From b142ab94bf61260027c7e5bc2825c9caad31a79a Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Fri, 20 Oct 2023 13:07:12 +0200 Subject: [PATCH 01/19] change struct of agama.yaml --- service/etc/agama.yaml | 653 ++++++++++++++++++++--------------------- 1 file changed, 325 insertions(+), 328 deletions(-) diff --git a/service/etc/agama.yaml b/service/etc/agama.yaml index 8192ebf72a..823c6d45a2 100644 --- a/service/etc/agama.yaml +++ b/service/etc/agama.yaml @@ -1,346 +1,343 @@ products: ALP-Dolomite: - name: SUSE ALP Dolomite - description: 'SUSE ALP Dolomite is a minimum immutable OS core, focused on - security to provide the bare minimum to run workloads and services as - containers or virtual machines.' Tumbleweed: - name: openSUSE Tumbleweed - description: 'The Tumbleweed distribution is a pure rolling release version - of openSUSE containing the latest "stable" versions of all software - instead of relying on rigid periodic release cycles. The project does - this for users that want the newest stable software.' Leap16: - name: openSUSE Leap 16.0 - archs: x86_64,aarch64 - description: '[Experimental project] openSUSE Leap 16 is built on top of the next generation Adaptable Linux Platform (ALP) from SUSE.' - web: ssl: null ssl_cert: null ssl_key: null -ALP-Dolomite: - software: - installation_repositories: - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/x86_64/product/ - archs: x86_64 - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/aarch64/product/ - archs: aarch64 - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/s390x/product/ - archs: s390 - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/ppc64le/product/ - archs: ppc +products: + - name: SUSE ALP Dolomite + description: 'SUSE ALP Dolomite is a minimum immutable OS core, focused on + security to provide the bare minimum to run workloads and services as + containers or virtual machines.' + software: + installation_repositories: + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/x86_64/product/ + archs: x86_64 + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/aarch64/product/ + archs: aarch64 + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/s390x/product/ + archs: s390 + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/ppc64le/product/ + archs: ppc - mandatory_patterns: - - alp_base_zypper - - alp_cockpit - - alp_hardware - optional_patterns: null # no optional pattern shared - mandatory_packages: - - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) - - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily - archs: aarch64, x86_64 - - package: libtss2-tcti-device0 - - package: ppc64-diag # Needed for hardware-based installations - archs: ppc64 - optional_packages: null - base_product: ALP-Dolomite + mandatory_patterns: + - alp_base_zypper + - alp_cockpit + - alp_hardware + optional_patterns: null # no optional pattern shared + mandatory_packages: + - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) + - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily + archs: aarch64, x86_64 + - package: libtss2-tcti-device0 + - package: ppc64-diag # Needed for hardware-based installations + archs: ppc64 + optional_packages: null + base_product: ALP-Dolomite - security: - tpm_luks_open: true - lsm: selinux - available_lsms: - # apparmor: - # patterns: - # - apparmor - selinux: - patterns: - - alp_selinux - policy: enforcing - none: - patterns: null + security: + tpm_luks_open: true + lsm: selinux + available_lsms: + # apparmor: + # patterns: + # - apparmor + selinux: + patterns: + - alp_selinux + policy: enforcing + none: + patterns: null - storage: - space_policy: delete - encryption: - method: luks2 - pbkd_function: pbkdf2 - volumes: - - "/" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only: true - default_subvolume: "@" - subvolumes: - - path: root - - path: home - - path: opt - - path: srv - - path: boot/writable - - path: usr/local - - path: var - copy_on_write: false - # Architecture specific subvolume - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - size: - auto: true - outline: - required: true - filesystems: - - btrfs - snapshots_configurable: false - auto_size: - base_min: 5 GiB - base_max: 25 GiB - max_fallback_for: - - "/var" - - mount_path: "/var" - filesystem: btrfs - mount_options: - - "x-initrd.mount" - - "nodatacow" - size: - auto: false - min: 5 GiB - outline: - required: false - filesystems: - - btrfs + storage: + space_policy: delete + encryption: + method: luks2 + pbkd_function: pbkdf2 + volumes: + - "/" + volume_templates: + - mount_path: "/" + filesystem: btrfs + btrfs: + snapshots: true + read_only: true + default_subvolume: "@" + subvolumes: + - path: root + - path: home + - path: opt + - path: srv + - path: boot/writable + - path: usr/local + - path: var + copy_on_write: false + # Architecture specific subvolume + - path: boot/grub2/arm64-efi + archs: aarch64 + - path: boot/grub2/i386-pc + archs: x86_64 + - path: boot/grub2/powerpc-ieee1275 + archs: ppc,!board_powernv + - path: boot/grub2/s390x-emu + archs: s390 + - path: boot/grub2/x86_64-efi + archs: x86_64 + size: + auto: true + outline: + required: true + filesystems: + - btrfs + snapshots_configurable: false + auto_size: + base_min: 5 GiB + base_max: 25 GiB + max_fallback_for: + - "/var" + - mount_path: "/var" + filesystem: btrfs + mount_options: + - "x-initrd.mount" + - "nodatacow" + size: + auto: false + min: 5 GiB + outline: + required: false + filesystems: + - btrfs -Tumbleweed: - software: - installation_repositories: - - url: https://download.opensuse.org/tumbleweed/repo/oss/ - archs: x86_64 - - url: https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/ - archs: aarch64 - - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/oss/ - archs: s390 - - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ - archs: ppc - - url: https://download.opensuse.org/tumbleweed/repo/non-oss/ - archs: x86_64 - # aarch64 does not have non-oss ports. Keep eye if it change - - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/non-oss/ - archs: s390 - - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/non-oss/ - archs: ppc - - url: https://download.opensuse.org/update/tumbleweed/ - archs: x86_64 - - url: https://download.opensuse.org/ports/aarch64/update/tumbleweed/ - archs: aarch64 - - url: https://download.opensuse.org/ports/zsystems/update/tumbleweed/ - archs: s390 - - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ - archs: ppc - mandatory_patterns: - - enhanced_base # only pattern that is shared among all roles on TW - optional_patterns: null # no optional pattern shared - mandatory_packages: - - NetworkManager - optional_packages: null - base_product: openSUSE + - name: openSUSE Tumbleweed + description: 'The Tumbleweed distribution is a pure rolling release version + of openSUSE containing the latest "stable" versions of all software + instead of relying on rigid periodic release cycles. The project does + this for users that want the newest stable software.' + software: + installation_repositories: + - url: https://download.opensuse.org/tumbleweed/repo/oss/ + archs: x86_64 + - url: https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/ + archs: aarch64 + - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/oss/ + archs: s390 + - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ + archs: ppc + - url: https://download.opensuse.org/tumbleweed/repo/non-oss/ + archs: x86_64 + # aarch64 does not have non-oss ports. Keep eye if it change + - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/non-oss/ + archs: s390 + - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/non-oss/ + archs: ppc + - url: https://download.opensuse.org/update/tumbleweed/ + archs: x86_64 + - url: https://download.opensuse.org/ports/aarch64/update/tumbleweed/ + archs: aarch64 + - url: https://download.opensuse.org/ports/zsystems/update/tumbleweed/ + archs: s390 + - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ + archs: ppc + mandatory_patterns: + - enhanced_base # only pattern that is shared among all roles on TW + optional_patterns: null # no optional pattern shared + mandatory_packages: + - NetworkManager + optional_packages: null + base_product: openSUSE - security: - lsm: apparmor - available_lsms: - apparmor: - patterns: - - apparmor - selinux: - patterns: - - selinux - policy: permissive - none: - patterns: null + security: + lsm: apparmor + available_lsms: + apparmor: + patterns: + - apparmor + selinux: + patterns: + - selinux + policy: permissive + none: + patterns: null - storage: - space_policy: delete - volumes: - - "/" - - "swap" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only: false - default_subvolume: "@" - subvolumes: - - path: home - - path: opt - - path: root - - path: srv - - path: usr/local - # Unified var subvolume - https://lists.opensuse.org/opensuse-packaging/2017-11/msg00017.html - - path: var - copy_on_write: false - # Architecture specific subvolumes - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/arm-efi - archs: arm - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - path: boot/grub2/riscv64-efi - archs: riscv64 - size: - auto: true - outline: - required: true - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs - auto_size: - base_min: 5 GiB - base_max: 15 GiB - snapshots_increment: 250% - max_fallback_for: - - "/home" - snapshots_configurable: true - - mount_path: "swap" - filesystem: swap - size: - auto: false - min: 1 GiB - max: 2 GiB - outline: - required: false - filesystems: - - swap - - mount_path: "/home" - filesystem: xfs - size: - auto: false - min: 10 GiB - max: unlimited - outline: - required: false - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs - - filesystem: xfs - size: - auto: false - outline: - required: false - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs + storage: + space_policy: delete + volumes: + - "/" + - "swap" + volume_templates: + - mount_path: "/" + filesystem: btrfs + btrfs: + snapshots: true + read_only: false + default_subvolume: "@" + subvolumes: + - path: home + - path: opt + - path: root + - path: srv + - path: usr/local + # Unified var subvolume - https://lists.opensuse.org/opensuse-packaging/2017-11/msg00017.html + - path: var + copy_on_write: false + # Architecture specific subvolumes + - path: boot/grub2/arm64-efi + archs: aarch64 + - path: boot/grub2/arm-efi + archs: arm + - path: boot/grub2/i386-pc + archs: x86_64 + - path: boot/grub2/powerpc-ieee1275 + archs: ppc,!board_powernv + - path: boot/grub2/s390x-emu + archs: s390 + - path: boot/grub2/x86_64-efi + archs: x86_64 + - path: boot/grub2/riscv64-efi + archs: riscv64 + size: + auto: true + outline: + required: true + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs + auto_size: + base_min: 5 GiB + base_max: 15 GiB + snapshots_increment: 250% + max_fallback_for: + - "/home" + snapshots_configurable: true + - mount_path: "swap" + filesystem: swap + size: + auto: false + min: 1 GiB + max: 2 GiB + outline: + required: false + filesystems: + - swap + - mount_path: "/home" + filesystem: xfs + size: + auto: false + min: 10 GiB + max: unlimited + outline: + required: false + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs + - filesystem: xfs + size: + auto: false + outline: + required: false + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs -Leap16: - software: - installation_repositories: - - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-x86_64-Media1/ - archs: x86_64 - - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-aarch64-Media1/ - archs: aarch64 - mandatory_patterns: - - alp_base - - alp_base_zypper - - alp_cockpit - - alp-container_runtime - - alp_defaults - optional_patterns: