From 0109948f06c3b7d850ffc6089dda6a707f09efab Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Sat, 8 Nov 2025 10:31:55 -0600 Subject: [PATCH] feat: add arm64 / multi-arch builds (#310) --- .github/workflows/build-stable.yml | 1 + .github/workflows/build-testing.yml | 1 + .github/workflows/reusable-build.yml | 287 +++++++++++++++++++++------ ucore/install-ucore-minimal.sh | 5 + ucore/install-ucore.sh | 8 +- ucore/packages.json | 133 ++++++------- ucore/packages.sh | 4 +- 7 files changed, 304 insertions(+), 135 deletions(-) diff --git a/.github/workflows/build-stable.yml b/.github/workflows/build-stable.yml index a9816a4..dcf863f 100644 --- a/.github/workflows/build-stable.yml +++ b/.github/workflows/build-stable.yml @@ -16,3 +16,4 @@ jobs: secrets: inherit with: coreos_version: stable + arch: "['aarch64','x86_64']" diff --git a/.github/workflows/build-testing.yml b/.github/workflows/build-testing.yml index ed68188..9e79837 100644 --- a/.github/workflows/build-testing.yml +++ b/.github/workflows/build-testing.yml @@ -16,3 +16,4 @@ jobs: secrets: inherit with: coreos_version: testing + arch: "['aarch64','x86_64']" diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index a0d9d32..fa702c1 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -6,6 +6,12 @@ on: description: "The CoreOS stream: stable or testing" required: true type: string + arch: + description: "JSON string of architectures to build, '[aarch64, x86_64]'" + default: "['x86_64']" + required: false + type: string + env: IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} @@ -15,11 +21,17 @@ concurrency: jobs: workflow_info: - name: Get Workflow Info - runs-on: ubuntu-24.04 + name: Workflow Info + runs-on: ubuntu-latest + permissions: + contents: read outputs: + date: ${{ steps.date.outputs.date }} pr_prefix: ${{ steps.pr_prefix.outputs.pr_prefix }} steps: + - name: Get current date + id: date + run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - name: Set PR Prefix id: pr_prefix shell: bash @@ -32,15 +44,18 @@ jobs: echo "pr_prefix=${PR_PREFIX}" >> $GITHUB_OUTPUT - name: Echo outputs run: | + echo "${{ toJSON(steps.date.outputs) }}" echo "${{ toJSON(steps.pr_prefix.outputs) }}" stream_info: - name: Get Stream Info - runs-on: ubuntu-24.04 - outputs: - fedora: ${{ fromJSON(steps.fetch.outputs.outputs).fedora}} - image: ${{ fromJSON(steps.fetch.outputs.outputs).image}} - kernel: ${{ fromJSON(steps.fetch.outputs.outputs).kernel}} + name: "Stream Info: ${{ matrix.arch }}" + runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-24.04' || matrix.arch == 'aarch64' && 'ubuntu-24.04-arm' }} + permissions: + actions: write + strategy: + fail-fast: false + matrix: + arch: ${{ fromJson(inputs.arch) }} steps: - name: Fetch CoreOS stream versions id: fetch @@ -55,54 +70,56 @@ jobs: image=$(jq -r '.["Labels"]["org.opencontainers.image.version"]' inspect.json) if [ -z "$image" ] || [ "null" = "$image" ]; then - echo "inspected image version must not be empty or null" - exit 1 + echo "inspected image version must not be empty or null" >&2 + exit 1 fi if [[ "${image}" =~ "42.20250410.3" ]]; then - echo "WARNING: Overriding known problematic release. Downgrading from 42.20250410.3.* to 41.20250331.3.0" - image="41.20250331.3.0" + echo "WARNING: Overriding known problematic release. Downgrading from 42.20250410.3.