| Summary: | make stages compatible with machinectl/nspawn | ||
|---|---|---|---|
| Product: | Gentoo Release Media | Reporter: | Georgy Yakovlev <gyakovlev> |
| Component: | Stages | Assignee: | Gentoo Release Team <releng> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | bertrand, dilfridge, flow |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 787194 | ||
| Bug Blocks: | |||
|
Description
Georgy Yakovlev
2021-11-04 03:22:18 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/catalyst.git/commit/?id=7457cd3b1a5f3ed4a566bbf23e36c939af06967c commit 7457cd3b1a5f3ed4a566bbf23e36c939af06967c Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2021-11-05 02:14:00 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2021-11-25 02:43:21 +0000 catalyst: generate .sha256 file if any digest is enabled checksum format is simple one, identical to one sha256sum from coreutils produces, lines starting with # are ignored. example:[1] # SHA256 HASH xxxx..... stage3-....tar.xz systemd upstream calls it suse-style .sha256 files.[0] infra already supports inline signing of files. Bug: https://bugs.gentoo.org/821568 [0] https://github.com/systemd/systemd/blob/aedec452b9e5dd197881f2164fb205dfe8bfdcec/src/import/pull-common.c#L236 [1] https://mirrors.edge.kernel.org/opensuse/distribution/leap/15.0/iso/openSUSE-Leap-15.0-DVD-x86_64.iso.sha256 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> catalyst/base/genbase.py | 3 +++ doc/catalyst-config.5.txt | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) > Currently there are 1 major and 2 minor problems that prevent using stages > directly in machinectl. > > 1. https://bugs.gentoo.org/787194 > https://github.com/systemd/systemd/issues/16605 > since our stages are pixz compressed and it adds an index - it confuses > machinectl, because internally it passes --ignore-zeros > > it's almost fixed. > https://github.com/dol-sen/pyDeComp/commit/ > e60dffe2043a1b963e9ba6325e32795d3aa6993c landed and we have it in 3.0-r2 > > I'm testing on ppc64le right now. This is stable now, so 1 should be done. > 2. machnectl pull-tar expects a *.sha256 file that contains a checksum, > that can be used to verify the image. > some code needs to be added to catalyst to create those files. > probably base/genbase.py, it already handles other digests. > > doc: > https://www.freedesktop.org/software/systemd/man/machinectl.html#pull- > tar%20URL%20[NAME] This is done as per comment #1. > 3. signing above sha256 files. they are expected to be ascii-armoured by > infra. > that code is in > https://gitweb.gentoo.org/infra/mastermirror-scripts.git/tree/sign- > autobuilds.sh > and it already contains logic for inline signing, so should be easy to > plug. > > 4. machinectl also looks for .nspawn file matching image name, this file is > optional but can be used to provide some initial configuration, like maybe > bind-mounting distfiles from host. > doc: https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html Still need to be done. Should be easy enough though. All done, at least for the hosts running git-master catalyst. The rest will eventually follow. I'm going to reopen this as it seems this has not make it into a catalyst release, and thus machinectl cannot be used in this way yet for Gentoo. (In reply to John Helmert III from comment #4) > I'm going to reopen this as it seems this has not make it into a catalyst > release, and thus machinectl cannot be used in this way yet for Gentoo. In catalyst-3.0.22 |