null # no optional pattern shared - mandatory_packages: - - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) - - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily - archs: aarch64, x86_64 - - package: libtss2-tcti-device0 - optional_packages: null - base_product: Leap16 + - name: openSUSE Leap 16.0 + archs: x86_64,aarch64 + description: '[Experimental project] openSUSE Leap 16 is built on top of the next generation Adaptable Linux Platform (ALP) from SUSE.' + software: + installation_repositories: + - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-x86_64-Media1/ + archs: x86_64 + - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-aarch64-Media1/ + archs: aarch64 + mandatory_patterns: + - alp_base + - alp_base_zypper + - alp_cockpit + - alp-container_runtime + - alp_defaults + optional_patterns: null # no optional pattern shared + mandatory_packages: + - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) + - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily + archs: aarch64, x86_64 + - package: libtss2-tcti-device0 + optional_packages: null + base_product: Leap16 - security: - tpm_luks_open: true - lsm: selinux - available_lsms: - # apparmor: - # patterns: - # - apparmor - selinux: - patterns: - - alp_selinux - policy: enforcing - none: - patterns: null + security: + tpm_luks_open: true + lsm: selinux + available_lsms: + # apparmor: + # patterns: + # - apparmor + selinux: + patterns: + - alp_selinux + policy: enforcing + none: + patterns: null - storage: - space_policy: delete - encryption: - method: luks2 - pbkd_function: pbkdf2 - volumes: - - "/" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only: true - default_subvolume: "@" - subvolumes: - - path: root - - path: home - - path: opt - - path: srv - - path: boot/writable - - path: usr/local - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - path: var - copy_on_write: false - size: - auto: false - min: 5 GiB - outline: - required: true - filesystems: - - btrfs - snapshots_configurable: false - - filesystem: xfs - size: - auto: false - outline: - required: false - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs + storage: + space_policy: delete + encryption: + method: luks2 + pbkd_function: pbkdf2 + volumes: + - "/" + volume_templates: + - mount_path: "/" + filesystem: btrfs + btrfs: + snapshots: true + read_only: true + default_subvolume: "@" + subvolumes: + - path: root + - path: home + - path: opt + - path: srv + - path: boot/writable + - path: usr/local + - path: boot/grub2/arm64-efi + archs: aarch64 + - path: boot/grub2/i386-pc + archs: x86_64 + - path: boot/grub2/powerpc-ieee1275 + archs: ppc,!board_powernv + - path: boot/grub2/s390x-emu + archs: s390 + - path: boot/grub2/x86_64-efi + archs: x86_64 + - path: var + copy_on_write: false + size: + auto: false + min: 5 GiB + outline: + required: true + filesystems: + - btrfs + snapshots_configurable: false + - filesystem: xfs + size: + auto: false + outline: + required: false + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs From 7fa2c28d8c8971aad86ba02e8744d731f40a14d8 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Wed, 25 Oct 2023 14:31:44 +0200 Subject: [PATCH 02/19] Reorganize products definition --- service/conf.d/ssl.yaml | 4 + service/etc/agama.yaml | 345 +-------------------------- service/products.d/ALP-Dolomite.yaml | 103 ++++++++ service/products.d/opensuse.yaml | 232 ++++++++++++++++++ 4 files changed, 341 insertions(+), 343 deletions(-) create mode 100644 service/conf.d/ssl.yaml create mode 100644 service/products.d/ALP-Dolomite.yaml create mode 100644 service/products.d/opensuse.yaml diff --git a/service/conf.d/ssl.yaml b/service/conf.d/ssl.yaml new file mode 100644 index 0000000000..f300d0f273 --- /dev/null +++ b/service/conf.d/ssl.yaml @@ -0,0 +1,4 @@ +web: + ssl: null + ssl_cert: null + ssl_key: null diff --git a/service/etc/agama.yaml b/service/etc/agama.yaml index 823c6d45a2..463126c46e 100644 --- a/service/etc/agama.yaml +++ b/service/etc/agama.yaml @@ -1,343 +1,2 @@ -products: - ALP-Dolomite: - Tumbleweed: - Leap16: -web: - ssl: null - ssl_cert: null - ssl_key: null - -products: - - name: SUSE ALP Dolomite - description: 'SUSE ALP Dolomite is a minimum immutable OS core, focused on - security to provide the bare minimum to run workloads and services as - containers or virtual machines.' - software: - installation_repositories: - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/x86_64/product/ - archs: x86_64 - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/aarch64/product/ - archs: aarch64 - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/s390x/product/ - archs: s390 - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/ppc64le/product/ - archs: ppc - - mandatory_patterns: - - alp_base_zypper - - alp_cockpit - - alp_hardware - optional_patterns: null # no optional pattern shared - mandatory_packages: - - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) - - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily - archs: aarch64, x86_64 - - package: libtss2-tcti-device0 - - package: ppc64-diag # Needed for hardware-based installations - archs: ppc64 - optional_packages: null - base_product: ALP-Dolomite - - security: - tpm_luks_open: true - lsm: selinux - available_lsms: - # apparmor: - # patterns: - # - apparmor - selinux: - patterns: - - alp_selinux - policy: enforcing - none: - patterns: null - - storage: - space_policy: delete - encryption: - method: luks2 - pbkd_function: pbkdf2 - volumes: - - "/" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only: true - default_subvolume: "@" - subvolumes: - - path: root - - path: home - - path: opt - - path: srv - - path: boot/writable - - path: usr/local - - path: var - copy_on_write: false - # Architecture specific subvolume - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - size: - auto: true - outline: - required: true - filesystems: - - btrfs - snapshots_configurable: false - auto_size: - base_min: 5 GiB - base_max: 25 GiB - max_fallback_for: - - "/var" - - mount_path: "/var" - filesystem: btrfs - mount_options: - - "x-initrd.mount" - - "nodatacow" - size: - auto: false - min: 5 GiB - outline: - required: false - filesystems: - - btrfs - - - name: openSUSE Tumbleweed - description: 'The Tumbleweed distribution is a pure rolling release version - of openSUSE containing the latest "stable" versions of all software - instead of relying on rigid periodic release cycles. The project does - this for users that want the newest stable software.' - software: - installation_repositories: - - url: https://download.opensuse.org/tumbleweed/repo/oss/ - archs: x86_64 - - url: https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/ - archs: aarch64 - - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/oss/ - archs: s390 - - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ - archs: ppc - - url: https://download.opensuse.org/tumbleweed/repo/non-oss/ - archs: x86_64 - # aarch64 does not have non-oss ports. Keep eye if it change - - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/non-oss/ - archs: s390 - - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/non-oss/ - archs: ppc - - url: https://download.opensuse.org/update/tumbleweed/ - archs: x86_64 - - url: https://download.opensuse.org/ports/aarch64/update/tumbleweed/ - archs: aarch64 - - url: https://download.opensuse.org/ports/zsystems/update/tumbleweed/ - archs: s390 - - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ - archs: ppc - mandatory_patterns: - - enhanced_base # only pattern that is shared among all roles on TW - optional_patterns: null # no optional pattern shared - mandatory_packages: - - NetworkManager - optional_packages: null - base_product: openSUSE - - security: - lsm: apparmor - available_lsms: - apparmor: - patterns: - - apparmor - selinux: - patterns: - - selinux - policy: permissive - none: - patterns: null - - storage: - space_policy: delete - volumes: - - "/" - - "swap" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only: false - default_subvolume: "@" - subvolumes: - - path: home - - path: opt - - path: root - - path: srv - - path: usr/local - # Unified var subvolume - https://lists.opensuse.org/opensuse-packaging/2017-11/msg00017.html - - path: var - copy_on_write: false - # Architecture specific subvolumes - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/arm-efi - archs: arm - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - path: boot/grub2/riscv64-efi - archs: riscv64 - size: - auto: true - outline: - required: true - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs - auto_size: - base_min: 5 GiB - base_max: 15 GiB - snapshots_increment: 250% - max_fallback_for: - - "/home" - snapshots_configurable: true - - mount_path: "swap" - filesystem: swap - size: - auto: false - min: 1 GiB - max: 2 GiB - outline: - required: false - filesystems: - - swap - - mount_path: "/home" - filesystem: xfs - size: - auto: false - min: 10 GiB - max: unlimited - outline: - required: false - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs - - filesystem: xfs - size: - auto: false - outline: - required: false - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs - - - name: openSUSE Leap 16.0 - archs: x86_64,aarch64 - description: '[Experimental project] openSUSE Leap 16 is built on top of the next generation Adaptable Linux Platform (ALP) from SUSE.' - software: - installation_repositories: - - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-x86_64-Media1/ - archs: x86_64 - - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-aarch64-Media1/ - archs: aarch64 - mandatory_patterns: - - alp_base - - alp_base_zypper - - alp_cockpit - - alp-container_runtime - - alp_defaults - optional_patterns: null # no optional pattern shared - mandatory_packages: - - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) - - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily - archs: aarch64, x86_64 - - package: libtss2-tcti-device0 - optional_packages: null - base_product: Leap16 - - security: - tpm_luks_open: true - lsm: selinux - available_lsms: - # apparmor: - # patterns: - # - apparmor - selinux: - patterns: - - alp_selinux - policy: enforcing - none: - patterns: null - - storage: - space_policy: delete - encryption: - method: luks2 - pbkd_function: pbkdf2 - volumes: - - "/" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only: true - default_subvolume: "@" - subvolumes: - - path: root - - path: home - - path: opt - - path: srv - - path: boot/writable - - path: usr/local - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - path: var - copy_on_write: false - size: - auto: false - min: 5 GiB - outline: - required: true - filesystems: - - btrfs - snapshots_configurable: false - - filesystem: xfs - size: - auto: false - outline: - required: false - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs +include: + - "../conf.d/*.yaml" diff --git a/service/products.d/ALP-Dolomite.yaml b/service/products.d/ALP-Dolomite.yaml new file mode 100644 index 0000000000..94fe0a53b2 --- /dev/null +++ b/service/products.d/ALP-Dolomite.yaml @@ -0,0 +1,103 @@ +- id: ALP-Dolomite + name: SUSE ALP Dolomite + description: 'SUSE ALP Dolomite is a minimum immutable OS core, focused on + security to provide the bare minimum to run workloads and services as + containers or virtual machines.' + software: + installation_repositories: + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/x86_64/product/ + archs: x86_64 + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/aarch64/product/ + archs: aarch64 + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/s390x/product/ + archs: s390 + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/ppc64le/product/ + archs: ppc + + mandatory_patterns: + - alp_base_zypper + - alp_cockpit + - alp_hardware + optional_patterns: null # no optional pattern shared + mandatory_packages: + - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) + - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily + archs: aarch64, x86_64 + - package: libtss2-tcti-device0 + - package: ppc64-diag # Needed for hardware-based installations + archs: ppc64 + optional_packages: null + base_product: ALP-Dolomite + + security: + tpm_luks_open: true + lsm: selinux + available_lsms: + # apparmor: + # patterns: + # - apparmor + selinux: + patterns: + - alp_selinux + policy: enforcing + none: + patterns: null + + storage: + space_policy: delete + encryption: + method: luks2 + pbkd_function: pbkdf2 + volumes: + - "/" + volume_templates: + - mount_path: "/" + filesystem: btrfs + btrfs: + snapshots: true + read_only: true + default_subvolume: "@" + subvolumes: + - path: root + - path: home + - path: opt + - path: srv + - path: boot/writable + - path: usr/local + - path: var + copy_on_write: false + # Architecture specific subvolume + - path: boot/grub2/arm64-efi + archs: aarch64 + - path: boot/grub2/i386-pc + archs: x86_64 + - path: boot/grub2/powerpc-ieee1275 + archs: ppc,!board_powernv + - path: boot/grub2/s390x-emu + archs: s390 + - path: boot/grub2/x86_64-efi + archs: x86_64 + size: + auto: true + outline: + required: true + filesystems: + - btrfs + snapshots_configurable: false + auto_size: + base_min: 5 GiB + base_max: 25 GiB + max_fallback_for: + - "/var" + - mount_path: "/var" + filesystem: btrfs + mount_options: + - "x-initrd.mount" + - "nodatacow" + size: + auto: false + min: 5 GiB + outline: + required: false + filesystems: + - btrfs diff --git a/service/products.d/opensuse.yaml b/service/products.d/opensuse.yaml new file mode 100644 index 0000000000..bb6e7b38e2 --- /dev/null +++ b/service/products.d/opensuse.yaml @@ -0,0 +1,232 @@ +- id: openSUSE-TW + name: openSUSE Tumbleweed + description: 'The Tumbleweed distribution is a pure rolling release version + of openSUSE containing the latest "stable" versions of all software + instead of relying on rigid periodic release cycles. The project does + this for users that want the newest stable software.' + software: + installation_repositories: + - url: https://download.opensuse.org/tumbleweed/repo/oss/ + archs: x86_64 + - url: https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/ + archs: aarch64 + - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/oss/ + archs: s390 + - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ + archs: ppc + - url: https://download.opensuse.org/tumbleweed/repo/non-oss/ + archs: x86_64 + # aarch64 does not have non-oss ports. Keep eye if it change + - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/non-oss/ + archs: s390 + - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/non-oss/ + archs: ppc + - url: https://download.opensuse.org/update/tumbleweed/ + archs: x86_64 + - url: https://download.opensuse.org/ports/aarch64/update/tumbleweed/ + archs: aarch64 + - url: https://download.opensuse.org/ports/zsystems/update/tumbleweed/ + archs: s390 + - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ + archs: ppc + mandatory_patterns: + - enhanced_base # only pattern that is shared among all roles on TW + optional_patterns: null # no optional pattern shared + mandatory_packages: + - NetworkManager + optional_packages: null + base_product: openSUSE + + security: + lsm: apparmor + available_lsms: + apparmor: + patterns: + - apparmor + selinux: + patterns: + - selinux + policy: permissive + none: + patterns: null + + storage: + space_policy: delete + volumes: + - "/" + - "swap" + volume_templates: + - mount_path: "/" + filesystem: btrfs + btrfs: + snapshots: true + read_only: false + default_subvolume: "@" + subvolumes: + - path: home + - path: opt + - path: root + - path: srv + - path: usr/local + # Unified var subvolume - https://lists.opensuse.org/opensuse-packaging/2017-11/msg00017.html + - path: var + copy_on_write: false + # Architecture specific subvolumes + - path: boot/grub2/arm64-efi + archs: aarch64 + - path: boot/grub2/arm-efi + archs: arm + - path: boot/grub2/i386-pc + archs: x86_64 + - path: boot/grub2/powerpc-ieee1275 + archs: ppc,!board_powernv + - path: boot/grub2/s390x-emu + archs: s390 + - path: boot/grub2/x86_64-efi + archs: x86_64 + - path: boot/grub2/riscv64-efi + archs: riscv64 + size: + auto: true + outline: + required: true + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs + auto_size: + base_min: 5 GiB + base_max: 15 GiB + snapshots_increment: 250% + max_fallback_for: + - "/home" + snapshots_configurable: true + - mount_path: "swap" + filesystem: swap + size: + auto: false + min: 1 GiB + max: 2 GiB + outline: + required: false + filesystems: + - swap + - mount_path: "/home" + filesystem: xfs + size: + auto: false + min: 10 GiB + max: unlimited + outline: + required: false + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs + - filesystem: xfs + size: + auto: false + outline: + required: false + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs + +- id: openSUSE-Leap16 + name: openSUSE Leap 16.0 + archs: x86_64,aarch64 + description: '[Experimental project] openSUSE Leap 16 is built on top of the next generation Adaptable Linux Platform (ALP) from SUSE.' + software: + installation_repositories: + - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-x86_64-Media1/ + archs: x86_64 + - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-aarch64-Media1/ + archs: aarch64 + mandatory_patterns: + - alp_base + - alp_base_zypper + - alp_cockpit + - alp-container_runtime + - alp_defaults + optional_patterns: null # no optional pattern shared + mandatory_packages: + - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) + - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily + archs: aarch64, x86_64 + - package: libtss2-tcti-device0 + optional_packages: null + base_product: Leap16 + + security: + tpm_luks_open: true + lsm: selinux + available_lsms: + # apparmor: + # patterns: + # - apparmor + selinux: + patterns: + - alp_selinux + policy: enforcing + none: + patterns: null + + storage: + space_policy: delete + encryption: + method: luks2 + pbkd_function: pbkdf2 + volumes: + - "/" + volume_templates: + - mount_path: "/" + filesystem: btrfs + btrfs: + snapshots: true + read_only: true + default_subvolume: "@" + subvolumes: + - path: root + - path: home + - path: opt + - path: srv + - path: boot/writable + - path: usr/local + - path: boot/grub2/arm64-efi + archs: aarch64 + - path: boot/grub2/i386-pc + archs: x86_64 + - path: boot/grub2/powerpc-ieee1275 + archs: ppc,!board_powernv + - path: boot/grub2/s390x-emu + archs: s390 + - path: boot/grub2/x86_64-efi + archs: x86_64 + - path: var + copy_on_write: false + size: + auto: false + min: 5 GiB + outline: + required: true + filesystems: + - btrfs + snapshots_configurable: false + - filesystem: xfs + size: + auto: false + outline: + required: false + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs From 08598cb37d510aa40b86b18f45c983d974492bf7 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Wed, 25 Oct 2023 22:20:19 +0200 Subject: [PATCH 03/19] add product reader and use it to read products --- service/lib/agama/config.rb | 34 +++++++++------ service/lib/agama/config_reader.rb | 6 +-- service/lib/agama/product_reader.rb | 66 +++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+), 15 deletions(-) create mode 100644 service/lib/agama/product_reader.rb diff --git a/service/lib/agama/config.rb b/service/lib/agama/config.rb index 0a038abadf..f97e11f006 100644 --- a/service/lib/agama/config.rb +++ b/service/lib/agama/config.rb @@ -22,6 +22,7 @@ require "yaml" require "yast2/arch_filter" require "agama/config_reader" +require "agama/product_reader" module Agama # Class responsible for getting current configuration. @@ -51,16 +52,17 @@ def reset # Load the configuration from a given file # # @param path [String|Pathname] File path - def from_file(path) - new(YAML.safe_load(File.read(path.to_s))) + def from_file(path, logger = Logger.new($stdout)) + new(YAML.safe_load(File.read(path.to_s)), logger) end end # Constructor # # @param config_data [Hash] configuration data - def initialize(config_data = nil) + def initialize(config_data = nil, logger = Logger.new($stdout)) @pure_data = config_data + @logger = logger end # parse loaded yaml file, so it properly applies conditions @@ -81,20 +83,28 @@ def data @data end - def pick_product(product) - data.merge!(data[product]) + # Currently product merges its config to global config. + # Keys defined in constant are the ones specific to product that + # should not be merged to global config. + PRODUCT_SPECIFIC_KEYS = ["id", "name", "description"] + def pick_product(product_id) + to_merge = products[product_id] + to_merge = to_merge.reject { |k, _v| PRODUCT_SPECIFIC_KEYS.include?(k) } + data.merge!(to_merge) end - # list of available base products for current architecture + # hash of available base products for current architecture def products return @products if @products - return [] unless @pure_data && @pure_data["products"] + products = ProductReader.new(@logger).load_products - # cannot use `data` here to avoid endless loop as in data we use - # pick_product that select product from products - @products = @pure_data["products"].select do |_key, value| - value["archs"].nil? || - Yast2::ArchFilter.from_string(value["archs"]).match? + products.select! do |product| + product["archs"].nil? || + Yast2::ArchFilter.from_string(product["archs"]).match? + end + + @products = products.each_with_object({}) do |product, result| + result[product["id"]] = product end end diff --git a/service/lib/agama/config_reader.rb b/service/lib/agama/config_reader.rb index 74084b6a9f..05b708ba17 100644 --- a/service/lib/agama/config_reader.rb +++ b/service/lib/agama/config_reader.rb @@ -65,7 +65,7 @@ def config_from_file(path = nil) raise "Missing config file at #{path}" unless File.exist?(path) logger.info "Reading configuration from #{path}" - Config.from_file(path) + Config.from_file(path, logger) end # Return an arry with the different {Config} objects read from the different locations @@ -85,7 +85,7 @@ def configs # Return a {Config} oject # @return [Config] resultant Config after merging all the configurations def config - config = configs.first || Config.new + config = configs.first || Config.new(nil, logger) (configs[1..-1] || []).each { |c| config = config.merge(c) } config end @@ -122,7 +122,7 @@ def cmdline_args # return [Config] def cmdline_config - Config.new(cmdline_args.data) + Config.new(cmdline_args.data, logger) end # return [Config] diff --git a/service/lib/agama/product_reader.rb b/service/lib/agama/product_reader.rb new file mode 100644 index 0000000000..d298e636b7 --- /dev/null +++ b/service/lib/agama/product_reader.rb @@ -0,0 +1,66 @@ +# frozen_string_literal: true + +# Copyright (c) [2022] SUSE LLC +# +# All Rights Reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of version 2 of the GNU General Public License as published +# by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, contact SUSE LLC. +# +# To contact SUSE LLC about this file by physical or electronic mail, you may +# find current contact information at www.suse.com. + +require "yast" +require "yaml" +require "logger" + + +module Agama + # This class is responsible for reading available products definition + class ProductReader + include Yast::I18n + + # Default system path + SYSTEM_PATH = "/usr/share/agama/products.d" + GIT_PATH = File.expand_path("#{__dir__}/../../products.d") + GIT_DIR = File.expand_path("#{__dir__}/../../../.git") + + attr_reader :logger + # Constructor + # + # @param logger [Logger] + # @param workdir [String] Root directory to read the configuration from + def initialize(logger: nil, workdir: "/") + @logger = logger || ::Logger.new($stdout) + @workdir = workdir + end + + def load_products + glob = File.join(default_path, "*.