* to 41.20250331.3.0" >&2 + image="41.20250331.3.0" fi fedora=$(echo "$image" | cut -f1 -d.) if [ -z "$fedora" ] || [ "null" = "$fedora" ]; then - echo "fedora version must not be empty or null" - exit 1 + echo "fedora version must not be empty or null" >&2 + exit 1 fi kernel=$(skopeo inspect docker://ghcr.io/ublue-os/akmods:coreos-${{ inputs.coreos_version }}-${fedora} | jq -r '.["Labels"]["ostree.linux"]') if [ -z "$kernel" ] || [ "null" = "$kernel" ]; then - echo "inspected linux (kernel) version must not be empty or null" - exit 1 + echo "inspected linux (kernel) version must not be empty or null" >&2 + exit 1 fi + echo "FEDORA_VERSION=${fedora}" > stream-info.env + echo "IMAGE_VERSION=${image}" >> stream-info.env + echo "KERNEL_VERSION=${kernel}" >> stream-info.env - echo "kernel=$kernel" >> $GITHUB_OUTPUT - echo "image=$image" >> $GITHUB_OUTPUT - echo "fedora=$fedora" >> $GITHUB_OUTPUT - - name: Echo outputs - run: | - echo "${{ steps.fetch.outputs.outputs }}" + cat stream-info.env + - name: Upload stream info as artifact + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: stream-info-${{ matrix.arch }} + path: | + stream-info.env + retention-days: 7 - build_ucore: - name: ucore - runs-on: ubuntu-24.04 - if: always() && !cancelled() + build_image: + name: "Build: ucore${{ matrix.image_suffix }}${{ matrix.nvidia_tag }}: ${{ matrix.arch }}" + if: needs.workflow_info.result == 'success' && needs.stream_info.result == 'success' && !cancelled() needs: [workflow_info, stream_info] + runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-24.04' || matrix.arch == 'aarch64' && 'ubuntu-24.04-arm' }} permissions: + actions: write contents: read packages: write - id-token: write env: - FEDORA_VERSION: ${{ needs.stream_info.outputs.fedora}} - IMAGE_VERSION: ${{ needs.stream_info.outputs.image}} KERNEL_FLAVOR: coreos-${{ inputs.coreos_version }} - KERNEL_VERSION: ${{ needs.stream_info.outputs.kernel}} PR_PREFIX: ${{ needs.workflow_info.outputs.pr_prefix }} - strategy: fail-fast: false matrix: + arch: ${{ fromJson(inputs.arch) }} image_suffix: - "-minimal" - "" @@ -117,21 +134,23 @@ jobs: description: An OCI image of Fedora CoreOS with a few extra tools, hardware support, and storage utilities - image_suffix: "-hci" description: A hyper-converged infrastructure OCI image of Fedora CoreOS (storage + hypervisor) - steps: - # Checkout push-to-registry action GitHub repository - - name: Checkout Push to Registry action + - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - # sent env variables which depend on the matrix - - name: Matrix variables + - name: Download stream info artifact + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5 + with: + name: stream-info-${{ matrix.arch }} + path: . + + - name: Set matrix environment variables shell: bash run: | set -x - IMAGE_NAME=ucore${{ matrix.image_suffix }} - echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV + echo "IMAGE_NAME=ucore${{ matrix.image_suffix }}" >> $GITHUB_ENV echo "TAG_VERSION=${{ inputs.coreos_version }}${{ matrix.nvidia_tag }}" >> $GITHUB_ENV - echo "TIMESTAMP=$(date +%Y%m%d)" >> $GITHUB_ENV + cat stream-info.env >> $GITHUB_ENV - name: Pull base and kmod images uses: Wandalen/wretry.action@e68c23e6309f2871ca8ae4763e7629b9c258e1ea # v3.8.0 @@ -148,31 +167,30 @@ jobs: podman pull ${{ env.IMAGE_REGISTRY }}/config:latest - name: Verify versions (image, kernel, zfs) - shell: bash run: | set -x if [ -z "${{ env.FEDORA_VERSION }}" ] || [ "null" = "${{ env.FEDORA_VERSION }}" ]; then - echo "env.FEDORA_VERSION must not be empty or null" + echo "env.FEDORA_VERSION must not be empty or null" >&2 exit 1 fi if [ -z "${{ env.IMAGE_VERSION }}" ] || [ "null" = "${{ env.IMAGE_VERSION }}" ]; then - echo "env.IMAGE_VERSION must not be empty or null" + echo "env.IMAGE_VERSION must not be empty or null" >&2 exit 1 fi if [ -z "${{ env.KERNEL_VERSION }}" ] || [ "null" = "${{ env.KERNEL_VERSION }}" ]; then - echo "env.KERNEL_VERSION must not be empty or null" + echo "env.KERNEL_VERSION must not be empty or null" >&2 exit 1 fi podman inspect ${{ env.IMAGE_REGISTRY }}/akmods:${{ env.KERNEL_FLAVOR }}-${{ env.FEDORA_VERSION }} > inspect.json kernel=$(jq -r '.