Since the fedora-coreos images built here specifically are built with
our custom kmod builds of nvidia and zfs, the public signing key should
be provided to provide those users the ability to easily import the key
as a MOK should they wish to run SecureBoot
This should allow faster overall builds of ucore and ucore-hci by building in parallel, and removes the need to publish ucore to GHCR even for PRs just to allow ucore-hci to build successfully.
Convert to a reusable workflow such that stable and testing builds can happen on separate schedules and so that stable builds are all that gate merge success, allowing testing to be more unstable.
I intentionally stopped publishing a `:latest` tag back on April 1st. It
was not intended to be an April Fool's joke, but rather a cleanup to
best practices of not using that tag. However, the old images did not
expire, so the old `:latest` continues to exist, confusing both users
and our website's image discovery code.
I suppose it turned out to be a long lived April Fool's joke after all!
This resumes the publishing of the tag, ensuring it matches the `:stable`
tag, and only on the `ucore` image. There will be no `:latest` for nvidia,
zfs or testing images, nor `fedora-coreos` or `ucore-hci`.
These files should enable rpm-ostreed/container tooling to validate
signed images when using appropriate references. It will require signed
images for ghcr.io/ublue-os images.
Relates: #101
Add the new package from `ucore-kmods` which includes the signing key.
This enables a user to import the signing key as a MOK using:
sudo mokutil --import /etc/pki/akmods/certs/akmods-ublue.der
Closes#82
With zfs 2.1.x, depmod ran automatically. Though unclear why, it no longer
seems to occur when installing zfs 2.2.x RPMs in a container build (it does
still work automatically on a non image-based Fedora system).
Manually running depmod, as in this commit, ensures the 2.2.x kmods load
as expected.
moves all system installed files to '/usr' including systemd units
use common packages.sh to install from packages.json in standard manner
incidentally fixes mergerfs not getting installed due to typo in github-release-install.sh
Had a user bring this up in Discord chat. It seemed odd to me that Atheros wifi would work out of the box but not Intel.
Including in ucore-hci for hardware enablement, but not in ucore to keep with the theme of minimal base/VM image.
Updated README with better definitions:
ucore is more minimal for VM or BareMetal container host
ucore-hci is for hypervisor or storage host
As a result made a few changes:
moved a few storage packages to ucore-hci (duperemove, mergerfs)
only install sanoid deps when installing ZFS
In addition to removing the ZFS RPM build from this repo to consume ZFS RPMs from `ucore-kmods` image, this PR starts building a stock `fedora-coreos` image with only ZFS added.
