterns: - alp-micro-base