[]["Config"]["Labels"]["ostree.linux"]' inspect.json) if [[ "${{ env.KERNEL_VERSION }}" != "$kernel"* ]]; then - echo "pulled akmods image kernel ($kernel) does not match expected kernel (${{ env.KERNEL_VERSION }})" + echo "pulled akmods image kernel ($kernel) does not match expected kernel (${{ env.KERNEL_VERSION }})" >&2 exit 1 fi podman inspect ${{ env.IMAGE_REGISTRY }}/akmods-zfs:${{ env.KERNEL_FLAVOR }}-${{ env.FEDORA_VERSION }} > inspect.json kernel=$(jq -r '.[]["Config"]["Labels"]["ostree.linux"]' inspect.json) if [[ "${{ env.KERNEL_VERSION }}" != "$kernel"* ]]; then - echo "pulled akmods-zfs image kernel ($kernel) does not match expected kernel (${{ env.KERNEL_VERSION }})" + echo "pulled akmods-zfs image kernel ($kernel) does not match expected kernel (${{ env.KERNEL_VERSION }})" >&2 exit 1 fi @@ -188,7 +206,6 @@ jobs: exit 1 fi - # Build metadata - name: Image Metadata uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5 id: meta @@ -200,13 +217,9 @@ jobs: org.opencontainers.image.title=${{ env.IMAGE_NAME }} org.opencontainers.image.version=${{ env.IMAGE_VERSION }} tags: | - type=sha,format=short,suffix=-${{ env.TAG_VERSION }} - type=ref,event=pr,suffix=-${{ env.TAG_VERSION }} - type=raw,value=${{ env.TAG_VERSION }}-${{ env.TIMESTAMP }},priority=750,enable=${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && startsWith(github.ref, 'refs/heads/main') }} - type=raw,value=${{ env.TAG_VERSION }},priority=350,enable=${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && startsWith(github.ref, 'refs/heads/main') }} - type=raw,value=${{ env.TAG_VERSION }}-zfs-${{ env.TIMESTAMP }},priority=700,enable=${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && startsWith(github.ref, 'refs/heads/main') }} - type=raw,value=${{ env.TAG_VERSION }}-zfs,priority=300,enable=${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && startsWith(github.ref, 'refs/heads/main') }} - type=raw,value=latest,enable=${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && startsWith(github.ref, 'refs/heads/main') && env.TAG_VERSION == 'stable' }} + # multi-arch build must have only the single tag here + # other tags are added to manifest later + type=sha,format=short,suffix=-${{ env.TAG_VERSION }}-${{ matrix.arch }} - name: Single Line (convert newlines to spaces) id: single-line @@ -216,7 +229,6 @@ jobs: tags_space=$(printf '%s' "$tags" | tr '\n' ' ' | xargs) echo "tags=${tags_space}" >> $GITHUB_OUTPUT - # Build image using Buildah action - name: Build Image id: build_image uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2 @@ -260,8 +272,7 @@ jobs: sbverify --cert kernel-sign.crt vmlinuz || exit 1 sbverify --cert akmods.crt vmlinuz || exit 1 - # Push the image to GHCR (Image Registry) - - name: Push To GHCR + - name: Push Image to Registry uses: Wandalen/wretry.action@e68c23e6309f2871ca8ae4763e7629b9c258e1ea # v3.8.0 id: push if: github.event_name != 'pull_request' @@ -281,10 +292,149 @@ jobs: extra-args: | --disable-content-trust - - name: Echo push outputs + - name: Save image metadata if: github.event_name != 'pull_request' run: | - echo "${{ toJSON(steps.push.outputs) }}" + set -x + echo "IMAGE_ARCH=${{ matrix.arch }}" >> image.env + echo "IMAGE_DIGEST=${{ fromJSON(steps.push.outputs.outputs).digest }}" >> image.env + echo "IMAGE_REF=${{ fromJSON(steps.push.outputs.outputs).registry-path }}" >> image.env + echo "${{ steps.meta.outputs.labels }}" > labels.txt + + - name: Upload image metadata as artifact + if: github.event_name != 'pull_request' + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: image${{ matrix.image_suffix }}${{ matrix.nvidia_tag }}-${{ matrix.arch }} + path: | + image.env + labels.txt + retention-days: 7 + + push_and_sign: + name: "Push and sign: ucore${{ matrix.image_suffix }}${{ matrix.nvidia_tag }}" + runs-on: ubuntu-24.04 + if: needs.build_image.result == 'success' && !cancelled() && github.event_name != 'pull_request' + needs: [workflow_info, build_image] + permissions: + actions: read + contents: read + packages: write + strategy: + fail-fast: false + matrix: + image_suffix: + - "-minimal" + - "" + - "-hci" + nvidia_tag: + - "-nvidia" + - "" + steps: + - name: Set matrix environment variables + shell: bash + run: | + set -x + echo "IMAGE_NAME=ucore${{ matrix.image_suffix }}" >> $GITHUB_ENV + echo "TAG_VERSION=${{ inputs.coreos_version }}${{ matrix.nvidia_tag }}" >> $GITHUB_ENV + + - name: Download image artifacts + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5 + with: + pattern: image${{ matrix.image_suffix }}${{ matrix.nvidia_tag }}-* + path: images + + - name: Manifest Meta Tags + uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5 + id: meta + with: + tags: | + type=sha,format=short,suffix=-${{ env.TAG_VERSION }} + type=ref,event=pr,suffix=-${{ env.TAG_VERSION }} + type=raw,value=${{ env.TAG_VERSION }}-${{ needs.workflow_info.outputs.date }},priority=750,enable=${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && startsWith(github.ref, 'refs/heads/main') }} + type=raw,value=${{ env.TAG_VERSION }},priority=350,enable=${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && startsWith(github.ref, 'refs/heads/main') }} + type=raw,value=${{ env.TAG_VERSION }}-zfs-${{ needs.workflow_info.outputs.date }},priority=700,enable=${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && startsWith(github.ref, 'refs/heads/main') }} + type=raw,value=${{ env.TAG_VERSION }}-zfs,priority=300,enable=${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && startsWith(github.ref, 'refs/heads/main') }} + type=raw,value=latest,enable=${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && startsWith(github.ref, 'refs/heads/main') && env.TAG_VERSION == 'stable' }} + + - name: Single Line (convert newlines to spaces) + id: single-line + run: | + # redhat/push-to-registry does NOT like multi-line tags + tags="${{ steps.meta.outputs.tags }}" + tags_space=$(printf '%s' "$tags" | tr '\n' ' ' | xargs) + echo "tags=${tags_space}" >> $GITHUB_OUTPUT + + - name: Update Buildah + run: | + set -euo pipefail + + case "$(uname -m)" in + x86_64) IMAGE_ARCH='amd64' ;; + aarch64) IMAGE_ARCH='arm64' ;; + *) printf "Invalid architecture" >&2; exit 1 ;; + esac + + echo "Installing up to date buildah for $IMAGE_ARCH" + curl -fsSL https://github.com/bsherman/buildah-static/releases/latest/download/buildah-${IMAGE_ARCH:?