coreos · dustymabe · Feb 6, 2024 · Feb 6, 2024 · Feb 6, 2024 · Feb 6, 2024
diff --git a/build.sh b/build.sh
@@ -176,7 +176,8 @@ patch_osbuild() {
     mv /usr/bin/osbuild-mpp /usr/lib/osbuild/tools/
 
     # Now all the software is under the /usr/lib/osbuild dir and we can patch
-    cat /usr/lib/coreos-assembler/0001-mounts-ostree.deployment-rework-unmounting.patch           \
+    cat /usr/lib/coreos-assembler/0001-stages-ostree.config-support-setting-sysroot.bootpre.patch \
+        /usr/lib/coreos-assembler/0001-mounts-ostree.deployment-rework-unmounting.patch           \
         /usr/lib/coreos-assembler/0002-mounts-ostree.deployment-rename-var-root-deploy_root.patch \
         /usr/lib/coreos-assembler/0003-mounts-ostree.deployment-use-target-instead-of-tree.patch  \
         /usr/lib/coreos-assembler/0004-mounts-ostree.deployment-support-deployments-on-moun.patch \
@@ -187,7 +188,6 @@ patch_osbuild() {
         /usr/lib/coreos-assembler/0004-fscache-add-eviction-log-statement.patch                   \
         /usr/lib/coreos-assembler/0001-support-user-defined-partition-numbers-for-GPT-disks.patch \
         /usr/lib/coreos-assembler/0002-stages-sgdisk-support-label-option.patch                   \
-        /usr/lib/coreos-assembler/0001-stages-zipl.inst-improve-kernel-initrd-path-resoluti.patch \
         /usr/lib/coreos-assembler/0002-stages-zipl.inst-support-appending-kernel-options.patch    \
         /usr/lib/coreos-assembler/0001-stages-copy-allow-copying-from-the-tree.patch              \
         /usr/lib/coreos-assembler/0001-stages-qemu-don-t-use-internal-compression-for-now.patch   \

diff --git a/src/0001-stages-ostree.config-support-setting-sysroot.bootpre.patch b/src/0001-stages-ostree.config-support-setting-sysroot.bootpre.patch
@@ -0,0 +1,41 @@
+From 612d3abd2ba05072a27142d5197645b4049561ae Mon Sep 17 00:00:00 2001
+From: Dusty Mabe <dusty@dustymabe.com>
+Date: Mon, 5 Feb 2024 23:27:59 -0500
+Subject: [PATCH] stages(ostree.config): support setting sysroot.bootprefix
+
+See https://github.com/ostreedev/ostree/pull/2705 and also
+https://github.com/osbuild/osbuild/issues/1566.
+---
+ stages/org.osbuild.ostree.config | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/stages/org.osbuild.ostree.config b/stages/org.osbuild.ostree.config
+index 7d5bb71d..5a91a8ae 100755
+--- a/stages/org.osbuild.ostree.config
++++ b/stages/org.osbuild.ostree.config
+@@ -39,6 +39,10 @@ SCHEMA = """
+             "type": "string",
+             "enum": ["none", "auto", "grub2", "syslinux", "uboot", "zipl", "aboot"]
+           },
++          "bootprefix": {
++            "description": "If set to true, the bootloader entries generated will include /boot as a prefix.",
++            "type": "boolean"
++          },
+           "readonly": {
+             "description": "Read only sysroot and boot",
+             "type": "boolean"
+@@ -63,6 +67,11 @@ def main(tree, options):
+     if bootloader:
+         ostree.cli("config", "set", "sysroot.bootloader", bootloader, repo=repo)
+
++    bootprefix = sysroot_options.get("bootprefix")
++    if bootprefix is not None:  # can be False, which we would want to set
++        bp = "true" if bootprefix else "false"
++        ostree.cli("config", "set", "sysroot.bootprefix", bp, repo=repo)
++
+     readonly = sysroot_options.get("readonly")
+     if readonly is not None:  # can be False, which we would want to set
+         ro = "true" if readonly else "false"
+-- 
+2.43.0
+
diff --git a/src/0001-stages-zipl.inst-improve-kernel-initrd-path-resoluti.patch b/src/0001-stages-zipl.inst-improve-kernel-initrd-path-resoluti.patch
diff --git a/src/cmdlib.sh b/src/cmdlib.sh
@@ -197,16 +197,15 @@ prepare_build() {
     fetch_stamp="${workdir}"/cache/fetched-stamp
 