{yaml,yml}") + Dir.glob(glob).each_with_object do |path, result| + # support also single product file + products = Array(load_file(path)) + result.concat(products) + end + end + + private + + def default_path + Dir.exist?(GIT_DIR) ? GIT_PATH : SYSTEM_PATH + end + + def load_file(path) + YAML.safe_load(File.read(path.to_s)) + end + end +end From 3ad40085e4a0d9a9f9cd4b0e33f8e3becfa61109 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Thu, 26 Oct 2023 21:53:22 +0200 Subject: [PATCH 04/19] adapt tests and in some case also prepare code --- service/etc/agama.yaml | 6 +- service/lib/agama/config.rb | 11 +- service/lib/agama/product_reader.rb | 6 +- service/lib/agama/security.rb | 2 +- service/lib/agama/software/manager.rb | 2 +- service/products.d/opensuse.yaml | 4 +- service/run_tests_in_container.sh | 18 ++ service/test/agama/config_reader_test.rb | 2 +- service/test/agama/config_test.rb | 32 +- .../test/agama/dbus/server_manager_test.rb | 2 +- service/test/agama/software/manager_test.rb | 21 +- service/test/fixtures/root_dir/etc/agama.yaml | 303 +----------------- service/test/test_helper.rb | 8 + 13 files changed, 89 insertions(+), 328 deletions(-) create mode 100644 service/run_tests_in_container.sh diff --git a/service/etc/agama.yaml b/service/etc/agama.yaml index 463126c46e..f300d0f273 100644 --- a/service/etc/agama.yaml +++ b/service/etc/agama.yaml @@ -1,2 +1,4 @@ -include: - - "../conf.d/*.yaml" +web: + ssl: null + ssl_cert: null + ssl_key: null diff --git a/service/lib/agama/config.rb b/service/lib/agama/config.rb index f97e11f006..7bd73d8fce 100644 --- a/service/lib/agama/config.rb +++ b/service/lib/agama/config.rb @@ -33,6 +33,7 @@ module Agama class Config # @return [Hash] configuration data attr_accessor :pure_data + attr_accessor :logger class << self attr_accessor :current, :base @@ -96,7 +97,7 @@ def pick_product(product_id) # hash of available base products for current architecture def products return @products if @products - products = ProductReader.new(@logger).load_products + products = ProductReader.new(logger: @logger).load_products products.select! do |product| product["archs"].nil? || @@ -119,7 +120,13 @@ def multi_product? # # @return [Config] def copy - Marshal.load(Marshal.dump(self)) + logger = self.logger + @logger = nil # cannot dump logger as it can contain IO + res = Marshal.load(Marshal.dump(self)) + @logger = logger + res.logger = logger + + res end # Returns a new {Config} with the merge of the given ones diff --git a/service/lib/agama/product_reader.rb b/service/lib/agama/product_reader.rb index d298e636b7..0d94371981 100644 --- a/service/lib/agama/product_reader.rb +++ b/service/lib/agama/product_reader.rb @@ -38,15 +38,13 @@ class ProductReader # Constructor # # @param logger [Logger] - # @param workdir [String] Root directory to read the configuration from - def initialize(logger: nil, workdir: "/") + def initialize(logger: nil) @logger = logger || ::Logger.new($stdout) - @workdir = workdir end def load_products glob = File.join(default_path, "*.{yaml,yml}") - Dir.glob(glob).each_with_object do |path, result| + Dir.glob(glob).each_with_object([]) do |path, result| # support also single product file products = Array(load_file(path)) result.concat(products) diff --git a/service/lib/agama/security.rb b/service/lib/agama/security.rb index e067ca2e7a..1dafd36a03 100644 --- a/service/lib/agama/security.rb +++ b/service/lib/agama/security.rb @@ -73,7 +73,7 @@ def write end def probe - selected_lsm = config.data["security"]["lsm"] + selected_lsm = config.data.dig("security", "lsm") lsm_config.select(selected_lsm) patterns = if selected_lsm.nil? diff --git a/service/lib/agama/software/manager.rb b/service/lib/agama/software/manager.rb index 1abf0d678f..5d12ea712f 100644 --- a/service/lib/agama/software/manager.rb +++ b/service/lib/agama/software/manager.rb @@ -67,7 +67,7 @@ def initialize(config, logger) @logger = logger @languages = DEFAULT_LANGUAGES @products = @config.products - if @config.multi_product? + if @config.multi_product? || @products.empty? @product = nil else @product = @products.keys.first # use the available product as default diff --git a/service/products.d/opensuse.yaml b/service/products.d/opensuse.yaml index bb6e7b38e2..08cf9be7a0 100644 --- a/service/products.d/opensuse.yaml +++ b/service/products.d/opensuse.yaml @@ -1,4 +1,4 @@ -- id: openSUSE-TW +- id: Tumbleweed name: openSUSE Tumbleweed description: 'The Tumbleweed distribution is a pure rolling release version of openSUSE containing the latest "stable" versions of all software @@ -139,7 +139,7 @@ - ext4 - xfs -- id: openSUSE-Leap16 +- id: Leap16 name: openSUSE Leap 16.0 archs: x86_64,aarch64 description: '[Experimental project] openSUSE Leap 16 is built on top of the next generation Adaptable Linux Platform (ALP) from SUSE.' diff --git a/service/run_tests_in_container.sh b/service/run_tests_in_container.sh new file mode 100644 index 0000000000..da0423390d --- /dev/null +++ b/service/run_tests_in_container.sh @@ -0,0 +1,18 @@ +#! /bin/bash + +set -ex +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +podman create -ti --rm --entrypoint '["sh", "-c"]' --name agama_ruby_tests -v $SCRIPT_DIR/..:/checkout registry.opensuse.org/yast/head/containers_tumbleweed/yast-ruby sh +podman start agama_ruby_tests +podman exec agama_ruby_tests zypper --non-interactive install yast2-iscsi-client ruby3.2-rubygem-eventmachine +if podman exec --workdir /checkout/service agama_ruby_tests rake test:unit; then + if [ "$KEEP_RUNNING" != "1" ]; then + podman stop agama_ruby_test + fi + echo "Tests passed" +else + echo "Tests failed" + echo "To get into container use: podman attach agama_ruby_tests" + echo "git checkout is located at /checkout" + echo "To remove container use: podman rm agama_ruby_tests" +fi diff --git a/service/test/agama/config_reader_test.rb b/service/test/agama/config_reader_test.rb index c7e115f77e..ea4ea3f7e8 100644 --- a/service/test/agama/config_reader_test.rb +++ b/service/test/agama/config_reader_test.rb @@ -35,7 +35,7 @@ it "returns a Config object with the configuration read from the given file" do config = subject.config_from_file(File.join(workdir, "etc", "agama.yaml")) expect(config).to be_a(Agama::Config) - expect(config.data["products"].keys).to include("Tumbleweed") + expect(config.data["web"].keys).to include("ssl") end end diff --git a/service/test/agama/config_test.rb b/service/test/agama/config_test.rb index c61714ee9c..140010aed7 100644 --- a/service/test/agama/config_test.rb +++ b/service/test/agama/config_test.rb @@ -26,7 +26,7 @@ let(:config) { described_class.new("web" => { "ssl" => "SOMETHING" }) } before do - allow_any_instance_of(Agama::ConfigReader).to receive(:config).and_return(config) + allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_return([]) end describe ".load" do @@ -53,12 +53,12 @@ File.join(FIXTURES_PATH, "root_dir", "etc", "agama.yaml") ) expect(config).to be_a(described_class) - expect(config.data["products"].size).to eq(3) end end describe ".reset" do it "resets base and current configuration" do + allow_any_instance_of(Agama::ConfigReader).to receive(:config).and_return(config) described_class.load expect { described_class.reset }.to change { described_class.base }.from(config).to(nil) .and change { described_class.current }.to(nil) @@ -91,17 +91,25 @@ describe "#products" do it "returns products available for current hardware" do - subject = described_class.from_file(File.join(FIXTURES_PATH, "agama-archs.yaml")) - expect(subject.products.size).to eq 2 + allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_return([ + { + "id" => "test", + "archs" => "x86_64" + }, + { + "id" => "test2", + "archs" => "s390x" + } + ]) + expect(Yast2::ArchFilter).to receive(:from_string).twice.and_return(double(match?: true), double(match?: false)) + expect(subject.products.size).to eq 1 end end describe "#multi_product?" do context "when more than one product is defined" do - subject do - described_class.from_file( - File.join(FIXTURES_PATH, "root_dir", "etc", "agama.yaml") - ) + before do + allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_call_original end it "returns true" do @@ -110,11 +118,13 @@ end context "when just one product is defined" do - subject do - described_class.from_file(File.join(FIXTURES_PATH, "agama-single.yaml")) + before do + allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_call_original + products = Agama::ProductReader.new.load_products + allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_return([products.first]) end - it "returns true" do + it "returns false" do expect(subject.multi_product?).to eq(false) end end diff --git a/service/test/agama/dbus/server_manager_test.rb b/service/test/agama/dbus/server_manager_test.rb index 6fe836c83d..58e0af96c1 100644 --- a/service/test/agama/dbus/server_manager_test.rb +++ b/service/test/agama/dbus/server_manager_test.rb @@ -65,7 +65,7 @@ describe "#start_server" do it "starts the dbus-daemon and returns the PID" do expect(Process).to receive(:spawn) - .with(/dbus-daemon/, "--config-file", /dbus.conf/, any_args) + .with(/dbus-daemon/, "--config-file", any_args) # config file loc depends on pwd .and_return(1000) expect(Process).to receive(:detach).with(1000) expect(subject.start_server).to eq(1000) diff --git a/service/test/agama/software/manager_test.rb b/service/test/agama/software/manager_test.rb index 1dd557a6f1..3d9294d5bb 100644 --- a/service/test/agama/software/manager_test.rb +++ b/service/test/agama/software/manager_test.rb @@ -70,6 +70,8 @@ before do allow(Yast::Pkg).to receive(:TargetInitialize) allow(Yast::Pkg).to receive(:ImportGPGKey) + # allow glob to work for other calls + allow(Dir).to receive(:glob).and_call_original allow(Dir).to receive(:glob).with(/keys/).and_return(gpg_keys) allow(Yast::Packages).to receive(:Proposal).and_return({}) allow(Yast::InstURL).to receive(:installInf2Url).with("") @@ -79,6 +81,7 @@ allow(Agama::DBus::Clients::Questions).to receive(:new).and_return(questions_client) allow(Agama::Software::RepositoriesManager).to receive(:new).and_return(repositories) allow(Agama::Software::Proposal).to receive(:new).and_return(proposal) + allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_call_original end describe "#probe" do @@ -116,7 +119,7 @@ end it "registers the repository from config" do - expect(repositories).to receive(:add).with(/tumbleweed/) + expect(repositories).to receive(:add).with(/Dolomite/) expect(repositories).to receive(:load) subject.probe end @@ -126,9 +129,8 @@ it "returns the list of known products" do products = subject.products expect(products.size).to eq(3) - id, data = products.first - expect(id).to eq("Tumbleweed") - expect(data).to include( + expect(products["Tumbleweed"]).to_not eq nil + expect(products["Tumbleweed"]).to include( "name" => "openSUSE Tumbleweed", "description" => String ) @@ -152,16 +154,11 @@ expect(proposal).to receive(:set_resolvables) .with("agama", :pattern, ["enhanced_base"]) expect(proposal).to receive(:set_resolvables) - .with("agama", :pattern, ["optional_base"], optional: true) + .with("agama", :pattern, [], {optional: true}) expect(proposal).to receive(:set_resolvables) - .with("agama", :package, ["mandatory_pkg"]) + .with("agama", :package, ["NetworkManager"]) expect(proposal).to