oscontainer: add com.coreos.rpm.* labels

These labels allow one to query the RPM version of a subset of packages without having to download them. See also: openshift/os#409 (comment)
coreos · Feb 23, 2021 · 32b6983 · 32b6983
1 parent db45f55
commit 32b6983
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 4 deletions.
diff --git a/src/cmd-upload-oscontainer b/src/cmd-upload-oscontainer
@@ -108,6 +108,9 @@ cosa_argv.extend(['/usr/lib/coreos-assembler/oscontainer.py', '--workdir=./tmp',
 for d in args.add_directory:
     cosa_argv.append(f"--add-directory={d}")
 cosa_argv.append(f"--display-name={display_name}")
+if 'labeled-packages' in configyaml:
+    pkgs = ' '.join(configyaml['labeled-packages'])
+    cosa_argv.append(f"--labeled-packages={pkgs}")
 subprocess.check_call(cosa_argv +
     [f'--digestfile={digestfile}',
         '--push', tmprepo,

diff --git a/src/oscontainer.py b/src/oscontainer.py
@@ -97,7 +97,7 @@ def oscontainer_extract(containers_storage, tmpdir, src, dest,
 def oscontainer_build(containers_storage, tmpdir, src, ref, image_name_and_tag,
                       base_image, push=False, tls_verify=True,
                       add_directories=[], cert_dir="", authfile="", digestfile=None,
-                      display_name=None):
+                      display_name=None, labeled_pkgs=[]):
     r = OSTree.Repo.new(Gio.File.new_for_path(src))
     r.open(None)
 
@@ -159,11 +159,16 @@ def oscontainer_build(containers_storage, tmpdir, src, ref, image_name_and_tag,
         if ostree_version is not None:
             config += ['-l', 'version=' + ostree_version]
 
+        base_pkgs = RpmOstree.db_query_all(r, rev, None)
+        for pkg in base_pkgs:
+            name = pkg.get_name()
+            if name in labeled_pkgs:
+                config += ['-l', f"com.coreos.rpm.{name}={pkg.get_evr()}.{pkg.get_arch()}"]
+
         # Generate pkglist.txt in to the oscontainer at /
         pkg_list_dest = os.path.join(mnt, 'pkglist.txt')
-        pkgs = RpmOstree.db_query_all(r, rev, None)
         # should already be sorted, but just re-sort to be sure
-        nevras = sorted([pkg.get_nevra() for pkg in pkgs])
+        nevras = sorted([pkg.get_nevra() for pkg in base_pkgs])
         with open(pkg_list_dest, 'w') as f:
             for nevra in nevras:
                 f.write(nevra)
@@ -200,6 +205,11 @@ def oscontainer_build(containers_storage, tmpdir, src, ref, image_name_and_tag,
                                          if obj.get('kind', 'os-extension') == 'os-extension'])
             config += ['-l', f"com.coreos.os-extensions={extensions_label}"]
 
+            for pkgname in meta['extensions']['manifest']:
+                if pkgname in labeled_pkgs:
+                    evra = meta['extensions']['manifest'][pkgname]
+                    config += ['-l', f"com.coreos.rpm.{pkgname}={evra}"]
+
         if display_name is not None:
             config += ['-l', 'io.openshift.build.version-display-names=machine-os=' + display_name,
                        '-l', 'io.openshift.build.versions=machine-os=' + ostree_version]
@@ -266,6 +276,7 @@ def main():
     parser_build.add_argument("--display-name", help="Name used for an OpenShift component")
     parser_build.add_argument("--add-directory", help="Copy in all content from referenced directory DIR",
                               metavar='DIR', action='append', default=[])
+    parser_build.add_argument("--labeled-packages", help="Packages whose NEVRAs are included as labels on the image")
     parser_build.add_argument(
         "--digestfile",
         help="Write image digest to file",
@@ -277,6 +288,10 @@ def main():
         action='store_true')
     args = parser.parse_args()
 
+    labeled_pkgs = []
+    if args.labeled_packages is not None:
+        labeled_pkgs = args.labeled_packages.split()
+
     containers_storage = None
     tmpdir = None
     if args.workdir is not None:
@@ -306,7 +321,8 @@ def main():
                 push=args.push,
                 tls_verify=not args.disable_tls_verify,
                 cert_dir=args.cert_dir,
-                authfile=args.authfile)
+                authfile=args.authfile,
+                labeled_pkgs=labeled_pkgs)
     finally:
         if containers_storage is not None and os.path.isdir(containers_storage):
             shutil.rmtree(containers_storage)