     # We also need the platform.yaml as JSON
-    platforms="${configdir}/platforms.yaml"
-    export platforms_json="${workdir}/tmp/platforms.json"
-    yaml2json "${platforms}" "${platforms_json}"
+    platforms_yaml="${configdir}/platforms.yaml"
+    platforms_json="${tmp_builddir}/platforms.json"
+    yaml2json "${platforms_yaml}" "${platforms_json}.all"
     # Copy platforms table if it's non-empty for this arch
-    if jq -e ".$basearch" < "$platforms_json" > /dev/null; then
-        jq ".$basearch" < "$platforms_json" > "${platforms_json}.${basearch}"
-        mv "${platforms_json}.${basearch}" "$platforms_json"
+    if jq -e ".$basearch" < "$platforms_json.all" > /dev/null; then
+        jq ".$basearch" < "$platforms_json.all" > "${platforms_json}"
     fi
 
-    export image_json="${workdir}/tmp/image.json"
+    export image_json="${tmp_builddir}/image.json"
     write_image_json "${image}" "${image_json}"
     # These need to be absolute paths right now for rpm-ostree
     composejson="$(readlink -f "${workdir}"/tmp/compose.json)"
@@ -428,12 +427,15 @@ EOF
     fi
 
     # Store the fully rendered disk image config (image.json)
-    # and the platform (platforms.json) inside
+    # and the platform (platforms.json) if it exists inside
     # the ostree commit, so it can later be extracted by disk image
     # builds.
     local jsondir="${tmp_overridesdir}/jsons"
     mkdir -p "${jsondir}/usr/share/coreos-assembler/"
-    cp "${image_json}" "${platforms_json}" "${jsondir}/usr/share/coreos-assembler/"
+    cp "${image_json}" "${jsondir}/usr/share/coreos-assembler/"
+    if [ -f "${platforms_json}" ]; then
+        cp "${platforms_json}" "${jsondir}/usr/share/coreos-assembler/"
+    fi
     commit_overlay cosa-json "${jsondir}"
     layers="${layers} overlay/cosa-json"
 

diff --git a/src/coreos.osbuild.aarch64.mpp.yaml b/src/coreos.osbuild.aarch64.mpp.yaml
@@ -106,17 +106,23 @@ pipelines:
               bootloader: none
               # https://github.com/coreos/fedora-coreos-tracker/issues/1333
               bls-append-except-default: grub_users=""
+              # Opt-in to https://github.com/ostreedev/ostree/pull/2705 which will
+              # add /boot as the prefix on top of BLS config entries. This is OK
+              # because there is a symlink that is created in the root of the boot
+              # filesystem by OSTree (boot -> .) that makes it so that /boot paths
+              # will always work.
+              bootprefix: true
       - type: org.osbuild.mkdir
         options:
           paths:
             - path: /boot/efi
-              mode: 448
+              mode: 493
       # platforms.json will live here
       - type: org.osbuild.mkdir
         options:
           paths:
             - path: /boot/coreos
-              mode: 644
+              mode: 493
       - type: org.osbuild.ignition
       # Deploy via container if we have a container ociarchive, else from repo.
       - mpp-if: ociarchive != ''

diff --git a/src/coreos.osbuild.ppc64le.mpp.yaml b/src/coreos.osbuild.ppc64le.mpp.yaml
@@ -108,12 +108,18 @@ pipelines:
               bootloader: none
               # https://github.com/coreos/fedora-coreos-tracker/issues/1333
               bls-append-except-default: grub_users=""
+              # Opt-in to https://github.com/ostreedev/ostree/pull/2705 which will
+              # add /boot as the prefix on top of BLS config entries. This is OK
+              # because there is a symlink that is created in the root of the boot
+              # filesystem by OSTree (boot -> .) that makes it so that /boot paths
+              # will always work.
+              bootprefix: true
       # platforms.json will live here
       - type: org.osbuild.mkdir
         options:
           paths:
             - path: /boot/coreos
-              mode: 644
+              mode: 493
       - type: org.osbuild.ignition
       # Deploy via container if we have a container ociarchive, else from repo.
       - mpp-if: ociarchive != ''