receive(:set_resolvables) - .with("agama", :package, ["optional_pkg"], optional: true) - subject.propose - - expect(Yast::Arch).to receive(:s390).and_return(true) - expect(proposal).to receive(:set_resolvables) - .with("agama", :package, ["mandatory_pkg", "mandatory_pkg_s390"]) + .with("agama", :package, [], {optional: true}) subject.propose end end diff --git a/service/test/fixtures/root_dir/etc/agama.yaml b/service/test/fixtures/root_dir/etc/agama.yaml index c87e4013ad..5ae38001f0 100644 --- a/service/test/fixtures/root_dir/etc/agama.yaml +++ b/service/test/fixtures/root_dir/etc/agama.yaml @@ -1,296 +1,17 @@ -products: - Tumbleweed: - name: openSUSE Tumbleweed - description: 'The Tumbleweed distribution is a pure rolling release version - of openSUSE containing the latest "stable" versions of all software - instead of relying on rigid periodic release cycles. The project does - this for users that want the newest stable software.' - Leap Micro: - name: openSUSE Leap Micro 5.2 - description: 'Leap Micro is an ultra-reliable, lightweight operating system - built for containerized and virtualized workloads. This community version - is based on SUSE Linux Enterprise Micro, which leverages the enterprise - hardened security and compliance components of SUSE Linux Enterprise.' - Leap: - name: openSUSE Leap 15.4 - description: 'Leap uses source from SUSE Linux Enterprise (SLE), which - gives Leap a level of stability unmatched by other Linux distributions, - and combines that with community developments to give users, developers - and sysadmins the best stable Linux experience available.' - web: ssl: null ssl_cert: null ssl_key: null - -Tumbleweed: - software: - installation_repositories: - - https://download.opensuse.org/tumbleweed/repo/oss/ - - https://download.opensuse.org/tumbleweed/repo/non-oss/ - - https://download.opensuse.org/update/tumbleweed/ - mandatory_patterns: - - enhanced_base # only pattern that is shared among all roles on TW - optional_patterns: - - optional_base - mandatory_packages: - - package: mandatory_pkg - - package: mandatory_pkg_s390 - archs: s390 - optional_packages: - - optional_pkg - base_product: openSUSE - - security: - lsm: apparmor - available_lsms: - apparmor: - patterns: - - apparmor - selinux: - patterns: - - selinux - policy: permissive - none: - patterns: null - - storage: - volumes: - - "/" - - "swap" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only_root: true - default_subvolume: "@" - subvolumes: - - path: home - - path: opt - - path: root - - path: srv - - path: usr/local - # Unified var subvolume - https://lists.opensuse.org/opensuse-packaging/2017-11/msg00017.html - - path: var - copy_on_write: false - - # Architecture specific subvolumes - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/arm-efi - archs: arm - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - path: boot/grub2/riscv64-efi - archs: riscv64 - - size: - auto: true - outline: - required: true - auto_size: - base_min: 5 GiB - base_max: 20 GiB - snapshots_increment: 10 GiB - min_fallback_for: - - "/home" - - "/home" - snapshots_configurable: true - - - mount_path: "/home" - filesystem: xfs - size: - auto: false - min: 10 GiB - max: unlimited - outline: - required: false - - - mount_path: "swap" - filesystem: swap - size: - auto: false - min: 1 GiB - max: 2 GiB - outline: - required: false - -Leap: - software: - installation_repositories: - # TODO: support somehow $releasever in URL - - https://download.opensuse.org/distribution/leap/15.4/repo/oss/ - - https://download.opensuse.org/distribution/leap/15.4/repo/non-oss/ - - https://download.opensuse.org/update/leap/15.4/oss/ - - https://download.opensuse.org/update/leap/15.4/non-oss/ - - https://download.opensuse.org/update/leap/15.4/sle/ - - https://download.opensuse.org/update/leap/15.4/backports/ - mandatory_patterns: - - enhanced_base # For now lets pick some minimal one - optional_patterns: null # no optional pattern shared - base_product: Leap - - security: - # TODO: check if skelcd for Leap 15.4 is correct as code is using lsm in globals, but skelcd contain selinux only - lsm: apparmor - available_lsms: - apparmor: - patterns: - - apparmor - selinux: - patterns: - - selinux - policy: disabled - none: - patterns: null - - storage: - volumes: - - "/" - - "swap" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only_root: true - default_subvolume: "@" - subvolumes: - - path: home - - path: opt - - path: root - - path: srv - - path: usr/local - # Unified var subvolume - https://lists.opensuse.org/opensuse-packaging/2017-11/msg00017.html - - path: var - copy_on_write: false - - # Architecture specific subvolumes - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/arm-efi - archs: arm - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - path: boot/grub2/riscv64-efi - archs: riscv64 - - size: - auto: true - outline: - required: true - auto_size: - base_min: 5 GiB - base_max: 20 GiB - snapshots_increment: 10 GiB - min_fallback_for: - - "/home" - - "/home" - snapshots_configurable: true - - - mount_path: "/home" - filesystem: xfs - size: - auto: false - min: 10 GiB - max: unlimited - outline: - required: false - - - mount_path: "swap" - filesystem: swap - size: - auto: false - min: 1 GiB - max: 2 GiB - outline: - required: false - -Leap Micro: - software: - installation_repositories: - - https://download.opensuse.org/distribution/leap-micro/5.2/product/repo/Leap-Micro-5.2-x86_64-Media/ - mandatory_patterns: - - microos-base - - microos-hardware - - microos-bootloader - - microos-defaults - - microos-basesystem - optional_patterns: null # no optional pattern shared - base_product: Leap-Micro - - security: - lsm: selinux - available_lsms: - selinux: - patterns: - - microos-selinux - policy: enforcing - none: - patterns: null - - storage: - volumes: - - "/" - - "/var" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only_root: true - default_subvolume: "@" - subvolumes: - - path: root - - path: home - - path: opt - - path: srv - - path: root - - path: boot/writable - - path: usr/local - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - size: - auto: true - outline: - required: true - auto_size: - base_min: 5 GiB - base_max: 20 GiB - snapshots_increment: 10 GiB - min_fallback_for: - - "/var" - - "/var" - snapshots_configurable: false - - - mount_path: "/var" - filesystem: btrfs - size: - auto: false - min: 5 GiB - max: unlimited - outline: - required: false +security: + lsm: apparmor + available_lsms: + apparmor: + patterns: + - apparmor + selinux: + patterns: + - selinux + policy: permissive + none: + patterns: null diff --git a/service/test/test_helper.rb b/service/test/test_helper.rb index ff1f933d46..1b611f9acd 100644 --- a/service/test/test_helper.rb +++ b/service/test/test_helper.rb @@ -26,6 +26,8 @@ FIXTURES_PATH = File.expand_path("fixtures", __dir__) $LOAD_PATH.unshift(SRC_PATH) +require "agama/product_reader" # to globally mock reading real products + # make sure we run the tests in English locale # (some tests check the output which is marked for translation) ENV["LC_ALL"] = "en_US.UTF-8" @@ -42,6 +44,12 @@ def require(path) end end +RSpec.configure do |c| + c.before do + allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_return([]) + end +end + if ENV["COVERAGE"] require "simplecov" SimpleCov.start do From a49fd9bb0f4c314989a5e98ffee9a3ca00fa0498 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Mon, 30 Oct 2023 14:13:04 +0100 Subject: [PATCH 05/19] move products to top level --- {service/products.d => products.d}/ALP-Dolomite.yaml | 0 {service/products.d => products.d}/opensuse.yaml | 0 service/lib/agama/product_reader.rb | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) rename {service/products.d => products.d}/ALP-Dolomite.yaml (100%) rename {service/products.d => products.d}/opensuse.yaml (100%) diff --git a/service/products.d/ALP-Dolomite.yaml b/products.d/ALP-Dolomite.yaml similarity index 100% rename from service/products.d/ALP-Dolomite.yaml rename to products.d/ALP-Dolomite.yaml diff --git a/service/products.d/opensuse.yaml b/products.d/opensuse.yaml similarity index 100% rename from service/products.d/opensuse.yaml rename to products.d/opensuse.yaml diff --git a/service/lib/agama/product_reader.rb b/service/lib/agama/product_reader.rb index 0d94371981..f3215a4445 100644 --- a/service/lib/agama/product_reader.rb +++ b/service/lib/agama/product_reader.rb @@ -31,7 +31,7 @@ class ProductReader # Default system path SYSTEM_PATH = "/usr/share/agama/products.d" - GIT_PATH = File.expand_path("#{__dir__}/../../products.d") + GIT_PATH = File.expand_path("#{__dir__}/../../../products.d") GIT_DIR = File.expand_path("#{__dir__}/../../../.git") attr_reader :logger From eb3c692a9f00595808a9a6630723b89c85b37a34 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Mon, 30 Oct 2023 14:26:33 +0100 Subject: [PATCH 06/19] fix tyypo --- service/run_tests_in_container.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/run_tests_in_container.sh b/service/run_tests_in_container.sh index da0423390d..b4ba7c1ebc 100644 --- a/service/run_tests_in_container.sh +++ b/service/run_tests_in_container.sh @@ -7,7 +7,7 @@ podman start agama_ruby_tests podman exec agama_ruby_tests zypper --non-interactive install yast2-iscsi-client ruby3.2-rubygem-eventmachine if podman exec --workdir /checkout/service agama_ruby_tests rake test:unit; then if [ "$KEEP_RUNNING" != "1" ]; then - podman stop agama_ruby_test + podman stop agama_ruby_tests fi echo "Tests passed" else From b8606a52dadbb6042311a56d42c00f0b0f8b43b3 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Mon, 30 Oct 2023 16:10:52 +0100 Subject: [PATCH 07/19] add packaging files --- products.d/agama-products-opensuse.changes | 4 ++ products.d/agama-products-opensuse.spec | 63 ++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 products.d/agama-products-opensuse.changes create mode 100644 products.d/agama-products-opensuse.spec diff --git a/products.d/agama-products-opensuse.changes b/products.d/agama-products-opensuse.changes new file mode 100644 index 0000000000..6508842f8c --- /dev/null +++ b/products.d/agama-products-opensuse.changes @@ -0,0 +1,4 @@ +------------------------------------------------------------------- +Mon Oct 30 14:38:51 UTC 2023 - Josef Reidinger + +- Initial split of products diff --git a/products.d/agama-products-opensuse.spec b/products.d/agama-products-opensuse.spec new file mode 100644 index 0000000000..c1ce1991a8 --- /dev/null +++ b/products.d/agama-products-opensuse.spec @@ -0,0 +1,63 @@ +# +# spec file for package agama-products-opensuse +# +# Copyright (c) 2023 SUSE LINUX GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +Name: agama-products-opensuse +# This will be set by osc services, that will run after this. +Version: 0 +Release: 0 +Summary: Definition of opensuse products for Agama installer +License: GPL-2.0-only +Url: https://github.com/opensuse/agama +BuildArch: noarch +Source0: opensuse.yaml +Source1: ALP-Dolomite.yaml + +%description +Products definition for Agama installer. This one is for opensuse products. + +%package -n agama-products-ALP-Dolomite +# This will be set by osc services, that will run after this. +Version: 0 +Release: 0 +Summary: Definition of dolomite product for Agama installer +License: GPL-2.0-only +Url: https://github.com/opensuse/agama +BuildArch: noarch + +%description -n agama-products-ALP-Dolomite +Products definition for Agama installer. This one is for ALP Dolomite product. + +%prep + +%build + +%install +install -D -d -m 0755 %{buildroot}%{_datadir}/agama/products.d +install -m 0644 %{SOURCE0} %{buildroot}%{_datadir}/agama/products.d +install -m 0644 %{SOURCE1} %{buildroot}%{_datadir}/agama/products.d + +%files +%dir %{_datadir}/agama +%dir %{_datadir}/agama/products.d +%{_datadir}/agama/products.d/opensuse.yaml + +%files -n agama-products-ALP-Dolomite +%dir %{_datadir}/agama +%dir %{_datadir}/agama/products.d +%{_datadir}/agama/products.d/ALP-Dolomite.yaml + +%changelog From b3bc24c4289362c9d682e95f562da1779a57c436 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Mon, 30 Oct 2023 17:35:55 +0100 Subject: [PATCH 08/19] add staging setup for new products --- .github/workflows/obs-staging-products.