Remove CoreOS image folder

image/Makefile

@@ -1,170 +0,0 @@
-SRC_PATH                          = $(CURDIR)
-BASE_PATH                        ?= $(SRC_PATH)
-DEPENDENCIES                     ?= $(BASE_PATH)/dependencies
-COREOS_BUILD_PATH                ?= $(BASE_PATH)/build
-OVERRIDES                        ?= $(COREOS_BUILD_PATH)/overrides
-OVERRIDES_RPM                    ?= $(OVERRIDES)/rpm
-OVERRIDES_ROOTFS                 ?= $(OVERRIDES)/rootfs
-BOOTSTRAPPER_OVERRIDE_PATH       ?= $(OVERRIDES_ROOTFS)/usr/bin/bootstrapper
-KERNEL_RPM                       ?= $(OVERRIDES_RPM)/kernel.rpm
-KERNEL_CORE_RPM                  ?= $(OVERRIDES_RPM)/kernel-core.rpm
-KERNEL_MODULES_RPM               ?= $(OVERRIDES_RPM)/kernel-modules.rpm
-OVERRIDE_KERNEL                  ?= n
-KERNEL_RPM_URL                   ?= "https://kojipkgs.fedoraproject.org/packages/kernel/5.17.0/0.rc3.89.fc36/x86_64/kernel-5.17.0-0.rc3.89.fc36.x86_64.rpm"
-KERNEL_CORE_RPM_URL              ?= "https://kojipkgs.fedoraproject.org/packages/kernel/5.17.0/0.rc3.89.fc36/x86_64/kernel-core-5.17.0-0.rc3.89.fc36.x86_64.rpm"
-KERNEL_MODULES_RPM_URL           ?= "https://kojipkgs.fedoraproject.org/packages/kernel/5.17.0/0.rc3.89.fc36/x86_64/kernel-modules-5.17.0-0.rc3.89.fc36.x86_64.rpm"
-DOWNLOAD_BOOTSTRAPPER            ?= n
-BOOTSTRAPPER_BINARY              ?= $(BASE_PATH)/../build/bootstrapper
-DISK_MAPPER_BINARY               ?= $(BASE_PATH)/../build/disk-mapper
-DISK_MAPPER_OVERRIDE_PATH        ?= $(OVERRIDES_ROOTFS)/usr/sbin/disk-mapper
-IMAGES_PATH                      ?= $(BASE_PATH)/images
-CONTAINER_ENGINE                 ?= podman
-COSA_BUILDDIR                    ?= $(BASE_PATH)/../3rdparty/coreos-assembler
-COSA_ENV                         ?= $(BASE_PATH)/$(CONTAINER_ENGINE).env
-COSA_INIT_REPO                   ?= "https://github.com/edgelesssys/constellation-fedora-coreos-config"
-COSA_INIT_BRANCH                 ?= "main"
-COSA_LOCKFILE                    ?= $(BASE_PATH)/cosa.lock
-NETRC                            ?= ~/.netrc
-GCP_PROJECT                      ?= constellation-images
-GCP_BUCKET                       ?= constellation-images
-GCP_IMAGE_FAMILY                 ?= constellation
-GCP_IMAGE_NAME                   ?= constellation-coreos
-GCP_IMAGE_FILENAME               ?= $(GCP_IMAGE_NAME)_gcp.tar.gz
-GCP_IMAGE_PATH                   ?= $(IMAGES_PATH)/$(GCP_IMAGE_FILENAME)
-GCP_REGION                       ?= europe-west3
-AZURE_IMAGE_NAME                 ?= constellation-coreos
-AZURE_IMAGE_FILENAME             ?= $(AZURE_IMAGE_NAME)_azure.vhd
-AZURE_IMAGE_PATH                 ?= $(IMAGES_PATH)/$(AZURE_IMAGE_FILENAME)
-AZURE_RESOURCE_GROUP_NAME        ?= CONSTELLATION-IMAGES
-AZURE_REGION                     ?= northeurope
-AZURE_REPLICATION_REGIONS        ?= northeurope eastus westeurope westus
-AZURE_GALLERY_NAME               ?= Constellation
-AZURE_IMAGE_DEFINITION           ?= $(AZURE_IMAGE_NAME)
-AZURE_IMAGE_OFFER                ?= $(AZURE_IMAGE_DEFINITION)
