extensions: adapt for new rpm-ostree support

With coreos/rpm-ostree#2439 and coreos/coreos-assembler#2028, support for extensions is now more robust. The extensions.yaml file is now fed directly to rpm-ostree. We just need to do some minor tweaks: - drop listing usbguard deps, rpm-ostree fetches them automatically - split the devel bits into two extensions: one is an OS extension which contains the devel and headers packages, and the other is a development extension containing kernel packages already in the base (marking it as a development extension will signal the MCO that it's not intended to be directly layered on the host) - use `match-base-evr: kernel` on those to enforce that the kernel development packages have the same EVR as the base kernel package in the OSTree The `cosa upload-oscontainer` command now also supports `oscontainer.yaml` specifying "important" packages whose EVRA are included directly as a label on the resulting image.
jlebon · Feb 22, 2021 · 192494f · 192494f
1 parent 3b8f9ff
commit 192494f
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 6 deletions.
diff --git a/extensions.yaml b/extensions.yaml
@@ -1,26 +1,35 @@
 # RPMs as operating system extensions, distinct from the base ostree commit/image
 # https://github.com/openshift/enhancements/blob/master/enhancements/rhcos/extensions.md
 # and https://github.com/coreos/fedora-coreos-tracker/issues/401
-# We currently explicitly list dependencies for each extension; see
-# https://github.com/coreos/rpm-ostree/issues/2055
+
+repos:
+  - rhel-8-nfv
 
 extensions:
   # https://github.com/coreos/fedora-coreos-tracker/issues/326
   usbguard:
     packages:
       - usbguard
-      - libqb
-      - protobuf
-  # kernel-devel
   # https://github.com/kmods-via-containers/kmods-via-containers/issues/3
   # https://gitlab.cee.redhat.com/coreos/redhat-coreos/merge_requests/866
+  # These are currently overlaid onto the host so that they can be bind-mounted
+  # into build containers... in the future they should be a `development`
+  # extension: https://github.com/openshift/machine-config-operator/pull/2143.
   kernel-devel:
     packages:
       - kernel-devel
-      - kernel-core
       - kernel-headers
+    match-base-evr: kernel
+  # These are already in the base, so they're not OS extensions, but they're
+  # useful to have in RPM form to install in kmod build containers.
+  kernel:
+    kind: development
+    packages:
+      - kernel
+      - kernel-core
       - kernel-modules
       - kernel-modules-extra
+    match-base-evr: kernel
   # GRPA-2822
   # https://github.com/openshift/machine-config-operator/pull/1330
   # https://github.com/openshift/enhancements/blob/master/enhancements/support-for-realtime-kernel.md

diff --git a/oscontainer.yaml b/oscontainer.yaml
@@ -1,2 +1,9 @@
 # Configuration for oscontainer uploads; this is the base image.
 base: registry.access.redhat.com/ubi8/ubi:latest
+# These are the packages whose NEVRAs are included as labels on the image.
+labeled-packages:
+  - kernel kernel-rt-core
+  - ostree rpm-ostree
+  - ignition
+  - systemd
+  - runc