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/obs-staging-products.yml diff --git a/.github/workflows/obs-staging-products.yml b/.github/workflows/obs-staging-products.yml new file mode 100644 index 0000000000..d67b067714 --- /dev/null +++ b/.github/workflows/obs-staging-products.yml @@ -0,0 +1,19 @@ +name: Submit agama-products + +on: + # runs on pushes targeting the default branch + push: + branches: + - master + paths: + # run only when a Rust source is changed + - products.d/** + +jobs: + update_staging: + uses: ./.github/workflows/obs-staging-shared.yml + # pass all secrets + secrets: inherit + with: + project_name: systemsmanagement:Agama:Staging + package_name: agama-products-opensuse From 0f96c0140cbc6d21f3f5a4f09507db8dd8f7e37b Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Mon, 30 Oct 2023 21:30:32 +0100 Subject: [PATCH 09/19] adapt service package to move of ssl.conf --- service/agama.gemspec | 2 +- service/package/gem2rpm.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/service/agama.gemspec b/service/agama.gemspec index bb2b561d4a..4f254b40b7 100644 --- a/service/agama.gemspec +++ b/service/agama.gemspec @@ -39,7 +39,7 @@ Gem::Specification.new do |spec| spec.email = "yast-devel@opensuse.org" spec.homepage = "https://github.com/openSUSE/agama" spec.license = "GPL-2.0-only" - spec.files = Dir["lib/**/*.rb", "bin/*", "share/*", "etc/*"] + spec.files = Dir["lib/**/*.rb", "bin/*", "share/*", "conf.d/*"] spec.executables = ["agamactl", "agama-proxy-setup"] spec.metadata = { "rubygems_mfa_required" => "true" } diff --git a/service/package/gem2rpm.yml b/service/package/gem2rpm.yml index 5ff69bf1f2..588ea4ac70 100644 --- a/service/package/gem2rpm.yml +++ b/service/package/gem2rpm.yml @@ -10,7 +10,7 @@ install -m 0644 --target-directory=%{buildroot}%{_datadir}/dbus-1/agama-services %{buildroot}%{gem_base}/gems/%{mod_full_name}/share/org.opensuse.Agama*.service install -D -m 0644 %{buildroot}%{gem_base}/gems/%{mod_full_name}/share/agama.service %{buildroot}%{_unitdir}/agama.service install -D -m 0644 %{buildroot}%{gem_base}/gems/%{mod_full_name}/share/agama-proxy-setup.service %{buildroot}%{_unitdir}/agama-proxy-setup.service - install -D -m 0644 %{buildroot}%{gem_base}/gems/%{mod_full_name}/etc/agama.yaml %{buildroot}%{_sysconfdir}/agama.yaml + install -D -m 0644 %{buildroot}%{gem_base}/gems/%{mod_full_name}/conf.d/*.yaml %{buildroot}/usr/lib/agama.d/ :main: :preamble: |- # Override build.rpm, see also https://github.com/openSUSE/obs-build/blob/master/configs/ @@ -39,4 +39,4 @@ %{_datadir}/dbus-1/agama-services/org.opensuse.Agama*.service\n %{_unitdir}/agama.service\n %{_unitdir}/agama-proxy-setup.service\n - %config %{_sysconfdir}/agama.yaml\n" + /usr/lib/agama.d\n" From 1157292ec264a9d2c9c5bd46ed8639be9831acb1 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Mon, 30 Oct 2023 21:59:45 +0100 Subject: [PATCH 10/19] make ruboopc happy --- service/lib/agama/config.rb | 3 ++- service/lib/agama/product_reader.rb | 2 +- service/test/agama/config_test.rb | 16 ++++++++++------ service/test/agama/software/manager_test.rb | 4 ++-- 4 files changed, 15 insertions(+), 10 deletions(-) diff --git a/service/lib/agama/config.rb b/service/lib/agama/config.rb index 7bd73d8fce..70613ca43e 100644 --- a/service/lib/agama/config.rb +++ b/service/lib/agama/config.rb @@ -87,7 +87,7 @@ def data # Currently product merges its config to global config. # Keys defined in constant are the ones specific to product that # should not be merged to global config. - PRODUCT_SPECIFIC_KEYS = ["id", "name", "description"] + PRODUCT_SPECIFIC_KEYS = ["id", "name", "description"].freeze def pick_product(product_id) to_merge = products[product_id] to_merge = to_merge.reject { |k, _v| PRODUCT_SPECIFIC_KEYS.include?(k) } @@ -97,6 +97,7 @@ def pick_product(product_id) # hash of available base products for current architecture def products return @products if @products + products = ProductReader.new(logger: @logger).load_products products.select! do |product| diff --git a/service/lib/agama/product_reader.rb b/service/lib/agama/product_reader.rb index f3215a4445..7753f72d63 100644 --- a/service/lib/agama/product_reader.rb +++ b/service/lib/agama/product_reader.rb @@ -23,7 +23,6 @@ require "yaml" require "logger" - module Agama # This class is responsible for reading available products definition class ProductReader @@ -35,6 +34,7 @@ class ProductReader GIT_DIR = File.expand_path("#{__dir__}/../../../.git") attr_reader :logger + # Constructor # # @param logger [Logger] diff --git a/service/test/agama/config_test.rb b/service/test/agama/config_test.rb index 140010aed7..b278be7ebb 100644 --- a/service/test/agama/config_test.rb +++ b/service/test/agama/config_test.rb @@ -91,17 +91,20 @@ describe "#products" do it "returns products available for current hardware" do - allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_return([ + allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_return( + [ { - "id" => "test", + "id" => "test", "archs" => "x86_64" }, { - "id" => "test2", + "id" => "test2", "archs" => "s390x" } - ]) - expect(Yast2::ArchFilter).to receive(:from_string).twice.and_return(double(match?: true), double(match?: false)) + ] + ) + expect(Yast2::ArchFilter).to receive(:from_string).twice.and_return(double(match?: true), + double(match?: false)) expect(subject.products.size).to eq 1 end end @@ -121,7 +124,8 @@ before do allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_call_original products = Agama::ProductReader.new.load_products - allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_return([products.first]) + allow_any_instance_of(Agama::ProductReader).to receive(:load_products) + .and_return([products.first]) end it "returns false" do diff --git a/service/test/agama/software/manager_test.rb b/service/test/agama/software/manager_test.rb index 3d9294d5bb..5ef1cfc099 100644 --- a/service/test/agama/software/manager_test.rb +++ b/service/test/agama/software/manager_test.rb @@ -154,11 +154,11 @@ expect(proposal).to receive(:set_resolvables) .with("agama", :pattern, ["enhanced_base"]) expect(proposal).to receive(:set_resolvables) - .with("agama", :pattern, [], {optional: true}) + .with("agama", :pattern, [], { optional: true }) expect(proposal).to receive(:set_resolvables) .with("agama", :package, ["NetworkManager"]) expect(proposal).to receive(:set_resolvables) - .with("agama", :package, [], {optional: true}) + .with("agama", :package, [], { optional: true }) subject.propose end end From c3932bc301d8ecf5e16c63aeea02e302e2c12810 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Mon, 30 Oct 2023 22:13:34 +0100 Subject: [PATCH 11/19] Apply suggestions from code review Co-authored-by: Martin Vidner --- service/lib/agama/config.rb | 1 + service/lib/agama/product_reader.rb | 3 ++- service/run_tests_in_container.sh | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/service/lib/agama/config.rb b/service/lib/agama/config.rb index 70613ca43e..698bf1bfd4 100644 --- a/service/lib/agama/config.rb +++ b/service/lib/agama/config.rb @@ -95,6 +95,7 @@ def pick_product(product_id) end # hash of available base products for current architecture + # @return [Hash{String => Hash}] product_id => product def products return @products if @products diff --git a/service/lib/agama/product_reader.rb b/service/lib/agama/product_reader.rb index 7753f72d63..0d8d4087e9 100644 --- a/service/lib/agama/product_reader.rb +++ b/service/lib/agama/product_reader.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -# Copyright (c) [2022] SUSE LLC +# Copyright (c) [2023] SUSE LLC # # All Rights Reserved. # @@ -25,6 +25,7 @@ module Agama # This class is responsible for reading available products definition + # either from system path (`/usr/share/agama/products.d) or the git repo. class ProductReader include Yast::I18n diff --git a/service/run_tests_in_container.sh b/service/run_tests_in_container.sh index b4ba7c1ebc..429f2aa6ce 100644 --- a/service/run_tests_in_container.sh +++ b/service/run_tests_in_container.sh @@ -12,7 +12,7 @@ if podman exec --workdir /checkout/service agama_ruby_tests rake test:unit; then echo "Tests passed" else echo "Tests failed" - echo "To get into container use: podman attach agama_ruby_tests" - echo "git checkout is located at /checkout" - echo "To remove container use: podman rm agama_ruby_tests" + echo "To get into container use:"; echo " podman attach agama_ruby_tests" + echo " cd /checkout" + echo "To remove container use:"; echo " podman rm agama_ruby_tests" fi From f563c2fe1729e4cb8ac88130acf97386c21dbece Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Mon, 30 Oct 2023 22:29:26 +0100 Subject: [PATCH 12/19] replace allow_any_instance --- service/test/agama/config_test.rb | 16 ++++++---------- service/test/agama/software/manager_test.rb | 2 +- service/test/test_helper.rb | 3 ++- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/service/test/agama/config_test.rb b/service/test/agama/config_test.rb index b278be7ebb..ca6273a822 100644 --- a/service/test/agama/config_test.rb +++ b/service/test/agama/config_test.rb @@ -25,10 +25,6 @@ describe Agama::Config do let(:config) { described_class.new("web" => { "ssl" => "SOMETHING" }) } - before do - allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_return([]) - end - describe ".load" do before do described_class.reset @@ -91,7 +87,7 @@ describe "#products" do it "returns products available for current hardware" do - allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_return( + allow(Agama::ProductReader).to receive(:new).and_return(double(load_products: [ { "id" => "test", @@ -102,7 +98,7 @@ "archs" => "s390x" } ] - ) + )) expect(Yast2::ArchFilter).to receive(:from_string).twice.and_return(double(match?: true), double(match?: false)) expect(subject.products.size).to eq 1 @@ -112,7 +108,7 @@ describe "#multi_product?" do context "when more than one product is defined" do before do - allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_call_original + allow(Agama::ProductReader).to receive(:new).and_call_original end it "returns true" do @@ -122,10 +118,10 @@ context "when just one product is defined" do before do - allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_call_original + allow(Agama::ProductReader).to receive(:new).and_call_original products = Agama::ProductReader.new.load_products - allow_any_instance_of(Agama::ProductReader).to receive(:load_products) - .and_return([products.first]) + allow(Agama::ProductReader).to receive(:new) + .and_return(double(load_products: [products.first])) end it "returns false" do diff --git a/service/test/agama/software/manager_test.rb b/service/test/agama/software/manager_test.rb index 5ef1cfc099..a932423199 100644 --- a/service/test/agama/software/manager_test.rb +++ b/service/test/agama/software/manager_test.rb @@ -81,7 +81,7 @@ allow(Agama::DBus::Clients::Questions).to receive(:new).and_return(questions_client) allow(Agama::Software::RepositoriesManager).to receive(:new).and_return(repositories) allow(Agama::Software::Proposal).to receive(:new).and_return(proposal) - allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_call_original + allow(Agama::ProductReader).to receive(:new).and_call_original end describe "#probe" do diff --git a/service/test/test_helper.rb b/service/test/test_helper.rb index 1b611f9acd..4340322ca0 100644 --- a/service/test/test_helper.rb +++ b/service/test/test_helper.rb @@ -46,7 +46,8 @@ def require(path) RSpec.configure do |c| c.before do - allow_any_instance_of(Agama::ProductReader).to receive(:load_products).and_return([]) + allow(Agama::ProductReader).to receive(:new) + .and_return(double(load_products: [])) end end From cbf275fae45923def588599a2bd6b52f8356c287 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Mon, 30 Oct 2023 22:31:01 +0100 Subject: [PATCH 13/19] fix typo --- service/test/agama/dbus/server_manager_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/test/agama/dbus/server_manager_test.rb b/service/test/agama/dbus/server_manager_test.rb index 58e0af96c1..496d49beb4 100644 --- a/service/test/agama/dbus/server_manager_test.rb +++ b/service/test/agama/dbus/server_manager_test.rb @@ -65,7 +65,7 @@ describe "#start_server" do it "starts the dbus-daemon and returns the PID" do expect(Process).to receive(:spawn) - .with(/dbus-daemon/, "--config-file", any_args) # config file loc depends on pwd + .with(/dbus-daemon/, "--config-file", any_args) # config file location depends on pwd .and_return(1000) expect(Process).to receive(:detach).with(1000) expect(subject.start_server).to eq(1000) From 6577ddaaf1c819dec38ab5ba2b190c9e76f240af Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Mon, 30 Oct 2023 22:43:11 +0100 Subject: [PATCH 14/19] more happy rubocop --- service/test/agama/config_test.