-AZURE_IMAGE_VERSION              ?= 0.0.1
-AZURE_PUBLISHER                  ?= edgelesssys
-AZURE_SKU                        ?= constellation-coreos
-
--include $(CURDIR)/config.mk
-
-.PHONY: clean all kernel coreos run shell cosa-init cosa-fetch images image-gcp upload-gcp image-azure upload-azure-non-cvm $(BOOTSTRAPPER_OVERRIDE_PATH) $(DISK_MAPPER_OVERRIDE_PATH)
-SHELL := /bin/bash
-
-all: coreos images
-
-ifeq ($(DOWNLOAD_BOOTSTRAPPER), y)
-$(BOOTSTRAPPER_BINARY):
-	wget -q $(BOOTSTRAPPER_URL) -O $@
-endif
-
-$(BOOTSTRAPPER_OVERRIDE_PATH): $(BOOTSTRAPPER_BINARY) | cosa-init
-	mkdir -p $(COREOS_BUILD_PATH)/overrides/rootfs/usr/bin
-	cp $(BOOTSTRAPPER_BINARY) $@
-	chmod +x $@
-
-$(DISK_MAPPER_OVERRIDE_PATH): $(DISK_MAPPER_BINARY) | cosa-init
-	mkdir -p $(COREOS_BUILD_PATH)/overrides/rootfs/usr/sbin
-	cp $(DISK_MAPPER_BINARY) $@
-	chmod +x $@
-
-cosa-image:
-	-make -j 1 -C $(COSA_BUILDDIR) clean
-	make -j 1 -C $(COSA_BUILDDIR)
-
-cosa-init:
-	 mkdir -p $(COREOS_BUILD_PATH)
-	-flock $(COSA_LOCKFILE) -c '. $(COSA_ENV) && cd $(COREOS_BUILD_PATH) && NETRC=$(NETRC) cosa init --branch $(COSA_INIT_BRANCH) $(COSA_INIT_REPO)'
-
-cosa-fetch: cosa-init kernel $(BOOTSTRAPPER_OVERRIDE_PATH) $(DISK_MAPPER_OVERRIDE_PATH)
-	flock $(COSA_LOCKFILE) -c '. $(COSA_ENV) && cd $(COREOS_BUILD_PATH) && NETRC=$(NETRC) cosa fetch'
-
-coreos: cosa-fetch $(BOOTSTRAPPER_OVERRIDE_PATH) $(DISK_MAPPER_OVERRIDE_PATH)
-	flock $(COSA_LOCKFILE) -c '. $(COSA_ENV) && cd $(COREOS_BUILD_PATH) && NETRC=$(NETRC) cosa build'
-
-run: $(BOOTSTRAPPER_OVERRIDE_PATH) $(DISK_MAPPER_OVERRIDE_PATH)
-	flock $(COSA_LOCKFILE) -c '. $(COSA_ENV) && cd $(COREOS_BUILD_PATH) && NETRC=$(NETRC) cosa run --devshell-console'
-
-shell: $(BOOTSTRAPPER_OVERRIDE_PATH) $(DISK_MAPPER_OVERRIDE_PATH)
-	flock $(COSA_LOCKFILE) -c '. $(COSA_ENV) && cd $(COREOS_BUILD_PATH) && NETRC=$(NETRC) cosa shell'
-
-$(GCP_IMAGE_PATH): coreos
-	flock $(COSA_LOCKFILE) -c '. $(COSA_ENV) && cd $(COREOS_BUILD_PATH) && NETRC=$(NETRC) cosa buildextend-gcp'
-	cp $(COREOS_BUILD_PATH)/builds/latest/x86_64/fedora-coreos-*.dev.*-gcp.x86_64.tar.gz $@
-	$(BASE_PATH)/dm-verity/recalculate-dm-verity.sh gcp $@
-
-$(AZURE_IMAGE_PATH): coreos
-	flock $(COSA_LOCKFILE) -c '. $(COSA_ENV) && cd $(COREOS_BUILD_PATH) && NETRC=$(NETRC) cosa buildextend-azure'
-	cp $(COREOS_BUILD_PATH)/builds/latest/x86_64/fedora-coreos-*.dev.*-azure.x86_64.vhd $@
-	$(BASE_PATH)/dm-verity/recalculate-dm-verity.sh azure $@
-
-images: image-gcp image-azure
-
-image-gcp: $(GCP_IMAGE_PATH)
-
-upload-gcp: $(GCP_IMAGE_PATH)
-	-gsutil mb -l $(GCP_REGION) gs://$(GCP_BUCKET)
-	gsutil pap set enforced gs://$(GCP_BUCKET)
-	gsutil cp $(GCP_IMAGE_PATH) gs://$(GCP_BUCKET)
-	gcloud compute images create $(GCP_IMAGE_NAME) \
-		--family $(GCP_IMAGE_FAMILY) \
-		--source-uri=gs://$(GCP_BUCKET)/$(GCP_IMAGE_FILENAME) \
-		--guest-os-features=GVNIC,SEV_CAPABLE,VIRTIO_SCSI_MULTIQUEUE,UEFI_COMPATIBLE \
-		--labels=bootstrapper-sha1=$$(shasum $(BOOTSTRAPPER_OVERRIDE_PATH) | cut -d " " -f 1),bootstrapper-sha512=$$(sha512sum $(BOOTSTRAPPER_OVERRIDE_PATH) | cut -d " " -f 1 | cut -c-63) \