}.tar.gz \ + | tar -xzf - -C /usr/local/bin/ + + # Workaround issues between custom buildah installation and apparmor + sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 + + - name: Create multi-arch manifest + shell: bash + run: | + set -xeuo pipefail + + # Collect image references from all arches in artifacts + IMAGE_REFS=() + for IMAGE_ENV in $(find images -type f -path "images/image${{ matrix.image_suffix }}*/image.env"); do + source "$IMAGE_ENV" # provides IMAGE_REF and IMAGE_ARCH + IMAGE_REFS+=("$IMAGE_REF") + echo "Importing ${IMAGE_REF:?} for architecture ${IMAGE_ARCH:?}" + buildah pull --arch="${IMAGE_ARCH:?}" "${IMAGE_REF:?}" + done + + echo + echo "Creating manifest for $IMAGE_NAME" + # Pick labels.txt from any of the arches in artifacts (identical for all images in each variant) + LABELS_FILE=$(find images -type f -path "images/image${{ matrix.image_suffix }}*/labels.txt" | head -n1) + buildah manifest create --annotation="$( + cat $LABELS_FILE | \ + head -c -1 | sed -e 's/, \{0,1\}/ /g' | tr '\n' ',' + )" "${IMAGE_NAME:?}" + + for IMAGE_REF in "${IMAGE_REFS[@]}"; do + echo "Adding ${IMAGE_REF:?} to manifest" + buildah manifest add "${IMAGE_NAME:?}" "$IMAGE_REF" + done + + MANIFEST_TAGS='${{ steps.meta.outputs.tags }}' + while IFS= read -r TAG; do + buildah tag "${IMAGE_NAME:?}" "${IMAGE_NAME:?}:${TAG:?}" + done <<< "$MANIFEST_TAGS" + + echo + echo 'Final manifest contents:' + buildah manifest inspect "${IMAGE_NAME:?}" + echo + echo 'Podman image state:' + podman images + + - name: Push Manifest to GHCR + uses: Wandalen/wretry.action@e68c23e6309f2871ca8ae4763e7629b9c258e1ea # v3.8.0 + id: push + with: + action: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2 + attempt_limit: 3 + attempt_delay: 15000 + with: | + image: ${{ env.IMAGE_NAME }} + tags: ${{ steps.single-line.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ github.actor }} + password: ${{ github.token }} - name: Login to GitHub Container Registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 @@ -296,24 +446,31 @@ jobs: # Sign container - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + if: github.event_name != 'pull_request' with: cosign-release: "v2.6.1" - if: github.event_name != 'pull_request' - - name: Sign container image if: github.event_name != 'pull_request' run: | - cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image.outputs.image }}@${TAGS} + cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY_PATH }}@${{ env.DIGEST }} env: - TAGS: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }} + REGISTRY_PATH: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).registry-path }} + DIGEST: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }} COSIGN_EXPERIMENTAL: false COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} check: name: Check all successful runs-on: ubuntu-latest - needs: [build_ucore] + needs: [push_and_sign] + permissions: {} steps: - name: Exit - shell: bash - run: exit 0 + env: + RESULT: ${{ needs.push_and_sign.result }} + run: | + if [[ "$RESULT" == "success" || "$RESULT" == "skipped" ]]; then + exit 0 + else + exit 1 + fi diff --git a/ucore/install-ucore-minimal.sh b/ucore/install-ucore-minimal.sh index a0dab55..5cd2fa8 100755 --- a/ucore/install-ucore-minimal.sh +++ b/ucore/install-ucore-minimal.sh @@ -79,6 +79,11 @@ if [[ "-nvidia" == "${NVIDIA_TAG}" ]]; then nvidia-container-toolkit fi +## CONDITIONAL: install packages specific to x86_64 +if [[ "x86_64" == "${ARCH}" ]]; then + dnf -y install intel-compute-runtime +fi + ## ALWAYS: install regular packages # add tailscale repo diff --git a/ucore/install-ucore.sh b/ucore/install-ucore.sh index 399c868..be2bdc7 100755 --- a/ucore/install-ucore.sh +++ b/ucore/install-ucore.sh @@ -2,6 +2,7 @@ set -ouex pipefail +ARCH="$(rpm -E %_arch)" RELEASE="$(rpm -E %fedora)" # install packages.json stuffs @@ -28,7 +29,12 @@ chmod +x /tmp/cockpit-zfs-manager-font-fix.sh rm -rf /tmp/cockpit-zfs-manager* # install packages direct from github -/ctx/github-release-install.sh trapexit/mergerfs "fc${RELEASE}.x86_64" +if [[ "${RELEASE}" -ge "43" ]]; then + /ctx/github-release-install.sh trapexit/mergerfs "fc${RELEASE}.