feat: revert gated fsync kernel (matches coreos-stable) (#234)

This reverts commit b82bf6d.

We have determined that CoreOS kernel releases and fsync kernel builds
do not reliably align so this is a bad approach.

Relates: #234
Relates: #237

.github/workflows/reusable-build.yml

@@ -32,7 +32,6 @@ jobs:
           - asus
           - fsync
           - fsync-ba
-          - fsync-coreos
           - surface
           - coreos-stable
           - coreos-testing
@@ -47,8 +46,6 @@ jobs:
             kernel_flavor: fsync
           - fedora_version: 39
             kernel_flavor: fsync-ba
-          - fedora_version: 39
-            kernel_flavor: fsync-coreos
           - fedora_version: 39
             kernel_flavor: asus
           - fedora_version: 39
@@ -80,11 +77,7 @@ jobs:
           export BUILDER_IMAGE=quay.io/fedora/fedora
           echo "BUILDER_IMAGE=${BUILDER_IMAGE}" >> $GITHUB_ENV
           echo "FQ_BUILDER_IMAGE=${BUILDER_IMAGE}:${{ matrix.fedora_version }}" >> $GITHUB_ENV
-          if [[ "${{matrix.kernel_flavor}}" == "fsync-coreos" ]]; then
-            export KERNEL_IMAGE=fsync-kernel
-          else
-            export KERNEL_IMAGE=${{ matrix.kernel_flavor }}-kernel
-          fi
+          export KERNEL_IMAGE=${{ matrix.kernel_flavor }}-kernel
           echo "KERNEL_IMAGE=${KERNEL_IMAGE}" >> $GITHUB_ENV
           echo "FQ_KERNEL_IMAGE=${{ env.IMAGE_REGISTRY }}/${KERNEL_IMAGE}:${{ matrix.fedora_version }}" >> $GITHUB_ENV
 
@@ -108,7 +101,6 @@ jobs:
 
       - name: Get current version
         shell: bash
-        if: matrix.kernel_flavor != 'fsync-coreos'
         run: |
           set -eo pipefail
 
@@ -133,37 +125,6 @@ jobs:
           fi
           echo "KERNEL_IMAGE_VERSION=$img_version" >> $GITHUB_ENV
 
-      - name: Get current version (fsync-coreos)
-        shell: bash
-        if: matrix.kernel_flavor == 'fsync-coreos'
-        run: |
-          set -eo pipefail
-
-          # Get coreos kernel info
-          skopeo inspect docker://${{ env.IMAGE_REGISTRY }}/coreos-stable-kernel:${{ matrix.fedora_version }} > kernel.json
-
-          coreos_linux=$(jq -r '.["Labels"]["ostree.linux"]' kernel.json)
-          if [ -z "$coreos_linux" ] || [ "null" = "$coreos_linux" ]; then
-            echo "inspected linux version must not be empty or null"
-            exit 1
-          fi
-          major_minor_patch=$(echo $coreos_linux | cut -d - -f1)
-          # Match to fsync from kernel-cache
-          skopeo inspect docker://${{ env.IMAGE_REGISTRY }}/fsync-kernel:${{ matrix.fedora_version }}-${major_minor_patch} > kernel.json
-          linux=$(jq -r '.["Labels"]["ostree.linux"]' kernel.json)
-          if [ -z "$linux" ] || [ "null" = "$linux" ]; then
-            echo "inspected linux version must not be empty or null"
-            exit 1
-          fi
-          echo "KERNEL_VERSION=$linux" >> $GITHUB_ENV
-
-          img_version=$(jq -r '.["Labels"]["org.opencontainers.image.version"]' kernel.json)
-          if [ -z "$img_version" ] || [ "null" = "$img_version" ]; then
-            echo "inspected image version must not be empty or null"
-            exit 1
-          fi
-          echo "KERNEL_IMAGE_VERSION=$img_version" >> $GITHUB_ENV
-
       - name: Generate tags
         id: generate-tags
         shell: bash
@@ -247,8 +208,6 @@ jobs:
             BUILDER_IMAGE=${{ env.BUILDER_IMAGE }}
             KERNEL_ORG=${{ github.repository_owner }}
             KERNEL_FLAVOR=${{ matrix.kernel_flavor }}
-            KERNEL_IMAGE=${{ env.KERNEL_IMAGE }}
-            KERNEL_VERSION=${{ env.KERNEL_VERSION }}
             FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }}
             RPMFUSION_MIRROR=${{ vars.RPMFUSION_MIRROR }}
             DUAL_SIGN=true
@@ -267,8 +226,6 @@ jobs:
             KERNEL_ORG=${{ github.repository_owner }}
             KERNEL_FLAVOR=${{ matrix.kernel_flavor }}
             FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }}
-            KERNEL_IMAGE=${{ env.KERNEL_IMAGE }}
-            KERNEL_VERSION=${{ env.KERNEL_VERSION }}
             INPUT_AKMODS=${{ env.IMAGE_NAME }}
             INPUT_TAG=${{ env.default_tag }}
             DUAL_SIGN=true