-		--project $(GCP_PROJECT)
-	gcloud compute images add-iam-policy-binding $(GCP_IMAGE_NAME) \
-		--project $(GCP_PROJECT) \
-		--member='allAuthenticatedUsers' \
-		--role='roles/compute.imageUser'
-	gsutil rm gs://$(GCP_BUCKET)/$(GCP_IMAGE_FILENAME)
-
-image-azure: $(AZURE_IMAGE_PATH)
-
-# reference: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disks-upload-vhd-to-managed-disk-cli
-# reference: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/upload-vhd
-# reference: https://docs.microsoft.com/en-us/azure/virtual-machines/image-version
-upload-azure: $(AZURE_IMAGE_PATH)
-	$(eval SIZE := $(shell wc -c $(AZURE_IMAGE_PATH) | cut -d " " -f1))
-	@echo "creating disk of size $(SIZE)"
-	az disk create -n $(AZURE_IMAGE_NAME) -g $(AZURE_RESOURCE_GROUP_NAME) -l $(AZURE_REGION) --hyper-v-generation V2 --os-type Linux --for-upload --upload-size-bytes $(SIZE) --sku standard_lrs
-	@echo "waiting for disk to be created"
-	az disk wait --created -n $(AZURE_IMAGE_NAME) -g $(AZURE_RESOURCE_GROUP_NAME)
-	@echo "created disk $(AZURE_IMAGE_NAME)"
-	az disk list --output table --query "[?name == '$(AZURE_IMAGE_NAME)' && resourceGroup == '$(AZURE_RESOURCE_GROUP_NAME)']"
-	@echo "Granting temporary write access on disk $(AZURE_IMAGE_NAME)"
-	@echo "Copying $(AZURE_IMAGE_PATH) to disk $(AZURE_IMAGE_NAME)"
-	azcopy copy "$(AZURE_IMAGE_PATH)" "$$(az disk grant-access -n $(AZURE_IMAGE_NAME) -g $(AZURE_RESOURCE_GROUP_NAME) --access-level Write --duration-in-seconds 86400 | jq -r .accessSas)" --blob-type PageBlob
-	@echo "Revoking write access"
-	az disk revoke-access -n $(AZURE_IMAGE_NAME) -g $(AZURE_RESOURCE_GROUP_NAME)
-	az image create -g $(AZURE_RESOURCE_GROUP_NAME) -l $(AZURE_REGION) -n $(AZURE_IMAGE_NAME) --hyper-v-generation V2 --os-type Linux --source "$$(az disk list --query "[?name == '$(AZURE_IMAGE_NAME)' && resourceGroup == '$(AZURE_RESOURCE_GROUP_NAME)'] | [0].id" --output json | jq -r)"
-	@echo "Create shared image gallery (if it does not exist yet)"
-	-az sig create -l $(AZURE_REGION) --gallery-name $(AZURE_GALLERY_NAME) --resource-group $(AZURE_RESOURCE_GROUP_NAME)
-	@echo "Create image definition (if it does not exist yet)"
-	-az sig image-definition create --resource-group $(AZURE_RESOURCE_GROUP_NAME) -l $(AZURE_REGION) --gallery-name $(AZURE_GALLERY_NAME) --gallery-image-definition $(AZURE_IMAGE_DEFINITION) --publisher $(AZURE_PUBLISHER) --offer $(AZURE_IMAGE_OFFER) --sku $(AZURE_SKU) --os-type Linux --os-state generalized --hyper-v-generation V2 --features SecurityType=TrustedLaunch
-	az sig image-version create --resource-group $(AZURE_RESOURCE_GROUP_NAME) -l $(AZURE_REGION) --gallery-name $(AZURE_GALLERY_NAME) --gallery-image-definition $(AZURE_IMAGE_DEFINITION) --gallery-image-version $(AZURE_IMAGE_VERSION) --target-regions $(AZURE_REPLICATION_REGIONS) --replica-count 1 --managed-image "$$(az image list --query "[?name == '$(AZURE_IMAGE_NAME)' && resourceGroup == '$(AZURE_RESOURCE_GROUP_NAME)'] | [0].id" --output json | jq -r)"