diff --git a/src/coreos.osbuild.s390x.mpp.yaml b/src/coreos.osbuild.s390x.mpp.yaml
@@ -95,12 +95,12 @@ pipelines:
               bootloader: none
              ## no grub_users="" on s390x
              #bls-append-except-default: grub_users=""
-      # platforms.json will live here
-      - type: org.osbuild.mkdir
-        options:
-          paths:
-            - path: /boot/coreos
-              mode: 644
+              # Opt-in to https://github.com/ostreedev/ostree/pull/2705 which will
+              # add /boot as the prefix on top of BLS config entries. This is OK
+              # because there is a symlink that is created in the root of the boot
+              # filesystem by OSTree (boot -> .) that makes it so that /boot paths
+              # will always work.
+              bootprefix: true
       - type: org.osbuild.ignition
       # Deploy via container if we have a container ociarchive, else from repo.
       - mpp-if: ociarchive != ''
@@ -182,21 +182,6 @@ pipelines:
             ref: ostree/1/1/0
             osname:
               mpp-format-string: '{osname}'
-      # Copy in the platforms.json that was baked into the OSTree into /boot
-      # so tools like coreos-installer can use the information.
-      - type: org.osbuild.copy
-        options:
-          paths:
-            - from: tree:///usr/share/coreos-assembler/platforms.json
-              to: tree:///boot/coreos/platforms.json
-        mounts:
-          - name: ostree.deployment
-            type: org.osbuild.ostree.deployment
-            options:
-              deployment:
-                ref: ostree/1/1/0
-                osname:
-                  mpp-format-string: '{osname}'
   - name: raw-image
     stages:
       - type: org.osbuild.truncate

diff --git a/src/coreos.osbuild.x86_64.mpp.yaml b/src/coreos.osbuild.x86_64.mpp.yaml
@@ -108,17 +108,23 @@ pipelines:
               bootloader: none
               # https://github.com/coreos/fedora-coreos-tracker/issues/1333
               bls-append-except-default: grub_users=""
+              # Opt-in to https://github.com/ostreedev/ostree/pull/2705 which will
+              # add /boot as the prefix on top of BLS config entries. This is OK
+              # because there is a symlink that is created in the root of the boot
+              # filesystem by OSTree (boot -> .) that makes it so that /boot paths
+              # will always work.
+              bootprefix: true
       - type: org.osbuild.mkdir
         options:
           paths:
             - path: /boot/efi
-              mode: 448
+              mode: 493
       # platforms.json will live here
       - type: org.osbuild.mkdir
         options:
           paths:
             - path: /boot/coreos
-              mode: 644
+              mode: 493
       - type: org.osbuild.ignition
       # Deploy via container if we have a container ociarchive, else from repo.
       - mpp-if: ociarchive != ''

diff --git a/src/create_disk.sh b/src/create_disk.sh
@@ -316,6 +316,12 @@ ostree config --repo $rootfs/ostree/repo set sysroot.bootloader none
 # Opt-in to https://github.com/ostreedev/ostree/pull/1767 AKA
 # https://github.com/ostreedev/ostree/issues/1265
 ostree config --repo $rootfs/ostree/repo set sysroot.readonly true
+# Opt-in to https://github.com/ostreedev/ostree/pull/2705 which will
+# add /boot as the prefix on top of BLS config entries. This is OK
+# because there is a symlink that is created in the root of the boot
+# filesystem by OSTree (boot -> .) that makes it so that /boot paths
+# will always work.
+ostree config --repo $rootfs/ostree/repo set sysroot.bootprefix true
 if test -n "${composefs}"; then
     ostree config --repo $rootfs/ostree/repo set ex-integrity.composefs true
 fi