${ARCH}" +elif [[ "${ARCH}" == "x86_64" ]]; then + # before F43, mergerfs only available for x86_64 + /ctx/github-release-install.sh trapexit/mergerfs "fc${RELEASE}.x86_64" +fi # tweak os-release sed -i '/^PRETTY_NAME/s/(uCore.*$/(uCore)"/' /usr/lib/os-release diff --git a/ucore/packages.json b/ucore/packages.json index a5a36d9..541f0e5 100644 --- a/ucore/packages.json +++ b/ucore/packages.json @@ -1,71 +1,68 @@ { - "all": { - "include": { - "all": [], - "ucore-minimal": [ - "bootc", - "cockpit-networkmanager", - "cockpit-podman", - "cockpit-selinux", - "cockpit-system", - "docker-buildx", - "docker-compose", - "firewalld", - "fwupd-efi", - "intel-compute-runtime", - "open-vm-tools", - "podman", - "podman-compose", - "pv", - "qemu-guest-agent", - "tailscale", - "tmux", - "wireguard-tools" - ], - "ucore": [ - "NetworkManager-wifi", - "atheros-firmware", - "brcmfmac-firmware", - "cockpit-storaged", - "distrobox", - "duperemove", - "hdparm", - "iwlegacy-firmware", - "iwlwifi-dvm-firmware", - "iwlwifi-mvm-firmware", - "man-db", - "mt7xxx-firmware", - "nfs-utils", - "nxpwireless-firmware", - "pciutils", - "pcp-zeroconf", - "rclone", - "realtek-firmware", - "samba", - "samba-usershares", - "sanoid", - "smartctl", - "snapraid", - "tiwilink-firmware", - "usbutils", - "xdg-dbus-proxy", - "xdg-user-dirs" - ], - "ucore-hci": [ - "cockpit-machines", - "libvirt-client", - "libvirt-daemon-kvm", - "ublue-os-libvirt-workarounds", - "virt-install" - ] - }, - "exclude": { - "all": [], - "ucore-minimal": [], - "ucore": [ - "nfs-utils-coreos" - ], - "ucore-hci": [] - } + "all": { + "include": { + "all": [], + "ucore-minimal": [ + "bootc", + "cockpit-networkmanager", + "cockpit-podman", + "cockpit-selinux", + "cockpit-system", + "docker-buildx", + "docker-compose", + "firewalld", + "fwupd-efi", + "open-vm-tools", + "podman", + "podman-compose", + "pv", + "qemu-guest-agent", + "tailscale", + "tmux", + "wireguard-tools" + ], + "ucore": [ + "NetworkManager-wifi", + "atheros-firmware", + "brcmfmac-firmware", + "cockpit-storaged", + "distrobox", + "duperemove", + "hdparm", + "iwlegacy-firmware", + "iwlwifi-dvm-firmware", + "iwlwifi-mvm-firmware", + "man-db", + "mt7xxx-firmware", + "nfs-utils", + "nxpwireless-firmware", + "pciutils", + "pcp-zeroconf", + "rclone", + "realtek-firmware", + "samba", + "samba-usershares", + "sanoid", + "smartctl", + "snapraid", + "tiwilink-firmware", + "usbutils", + "xdg-dbus-proxy", + "xdg-user-dirs" + ], + "ucore-hci": [ + "cockpit-machines", + "libvirt-client", + "libvirt-daemon-kvm", + "ublue-os-libvirt-workarounds", + "virt-install" + ] + }, + "exclude": { + "all": [], + "ucore-minimal": [], + "ucore": ["nfs-utils-coreos"], + "ucore-hci": [] } + } } diff --git a/ucore/packages.sh b/ucore/packages.sh index 008e696..30e2b32 100755 --- a/ucore/packages.sh +++ b/ucore/packages.sh @@ -1,5 +1,7 @@ #!/bin/sh - +# +# Packages installed via packages.json must be available on all architectures. +# set -ouex pipefail RELEASE="$(rpm -E %fedora)"