-	@echo "Create CVM image definition (if it does not exist yet)"
-	-az sig image-definition create --resource-group $(AZURE_RESOURCE_GROUP_NAME) -l $(AZURE_REGION) --gallery-name $(AZURE_GALLERY_NAME)_CVM --gallery-image-definition $(AZURE_IMAGE_DEFINITION) --publisher $(AZURE_PUBLISHER) --offer $(AZURE_IMAGE_OFFER) --sku $(AZURE_SKU) --os-type Linux --os-state generalized --hyper-v-generation V2 --features SecurityType=ConfidentialVmSupported
-	az sig image-version create --resource-group $(AZURE_RESOURCE_GROUP_NAME) -l $(AZURE_REGION) --gallery-name $(AZURE_GALLERY_NAME)_CVM --gallery-image-definition $(AZURE_IMAGE_DEFINITION) --gallery-image-version $(AZURE_IMAGE_VERSION) --target-regions $(AZURE_REPLICATION_REGIONS) --replica-count 1 --managed-image "$$(az image list --query "[?name == '$(AZURE_IMAGE_NAME)' && resourceGroup == '$(AZURE_RESOURCE_GROUP_NAME)'] | [0].id" --output json | jq -r)"
-	@echo "Cleaning up resources"
-	az image delete --resource-group $(AZURE_RESOURCE_GROUP_NAME) -n $(AZURE_IMAGE_NAME)
-	az disk delete --resource-group $(AZURE_RESOURCE_GROUP_NAME) -n $(AZURE_IMAGE_NAME) --yes
-
-ifeq ($(OVERRIDE_KERNEL), y)
-kernel: $(KERNEL_RPM) $(KERNEL_CORE_RPM) $(KERNEL_MODULES_RPM)
-$(KERNEL_RPM): | cosa-init
-	-mkdir -p $$(dirname $@)
-	wget -q $(KERNEL_RPM_URL) -O $@
-$(KERNEL_CORE_RPM): | cosa-init
-	-mkdir -p $$(dirname $@)
-	wget -q $(KERNEL_CORE_RPM_URL) -O $@
-$(KERNEL_MODULES_RPM): | cosa-init
-	-mkdir -p $$(dirname $@)
-	wget -q $(KERNEL_MODULES_RPM_URL) -O $@
-else
-kernel:
-endif
-
-clean:
-	-rm $(COSA_LOCKFILE)
-	-rm $(IMAGES_PATH)/*
-	-rm -r $(COREOS_BUILD_PATH)
-	mkdir -p $(COREOS_BUILD_PATH)

image/assembler/README.md

@@ -1,50 +0,0 @@
-# Constellation-OS Assembler
-
-This container image uses [coreos assembler](https://coreos.github.io/coreos-assembler/) as a base (`quay.io/coreos-assembler/coreos-assembler`) to facilitate a build environment for the Constellation-OS.
-The root filesystem takes its contents (OSTree) from [constellation-fedora-coreos-config](https://github.com/edgelesssys/constellation-fedora-coreos-config).
-And the Constellation-OS Assembler can be pulled from ghcr.io/edgelesssys/constellation-coreos-assembler
-
-## Setup
-
-Prerequisites: `podman` and `qemu-kvm` are installed, nested virtualization is enabled.
-Make sure your user is allowed read and write access on `/dev/kvm`.
-If the device is not mounted in the container try the following command, and restart the container:
-``` shell
-sudo chmod 666 /dev/kvm
-```
-
-## Using the Assembler to create a bootable operating system
-
-1. Create the assembler image as described [here](#creating-the-assembler-image)
-2. Source the `fcos/.env` file to enable the `cosa` bash alias:
-   ```
-   source fcos/.env
-   ```
-3. Set the `BOOTSTRAPPER_BINARY` environment variable to a path of the compiled bootstrapper binary. It will be mounted in the cosa container and copied into the resulting coreos image.