Containerfile.common

@@ -6,8 +6,7 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}"
 ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
 ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
-ARG KERNEL_VERSION="${KERNEL_VERSION}"
-ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
+ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
 ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
 ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
 FROM ${KERNEL_BASE} AS kernel_cache

Containerfile.extra

@@ -6,8 +6,7 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}"
 ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
 ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
-ARG KERNEL_VERSION="${KERNEL_VERSION}"
-ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
+ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
 ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
 ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
 FROM ${KERNEL_BASE} AS kernel_cache

Containerfile.nvidia

@@ -6,8 +6,7 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}"
 ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
 ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
-ARG KERNEL_VERSION="${KERNEL_VERSION}"
-ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
+ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
 ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
 ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
 FROM ${KERNEL_BASE} AS kernel_cache

Containerfile.nvidia-open

@@ -6,8 +6,7 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}"
 ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
 ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
-ARG KERNEL_VERSION="${KERNEL_VERSION}"
-ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
+ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
 ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
 ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
 FROM ${KERNEL_BASE} AS kernel_cache

Containerfile.test

@@ -6,8 +6,7 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}"
 ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
 ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
-ARG KERNEL_VERSION="${KERNEL_VERSION}"
-ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
+ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
 ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
 ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
 ARG INPUT_AKMODS="${INPUT_AKMODS:-akmods}"

Containerfile.zfs

@@ -6,8 +6,7 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-coreos-stable}"
 ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
 ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
-ARG KERNEL_VERSION="${KERNEL_VERSION}"
-ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
+ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
 ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
 ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
 FROM ${KERNEL_BASE} AS kernel_cache

build-prep.sh

@@ -2,6 +2,7 @@
 
 set -oeux pipefail
 
+
 ### PREPARE REPOS
 # ARCH="$(rpm -E '%_arch')"
 RELEASE="$(rpm -E '%fedora')"
@@ -16,9 +17,9 @@ echo "Installing ${KERNEL_FLAVOR} kernel-cache RPMs..."
 # fedora image has no kernel so this needs nothing fancy, just install
 dnf install -y /tmp/kernel_cache/*.rpm
 if [[ "${KERNEL_FLAVOR}" == "surface" ]]; then
-    KERNEL_VERSION=$(rpm -q kernel-surface | cut -d '-' -f2-)
+    KERNEL_VERSION=$(rpm -q kernel-surface|cut -d '-' -f2-)
 else
-    KERNEL_VERSION=$(rpm -q kernel | cut -d '-' -f2-)
+    KERNEL_VERSION=$(rpm -q kernel|cut -d '-' -f2-)
 fi
 
 # enable more repos
@@ -57,7 +58,7 @@ if [[ ! -s "/tmp/certs/private_key.priv" ]]; then
     cp /tmp/certs/public_key.der{.test,}
 fi
 
-install -Dm644 /tmp/certs/public_key.der /etc/pki/akmods/certs/public_key.der
+install -Dm644 /tmp/certs/public_key.der   /etc/pki/akmods/certs/public_key.der
 install -Dm644 /tmp/certs/private_key.priv /etc/pki/akmods/private/private_key.priv
 
 if [[ "${DUAL_SIGN}" == "true" ]]; then
@@ -69,9 +70,9 @@ if [[ "${DUAL_SIGN}" == "true" ]]; then
     fi
     openssl x509 -in /tmp/certs/public_key_2.der -out /tmp/certs/public_key_2.crt
     openssl x509 -in /tmp/certs/public_key.der -out /tmp/certs/public_key.crt
-    cat /tmp/certs/private_key.priv <(echo) /tmp/certs/public_key.crt >>/tmp/certs/signing_key_1.pem
-    cat /tmp/certs/private_key_2.priv <(echo) /tmp/certs/public_key_2.crt >>/tmp/certs/signing_key_2.pem
-    cat /tmp/certs/public_key.crt <(echo) /tmp/certs/public_key_2.crt >>/tmp/certs/public_key_chain.pem
+    cat /tmp/certs/private_key.priv <(echo) /tmp/certs/public_key.crt >> /tmp/certs/signing_key_1.pem
+    cat /tmp/certs/private_key_2.priv <(echo) /tmp/certs/public_key_2.crt >> /tmp/certs/signing_key_2.pem
+    cat /tmp/certs/public_key.crt <(echo) /tmp/certs/public_key_2.crt >> /tmp/certs/public_key_chain.pem
 fi
 
 # This is for ZFS more than CoreOS