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/service/test/agama/config_test.rb b/service/test/agama/config_test.rb index ca6273a822..84ede3e81e 100644 --- a/service/test/agama/config_test.rb +++ b/service/test/agama/config_test.rb @@ -97,8 +97,7 @@ "id" => "test2", "archs" => "s390x" } - ] - )) + ])) expect(Yast2::ArchFilter).to receive(:from_string).twice.and_return(double(match?: true), double(match?: false)) expect(subject.products.size).to eq 1 From 991c93d1958d4ca6cf1eb4a345a73f05334173e0 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Tue, 31 Oct 2023 16:04:01 +0100 Subject: [PATCH 15/19] Apply suggestions from code review Co-authored-by: Martin Vidner --- products.d/agama-products-opensuse.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/products.d/agama-products-opensuse.spec b/products.d/agama-products-opensuse.spec index c1ce1991a8..4a67ff92b3 100644 --- a/products.d/agama-products-opensuse.spec +++ b/products.d/agama-products-opensuse.spec @@ -19,7 +19,7 @@ Name: agama-products-opensuse # This will be set by osc services, that will run after this. Version: 0 Release: 0 -Summary: Definition of opensuse products for Agama installer +Summary: Definition of openSUSE products for the Agama installer License: GPL-2.0-only Url: https://github.com/opensuse/agama BuildArch: noarch @@ -33,7 +33,7 @@ Products definition for Agama installer. This one is for opensuse products. # This will be set by osc services, that will run after this. Version: 0 Release: 0 -Summary: Definition of dolomite product for Agama installer +Summary: Definition of Dolomite product for the Agama installer License: GPL-2.0-only Url: https://github.com/opensuse/agama BuildArch: noarch From f172fd95cafef3feac3a152b1fd2b3123549166a Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Tue, 31 Oct 2023 16:22:33 +0100 Subject: [PATCH 16/19] changes from review --- products.d/agama-products-opensuse.changes | 3 ++- service/conf.d/{ssl.yaml => web.yaml} | 0 2 files changed, 2 insertions(+), 1 deletion(-) rename service/conf.d/{ssl.yaml => web.yaml} (100%) diff --git a/products.d/agama-products-opensuse.changes b/products.d/agama-products-opensuse.changes index 6508842f8c..f84460af9e 100644 --- a/products.d/agama-products-opensuse.changes +++ b/products.d/agama-products-opensuse.changes @@ -1,4 +1,5 @@ ------------------------------------------------------------------- Mon Oct 30 14:38:51 UTC 2023 - Josef Reidinger -- Initial split of products +- Initial split of products (gh#openSUSE/agama#602, + gh#openSUSE/agama#822) diff --git a/service/conf.d/ssl.yaml b/service/conf.d/web.yaml similarity index 100% rename from service/conf.d/ssl.yaml rename to service/conf.d/web.yaml From b9bbdeac9b2647ebf323205bbd36f9a838936e94 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Tue, 31 Oct 2023 16:35:33 +0100 Subject: [PATCH 17/19] split opensuse products to separate files --- products.d/agama-products-opensuse.spec | 7 +- products.d/leap16.yaml | 91 ++++++++++ products.d/opensuse.yaml | 232 ------------------------ products.d/tumbleweed.yaml | 140 ++++++++++++++ 4 files changed, 236 insertions(+), 234 deletions(-) create mode 100644 products.d/leap16.yaml delete mode 100644 products.d/opensuse.yaml create mode 100644 products.d/tumbleweed.yaml diff --git a/products.d/agama-products-opensuse.spec b/products.d/agama-products-opensuse.spec index 4a67ff92b3..bc2af88b9d 100644 --- a/products.d/agama-products-opensuse.spec +++ b/products.d/agama-products-opensuse.spec @@ -23,8 +23,9 @@ Summary: Definition of openSUSE products for the Agama installer License: GPL-2.0-only Url: https://github.com/opensuse/agama BuildArch: noarch -Source0: opensuse.yaml +Source0: tumbleweed.yaml Source1: ALP-Dolomite.yaml +Source2: leap16.yaml %description Products definition for Agama installer. This one is for opensuse products. @@ -49,11 +50,13 @@ Products definition for Agama installer. This one is for ALP Dolomite product. install -D -d -m 0755 %{buildroot}%{_datadir}/agama/products.d install -m 0644 %{SOURCE0} %{buildroot}%{_datadir}/agama/products.d install -m 0644 %{SOURCE1} %{buildroot}%{_datadir}/agama/products.d +install -m 0644 %{SOURCE2} %{buildroot}%{_datadir}/agama/products.d %files %dir %{_datadir}/agama %dir %{_datadir}/agama/products.d -%{_datadir}/agama/products.d/opensuse.yaml +%{_datadir}/agama/products.d/tumbleweed.yaml +%{_datadir}/agama/products.d/leap16.yaml %files -n agama-products-ALP-Dolomite %dir %{_datadir}/agama diff --git a/products.d/leap16.yaml b/products.d/leap16.yaml new file mode 100644 index 0000000000..85d43fc8f3 --- /dev/null +++ b/products.d/leap16.yaml @@ -0,0 +1,91 @@ +id: Leap16 +name: openSUSE Leap 16.0 +archs: x86_64,aarch64 +description: '[Experimental project] openSUSE Leap 16 is built on top of the next generation Adaptable Linux Platform (ALP) from SUSE.' +software: + installation_repositories: + - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-x86_64-Media1/ + archs: x86_64 + - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-aarch64-Media1/ + archs: aarch64 + mandatory_patterns: + - alp_base + - alp_base_zypper + - alp_cockpit + - alp-container_runtime + - alp_defaults + optional_patterns: null # no optional pattern shared + mandatory_packages: + - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) + - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily + archs: aarch64, x86_64 + - package: libtss2-tcti-device0 + optional_packages: null + base_product: Leap16 + +security: + tpm_luks_open: true + lsm: selinux + available_lsms: + # apparmor: + # patterns: + # - apparmor + selinux: + patterns: + - alp_selinux + policy: enforcing + none: + patterns: null + +storage: + space_policy: delete + encryption: + method: luks2 + pbkd_function: pbkdf2 + volumes: + - "/" + volume_templates: + - mount_path: "/" + filesystem: btrfs + btrfs: + snapshots: true + read_only: true + default_subvolume: "@" + subvolumes: + - path: root + - path: home + - path: opt + - path: srv + - path: boot/writable + - path: usr/local + - path: boot/grub2/arm64-efi + archs: aarch64 + - path: boot/grub2/i386-pc + archs: x86_64 + - path: boot/grub2/powerpc-ieee1275 + archs: ppc,!board_powernv + - path: boot/grub2/s390x-emu + archs: s390 + - path: boot/grub2/x86_64-efi + archs: x86_64 + - path: var + copy_on_write: false + size: + auto: false + min: 5 GiB + outline: + required: true + filesystems: + - btrfs + snapshots_configurable: false + - filesystem: xfs + size: + auto: false + outline: + required: false + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs diff --git a/products.d/opensuse.yaml b/products.d/opensuse.yaml deleted file mode 100644 index 08cf9be7a0..0000000000 --- a/products.d/opensuse.yaml +++ /dev/null @@ -1,232 +0,0 @@ -- id: Tumbleweed - name: openSUSE Tumbleweed - description: 'The Tumbleweed distribution is a pure rolling release version - of openSUSE containing the latest "stable" versions of all software - instead of relying on rigid periodic release cycles. The project does - this for users that want the newest stable software.' - software: - installation_repositories: - - url: https://download.opensuse.org/tumbleweed/repo/oss/ - archs: x86_64 - - url: https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/ - archs: aarch64 - - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/oss/ - archs: s390 - - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ - archs: ppc - - url: https://download.opensuse.org/tumbleweed/repo/non-oss/ - archs: x86_64 - # aarch64 does not have non-oss ports. Keep eye if it change - - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/non-oss/ - archs: s390 - - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/non-oss/ - archs: ppc - - url: https://download.opensuse.org/update/tumbleweed/ - archs: x86_64 - - url: https://download.opensuse.org/ports/aarch64/update/tumbleweed/ - archs: aarch64 - - url: https://download.opensuse.org/ports/zsystems/update/tumbleweed/ - archs: s390 - - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ - archs: ppc - mandatory_patterns: - - enhanced_base # only pattern that is shared among all roles on TW - optional_patterns: null # no optional pattern shared - mandatory_packages: - - NetworkManager - optional_packages: null - base_product: openSUSE - - security: - lsm: apparmor - available_lsms: - apparmor: - patterns: - - apparmor - selinux: - patterns: - - selinux - policy: permissive - none: - patterns: null - - storage: - space_policy: delete - volumes: - - "/" - - "swap" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only: false - default_subvolume: "@" - subvolumes: - - path: home - - path: opt - - path: root - - path: srv - - path: usr/local - # Unified var subvolume - https://lists.opensuse.org/opensuse-packaging/2017-11/msg00017.html - - path: var - copy_on_write: false - # Architecture specific subvolumes - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/arm-efi - archs: arm - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - path: boot/grub2/riscv64-efi - archs: riscv64 - size: - auto: true - outline: - required: true - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs - auto_size: - base_min: 5 GiB - base_max: 15 GiB - snapshots_increment: 250% - max_fallback_for: - - "/home" - snapshots_configurable: true - - mount_path: "swap" - filesystem: swap - size: - auto: false - min: 1 GiB - max: 2 GiB - outline: - required: false - filesystems: - - swap - - mount_path: "/home" - filesystem: xfs - size: - auto: false - min: 10 GiB - max: unlimited - outline: - required: false - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs - - filesystem: xfs - size: - auto: false - outline: - required: false - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs - -- id: Leap16 - name: openSUSE Leap 16.0 - archs: x86_64,aarch64 - description: '[Experimental project] openSUSE Leap 16 is built on top of the next generation Adaptable Linux Platform (ALP) from SUSE.' - software: - installation_repositories: - - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-x86_64-Media1/ - archs: x86_64 - - url: https://download.opensuse.org/repositories/openSUSE:/Leap:/16.0/images/repo/Leap-16.0-aarch64-Media1/ - archs: aarch64 - mandatory_patterns: - - alp_base - - alp_base_zypper - - alp_cockpit - - alp-container_runtime - - alp_defaults - optional_patterns: null # no optional pattern shared - mandatory_packages: - - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) - - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily - archs: aarch64, x86_64 - - package: libtss2-tcti-device0 - optional_packages: null - base_product: Leap16 - - security: - tpm_luks_open: true - lsm: selinux - available_lsms: - # apparmor: - # patterns: - # - apparmor - selinux: - patterns: - - alp_selinux - policy: enforcing - none: - patterns: null - - storage: - space_policy: delete - encryption: - method: luks2 - pbkd_function: pbkdf2 - volumes: - - "/" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only: true - default_subvolume: "@" - subvolumes: - - path: root - - path: home - - path: opt - - path: srv - - path: boot/writable - - path: usr/local - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - - path: var - copy_on_write: false - size: - auto: false - min: 5 GiB - outline: - required: true - filesystems: - - btrfs - snapshots_configurable: false - - filesystem: xfs - size: - auto: false - outline: - required: false - filesystems: - - btrfs - - ext2 - - ext3 - - ext4 - - xfs diff --git a/products.d/tumbleweed.yaml b/products.d/tumbleweed.yaml new file mode 100644 index 0000000000..732b836815 --- /dev/null +++ b/products.d/tumbleweed.yaml @@ -0,0 +1,140 @@ +id: Tumbleweed +name: openSUSE Tumbleweed +description: 'The Tumbleweed distribution is a pure rolling release version + of openSUSE containing the latest "stable" versions of all software + instead of relying on rigid periodic release cycles. The project does + this for users that want the newest stable software.' +software: + installation_repositories: + - url: https://download.opensuse.org/tumbleweed/repo/oss/ + archs: x86_64 + - url: https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/ + archs: aarch64 + - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/oss/ + archs: s390 + - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ + archs: ppc + - url: https://download.opensuse.org/tumbleweed/repo/non-oss/ + archs: x86_64 + # aarch64 does not have non-oss ports. Keep eye if it change + - url: https://download.opensuse.org/ports/zsystems/tumbleweed/repo/non-oss/ + archs: s390 + - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/non-oss/ + archs: ppc + - url: https://download.opensuse.org/update/tumbleweed/ + archs: x86_64 + - url: https://download.opensuse.org/ports/aarch64/update/tumbleweed/ + archs: aarch64 + - url: https://download.opensuse.org/ports/zsystems/update/tumbleweed/ + archs: s390 + - url: https://download.opensuse.org/ports/ppc/tumbleweed/repo/oss/ + archs: ppc + mandatory_patterns: + - enhanced_base # only pattern that is shared among all roles on TW + optional_patterns: null # no optional pattern shared + mandatory_packages: + - NetworkManager + optional_packages: null + base_product: openSUSE + +security: + lsm: apparmor + available_lsms: + apparmor: + patterns: + - apparmor + selinux: + patterns: + - selinux + policy: permissive + none: + patterns: null + +storage: + space_policy: delete + volumes: + - "/" + - "swap" + volume_templates: + - mount_path: "/" + filesystem: btrfs + btrfs: + snapshots: true + read_only: false + default_subvolume: "@" + subvolumes: + - path: home + - path: opt + - path: root + - path: srv + - path: usr/local + # Unified var subvolume - https://lists.opensuse.org/opensuse-packaging/2017-11/msg00017.html + - path: var + copy_on_write: false + # Architecture specific subvolumes + - path: boot/grub2/arm64-efi + archs: aarch64 + - path: boot/grub2/arm-efi + archs: arm + - path: boot/grub2/i386-pc + archs: x86_64 + - path: boot/grub2/powerpc-ieee1275 + archs: ppc,!board_powernv + - path: boot/grub2/s390x-emu + archs: s390 + - path: boot/grub2/x86_64-efi + archs: x86_64 + - path: boot/grub2/riscv64-efi + archs: riscv64 + size: + auto: true + outline: + required: true + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs + auto_size: + base_min: 5 GiB + base_max: 15 GiB + snapshots_increment: 250% + max_fallback_for: + - "/home" + snapshots_configurable: true + - mount_path: "swap" + filesystem: swap + size: + auto: false + min: 1 GiB + max: 2 GiB + outline: + required: false + filesystems: + - swap + - mount_path: "/home" + filesystem: xfs + size: + auto: false + min: 10 GiB + max: unlimited + outline: + required: false + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs + - filesystem: xfs + size: + auto: false + outline: + required: false + filesystems: + - btrfs + - ext2 + - ext3 + - ext4 + - xfs From fa0d0c548b8e1a1114376c3f6fb0d90ac2986994 Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Tue, 31 Oct 2023 16:44:29 +0100 Subject: [PATCH 18/19] try to adapt integration tests --- .github/workflows/ci-integration-tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-integration-tests.yml b/.github/workflows/ci-integration-tests.yml index 7f7fdf87cb..2b604d1c73 100644 --- a/.github/workflows/ci-integration-tests.yml +++ b/.github/workflows/ci-integration-tests.yml @@ -122,8 +122,8 @@ jobs: run: podman exec agama bash -c "cd /checkout; ./setup-service.sh" - name: Set a testing Agama configuration - # copy a simplified ALP config file, it skips the product selection at the beginning - run: podman exec agama bash -c "cp /checkout/playwright/config/agama.yaml /checkout/service/etc/agama.yaml" + # use just one product, it skips the product selection at the beginning + run: podman exec agama bash -c "rm /checkout/products.d/{leap16,ALP-Dolomite}.yaml" - name: Show NetworkManager log run: podman exec agama journalctl -u NetworkManager From 7be5524f8d0b5d47093b9207579b1e246e6029ff Mon Sep 17 00:00:00 2001 From: Josef Reidinger Date: Tue, 31 Oct 2023 16:59:18 +0100 Subject: [PATCH 19/19] fix single product yaml --- products.d/ALP-Dolomite.yaml | 200 ++++++++++++++-------------- service/lib/agama/product_reader.rb | 3 +- 2 files changed, 102 insertions(+), 101 deletions(-) diff --git a/products.d/ALP-Dolomite.yaml b/products.d/ALP-Dolomite.yaml index 94fe0a53b2..1f9ac18abb 100644 --- a/products.d/ALP-Dolomite.yaml +++ b/products.d/ALP-Dolomite.yaml @@ -1,103 +1,103 @@ -- id: ALP-Dolomite - name: SUSE ALP Dolomite - description: 'SUSE ALP Dolomite is a minimum immutable OS core, focused on - security to provide the bare minimum to run workloads and services as - containers or virtual machines.' - software: - installation_repositories: - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/x86_64/product/ - archs: x86_64 - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/aarch64/product/ - archs: aarch64 - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/s390x/product/ - archs: s390 - - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/ppc64le/product/ - archs: ppc +id: ALP-Dolomite +name: SUSE ALP Dolomite +description: 'SUSE ALP Dolomite is a minimum immutable OS core, focused on + security to provide the bare minimum to run workloads and services as + containers or virtual machines.' +software: + installation_repositories: + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/x86_64/product/ + archs: x86_64 + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/aarch64/product/ + archs: aarch64 + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/s390x/product/ + archs: s390 + - url: https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/ppc64le/product/ + archs: ppc - mandatory_patterns: - - alp_base_zypper - - alp_cockpit - - alp_hardware - optional_patterns: null # no optional pattern shared - mandatory_packages: - - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) - - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily - archs: aarch64, x86_64 - - package: libtss2-tcti-device0 - - package: ppc64-diag # Needed for hardware-based installations - archs: ppc64 - optional_packages: null - base_product: ALP-Dolomite + mandatory_patterns: + - alp_base_zypper + - alp_cockpit + - alp_hardware + optional_patterns: null # no optional pattern shared + mandatory_packages: + - package: device-mapper # Apparently needed if devices at /dev/mapper are used at boot (eg. FDE) + - package: fde-tools # Needed for FDE with TPM, hardcoded here temporarily + archs: aarch64, x86_64 + - package: libtss2-tcti-device0 + - package: ppc64-diag # Needed for hardware-based installations + archs: ppc64 + optional_packages: null + base_product: ALP-Dolomite - security: - tpm_luks_open: true - lsm: selinux - available_lsms: - # apparmor: - # patterns: - # - apparmor - selinux: - patterns: - - alp_selinux - policy: enforcing - none: - patterns: null +security: + tpm_luks_open: true + lsm: selinux + available_lsms: + # apparmor: + # patterns: + # - apparmor + selinux: + patterns: + - alp_selinux + policy: enforcing + none: + patterns: null - storage: - space_policy: delete - encryption: - method: luks2 - pbkd_function: pbkdf2 - volumes: - - "/" - volume_templates: - - mount_path: "/" - filesystem: btrfs - btrfs: - snapshots: true - read_only: true - default_subvolume: "@" - subvolumes: - - path: root - - path: home - - path: opt - - path: srv - - path: boot/writable - - path: usr/local - - path: var - copy_on_write: false - # Architecture specific subvolume - - path: boot/grub2/arm64-efi - archs: aarch64 - - path: boot/grub2/i386-pc - archs: x86_64 - - path: boot/grub2/powerpc-ieee1275 - archs: ppc,!board_powernv - - path: boot/grub2/s390x-emu - archs: s390 - - path: boot/grub2/x86_64-efi - archs: x86_64 - size: - auto: true - outline: - required: true - filesystems: - - btrfs - snapshots_configurable: false - auto_size: - base_min: 5 GiB - base_max: 25 GiB - max_fallback_for: - - "/var" - - mount_path: "/var" - filesystem: btrfs - mount_options: - - "x-initrd.mount" - - "nodatacow" - size: - auto: false - min: 5 GiB - outline: - required: false - filesystems: - - btrfs +storage: + space_policy: delete + encryption: + method: luks2 + pbkd_function: pbkdf2 + volumes: + - "/" + volume_templates: + - mount_path: "/" + filesystem: btrfs + btrfs: + snapshots: true + read_only: true + default_subvolume: "@" + subvolumes: + - path: root + - path: home + - path: opt + - path: srv + - path: boot/writable + - path: usr/local + - path: var + copy_on_write: false + # Architecture specific subvolume + - path: boot/grub2/arm64-efi + archs: aarch64 + - path: boot/grub2/i386-pc + archs: x86_64 + - path: boot/grub2/powerpc-ieee1275 + archs: ppc,!board_powernv + - path: boot/grub2/s390x-emu + archs: s390 + - path: boot/grub2/x86_64-efi + archs: x86_64 + size: + auto: true + outline: + required: true + filesystems: + - btrfs + snapshots_configurable: false + auto_size: + base_min: 5 GiB + base_max: 25 GiB + max_fallback_for: + - "/var" + - mount_path: "/var" + filesystem: btrfs + mount_options: + - "x-initrd.mount" + - "nodatacow" + size: + auto: false + min: 5 GiB + outline: + required: false + filesystems: + - btrfs diff --git a/service/lib/agama/product_reader.rb b/service/lib/agama/product_reader.rb index 0d8d4087e9..6f07cab05b 100644 --- a/service/lib/agama/product_reader.rb +++ b/service/lib/agama/product_reader.rb @@ -47,7 +47,8 @@ def load_products glob = File.join(default_path, "*.{yaml,yml}") Dir.glob(glob).each_with_object([]) do |path, result| # support also single product file - products = Array(load_file(path)) + products = load_file(path) + products = [products] unless products.is_a?(Array) result.concat(products) end end