-   ```
-   BOOTSTRAPPER_BINARY="/path/to/bootstrapper"
-   ```
-4. Go into the build folder and initialize cosa:
-   ```
-   cd fcos/build
-   cosa init https://github.com/edgelesssys/constellation-fedora-coreos-config
-   cosa fetch
-   ```
-5. Build the OS image:
-   ```
-   cosa build
-   ```
-6. Create an image for a cloud provider
-    ```
-    cosa buildextend-gcp
-    cosa buildextend-aws
-    cosa buildextend-azure
-    [...]
-    ```
-
-## Using a locally checked out git repo of the coreos-config during development
-
-Simply set the environment variable `COREOS_ASSEMBLER_CONFIG_GIT` to the local folder and perform the rest of the steps as usual:
-```
-COREOS_ASSEMBLER_CONFIG_GIT=/path/to/constellation-fedora-coreos-config
-```

image/dm-verity/recalculate-dm-verity.sh

@@ -1,182 +0,0 @@
-#!/usr/bin/env bash
-set -xeuo pipefail
-
-# Show progress on pipes if `pv` is installed
-# Otherwise use plain cat
-if ! command -v pv &> /dev/null
-then
-    PV="cat"
-else
-    PV="pv"
-fi
-
-mount_partition () {
-    local partition_file=$1
-    local mountpoint=$2
-
-    # second, try to mount as current user
-    if mount -o loop "${partition_file}" "${mountpoint}"; then
-        return
-    fi
-
-    # third, try to mount with sudo
-    sudo mount -o loop "${partition_file}" "${mountpoint}"
-    # temporarily change ownership of partition files
-    sudo chown -R "${USER}:${USER}" "${mountpoint}"
-}
-
-umount_partition () {
-    sync
-    local mountpoint=$1
-
-    # second, try to umount as current user
-    if umount "${mountpoint}"; then
-        return
-    fi
-
-    # third, try to umount with sudo
-    # repair ownership of partition files
-    sudo chown -R root:root "${mountpoint}"
-    sudo umount "${mountpoint}"
-}
-
-# Unpacks finished cloud provider image to recalculate dm-verity hash
-unpack () {
-    local cloudprovider=$1
-    local packed_image=$2
-    local unpacked_image=$3
-
-    case $cloudprovider in
-
-    gcp)
-        echo "📤 Unpacking GCP image..."
-        "${PV}" "$packed_image" | tar -xzf - -O > "$unpacked_image"
-        echo "  Unpacked image stored in ${unpacked_image}"
-        ;;
-
-    azure)
-        echo "📤 Unpacking Azure image..."
-        qemu-img convert -p -f vpc -O raw "$packed_image" "$unpacked_image"
-        echo "  Unpacked image stored in ${unpacked_image}"
-        ;;
-
-    *)
-        echo  "unknown cloud provider"
-        exit 1
-        ;;
-    esac
-}
-
-get_part_offset () {
-    local unpacked_image=$1
-    local part_number=$2
-    local offset
-    offset=$(parted -s "${unpacked_image}" unit s print | sed 's/^ //g' | grep "^${part_number}" | tr -s ' ' | cut -d ' ' -f2)
-    local offset=${offset::-1}
-    echo "${offset}"
-}
-
-get_part_size () {
-    local unpacked_image=$1
-    local part_number=$2
-    local size
-    size=$(parted -s "${unpacked_image}" unit s print | sed 's/^ //g' | grep "^${part_number}" | tr -s ' ' | cut -d ' ' -f4)
-    local size=${size::-1}
-    echo "${size}"
-}
-
-extract_partition () {
-    local unpacked_image=$1
-    local part_number=$2
-    local extracted_partition_path=$3
-
-    local part_offset
-    part_offset=$(get_part_offset "${unpacked_image}" "${part_number}")
-    local part_size
-    part_size=$(get_part_size "${unpacked_image}" "${part_number}")
-    dd status=progress "if=${unpacked_image}" "of=${extracted_partition_path}" bs=512 "skip=${part_offset}" "count=${part_size}" 2>/dev/null
-}
-
-overwrite_partition () {
-    local unpacked_image=$1
-    local part_number=$2
-    local extracted_partition_path=$3
-
-    local part_offset
-    part_offset=$(get_part_offset "${unpacked_image}" "${part_number}")
-    local part_size
-    part_size=$(get_part_size "${unpacked_image}" "${part_number}")
-    dd status=progress conv=notrunc "if=${extracted_partition_path}" "of=${unpacked_image}" bs=512 "seek=${part_offset}" "count=${part_size}" 2>/dev/null
-}
-
-update_verity () {
-    local tmp_dir=$1
-    local raw_image=$2
-    local boot_mountpoint=${tmp_dir}/boot.mount
-    local boot_partition=${tmp_dir}/part_boot.raw
-    local root_partition=${tmp_dir}/part_root.raw
-    local hashtree_partition=${tmp_dir}/part_hashtree.raw
-
-    echo "⬅️  Extracting partitions..."
