diff --git a/.cirrus.yml b/.cirrus.yml index 95ef7f58..982d99f4 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -102,7 +102,7 @@ container_images_task: &container_images REG_PASSWORD: ENCRYPTED[255ec05057707c20237a6c7d15b213422779c534f74fe019b8ca565f635dba0e11035a034e533a6f39e146e7435d87b5] script: ci/make_container_images.sh; package_cache: &package_cache - folder: "/tmp/automation_images_tmp/.cache/**" + folder: "/var/tmp/automation_images_tmp/.cache/**" fingerprint_key: "${TARGET_NAME}-cache-version-1" diff --git a/IMG_SFX b/IMG_SFX index 252d4ab0..9b620425 100644 --- a/IMG_SFX +++ b/IMG_SFX @@ -1 +1 @@ -20240404t205314z-f39f38d13 +20240408t134645z-f39f38d13 diff --git a/base_images/cloud.yml b/base_images/cloud.yml index 083551c7..f9803c38 100644 --- a/base_images/cloud.yml +++ b/base_images/cloud.yml @@ -187,23 +187,23 @@ provisioners: # Debian images come bundled with GCE integrations provisioned - type: 'shell' inline: - 'set -e' - - 'mkdir -p /tmp/automation_images' + - 'mkdir -p /var/tmp/automation_images' - type: 'file' source: '{{ pwd }}/' - destination: '/tmp/automation_images/' + destination: '/var/tmp/automation_images/' - except: ['debian'] type: 'shell' inline: - 'set -e' - - '/bin/bash /tmp/automation_images/base_images/fedora_base-setup.sh' + - '/bin/bash /var/tmp/automation_images/base_images/fedora_base-setup.sh' - only: ['debian'] type: 'shell' inline: - 'set -e' - - 'env DEBIAN_FRONTEND=noninteractive /bin/bash /tmp/automation_images/base_images/debian_base-setup.sh' + - 'env DEBIAN_FRONTEND=noninteractive /bin/bash /var/tmp/automation_images/base_images/debian_base-setup.sh' post-processors: # Must be double-nested to guarantee execution order diff --git a/base_images/fedora_base-setup.sh b/base_images/fedora_base-setup.sh index c00f7080..06c22042 100644 --- a/base_images/fedora_base-setup.sh +++ b/base_images/fedora_base-setup.sh @@ -95,10 +95,4 @@ if ! ((CONTAINER)); then /lib/$METADATA_SERVICE_PATH | $SUDO tee -a /etc/$METADATA_SERVICE_PATH fi -if [[ "$OS_RELEASE_ID" == "fedora" ]] && ((OS_RELEASE_VER>=33)); then - # Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783509 - echo "Disabling automatic /tmp (tmpfs) mount" - $SUDO systemctl mask tmp.mount -fi - finalize diff --git a/cache_images/cloud.yml b/cache_images/cloud.yml index 98829bfc..d8f87cf1 100644 --- a/cache_images/cloud.yml +++ b/cache_images/cloud.yml @@ -183,30 +183,30 @@ provisioners: - type: 'shell' inline: - 'set -e' - - 'mkdir -p /tmp/automation_images' + - 'mkdir -p /var/tmp/automation_images' - type: 'file' source: '{{ pwd }}/' - destination: "/tmp/automation_images" + destination: "/var/tmp/automation_images" - only: ['rawhide'] type: 'shell' expect_disconnect: true # VM will be rebooted at end of script inline: - 'set -e' - - '/bin/bash /tmp/automation_images/cache_images/rawhide_setup.sh' + - '/bin/bash /var/tmp/automation_images/cache_images/rawhide_setup.sh' - except: ['debian'] type: 'shell' inline: - 'set -e' - - '/bin/bash /tmp/automation_images/cache_images/fedora_setup.sh' + - '/bin/bash /var/tmp/automation_images/cache_images/fedora_setup.sh' - only: ['debian'] type: 'shell' inline: - 'set -e' - - 'env DEBIAN_FRONTEND=noninteractive /bin/bash /tmp/automation_images/cache_images/debian_setup.sh' + - 'env DEBIAN_FRONTEND=noninteractive /bin/bash /var/tmp/automation_images/cache_images/debian_setup.sh' post-processors: # This is critical for human-interaction. Copntents will be used diff --git a/ci/Containerfile b/ci/Containerfile index 4d30ad44..c19aae3f 100644 --- a/ci/Containerfile +++ b/ci/Containerfile @@ -8,7 +8,7 @@ FROM registry.fedoraproject.org/fedora:${FEDORA_RELEASE} ARG PACKER_VERSION MAINTAINER https://github.com/containers/automation_images/ci -ENV CIRRUS_WORKING_DIR=/tmp/automation_images \ +ENV CIRRUS_WORKING_DIR=/var/tmp/automation_images \ PACKER_INSTALL_DIR=/usr/local/bin \ PACKER_VERSION=$PACKER_VERSION \ CONTAINER=1 diff --git a/image_builder/gce.yml b/image_builder/gce.yml index dce74345..e6208d5f 100644 --- a/image_builder/gce.yml +++ b/image_builder/gce.yml @@ -45,16 +45,16 @@ provisioners: - type: 'shell' inline: - 'set -e' - - 'mkdir -p /tmp/automation_images' + - 'mkdir -p /var/tmp/automation_images' - type: 'file' source: '{{ pwd }}/' - destination: '/tmp/automation_images/' + destination: '/var/tmp/automation_images/' - type: 'shell' inline: - 'set -e' - - '/bin/bash /tmp/automation_images/image_builder/setup.sh' + - '/bin/bash /var/tmp/automation_images/image_builder/setup.sh' post-processors: # Must be double-nested to guarantee execution order diff --git a/lib.sh b/lib.sh index 3d38643e..eb86fa31 100644 --- a/lib.sh +++ b/lib.sh @@ -300,7 +300,7 @@ common_finalize() { $SUDO rm -rf /var/lib/cloud/instanc* $SUDO rm -rf /root/.ssh/* $SUDO rm -rf /etc/ssh/*key* - $SUDO rm -rf /tmp/* + $SUDO rm -rf /tmp/* /var/tmp/automation_images $SUDO rm -rf /tmp/.??* echo -n "" | $SUDO tee /etc/machine-id $SUDO sync diff --git a/win_images/win-lib.ps1 b/win_images/win-lib.ps1 index 9fc903fa..b5b7cb60 100644 --- a/win_images/win-lib.ps1 +++ b/win_images/win-lib.ps1 @@ -35,7 +35,11 @@ function retryInstall { $pkg = @("--version", $Matches.2, $Matches.1) } - choco install -y --allow-downgrade --execution-timeout=300 $pkg + # Chocolatey best practices as of 2024-04: + # https://docs.chocolatey.org/en-us/choco/commands/#scripting-integration-best-practices-style-guide + # Some of those are suboptimal, e.g., using "upgrade" to mean "install", + # hardcoding a specific API URL. We choose to reject those. + choco install $pkg -y --allow-downgrade --execution-timeout=300 if ($LASTEXITCODE -eq 0) { break }