-    extract_partition "${raw_image}" 3 "${boot_partition}"
-    extract_partition "${raw_image}" 4 "${root_partition}"
-    extract_partition "${raw_image}" 5 "${hashtree_partition}"
-
-    # recalculate verity hashtree
-    veritysetup_out=$(veritysetup format "${root_partition}" "${hashtree_partition}")
-    roothash=$(echo "${veritysetup_out}" | grep 'Root hash:' | sed --expression='s/Root hash:\s*//g')
-    echo "🧮 Recalculated dm-verity hashtree with roothash ${roothash}"
-    # update bootloader kernel cmdline
-    mkdir -p "${boot_mountpoint}"
-    mount_partition "${boot_partition}" "${boot_mountpoint}"
-    sed -i -r "s/verity.sysroot=[[:xdigit:]]+/verity.sysroot=${roothash}/g" "${boot_mountpoint}/loader.1/entries/ostree-1-fedora-coreos.conf"
-    echo "✍️  Updated bootloader kernel cmdline to include new dm-verity roothash: $(grep '^options ' "${boot_mountpoint}"/loader.1/entries/ostree-1-fedora-coreos.conf)"
-    umount_partition "${boot_mountpoint}"
-    rmdir "${boot_mountpoint}"
-
-    echo "➡️  Overwriting partitions..."
-    overwrite_partition "${raw_image}" 3 "${boot_partition}"
-    overwrite_partition "${raw_image}" 5 "${hashtree_partition}"
-}
-
-repack () {
-    local cloudprovider=$1
-    local unpacked_image=$2
-    local packed_image=$3
-    local unpacked_image_dir
-    unpacked_image_dir=$(dirname "${unpacked_image}")
-    local unpacked_image_filename
-    unpacked_image_filename=$(basename "${unpacked_image}")
-    local tmp_tar_file
-    tmp_tar_file=$(mktemp -t verity.XXXXXX.tar)
-
-    case $cloudprovider in
-
-    gcp)
-        echo "📥 Repacking GCP image..."
-        tar --owner=0 --group=0 -C "${unpacked_image_dir}" -Sch --format=oldgnu -f "${tmp_tar_file}" "${unpacked_image_filename}"
-        "${PV}" "${tmp_tar_file}" | pigz -9c  > "${packed_image}"
-        rm "${tmp_tar_file}"
-        echo "  Repacked image stored in ${packed_image}"
-        ;;
-
-    azure)
-        echo "📥 Repacking Azure image..."
-        qemu-img convert -p -f raw -O vpc -o force_size,subformat=fixed "${unpacked_image}" "$packed_image"
-        echo "  Repacked image stored in ${packed_image}"
-        ;;
-
-    *)
-        echo  "unknown cloud provider"
-        exit 1
-        ;;
-    esac
-}
-
-echo "🔁 Recalculating dm-verity hashtree 🌳"
-tmp_dir=$(mktemp -d -t verity-XXXXXXXXXX)
-raw_image="${tmp_dir}/disk.raw"
-unpack "$1" "$2" "${raw_image}"
-update_verity "${tmp_dir}" "${raw_image}"
-repack "$1" "${raw_image}" "${2}"
-rm -r "${tmp_dir}"

image/docker.env

@@ -1,15 +0,0 @@
-cosa() {
-    env | grep COREOS_ASSEMBLER
-    local -r COREOS_ASSEMBLER_CONTAINER_LATEST="localhost/coreos-assembler"
-    test -t 1 && USE_TTY="-ti"
-    set -x
-    docker run --rm ${USE_TTY} --security-opt label=disable --privileged                                                      \
-               -v ${PWD}:/srv/ --device /dev/kvm --device /dev/fuse                                                           \
-               --tmpfs /tmp -v /var/tmp:/var/tmp --name constellation-cosa                                                    \
-               -v ${NETRC}:/home/builder/.netrc:ro                                                                            \
-               ${COREOS_ASSEMBLER_CONFIG_GIT:+-v $COREOS_ASSEMBLER_CONFIG_GIT:/srv/src/config/:ro}                            \
-               ${COREOS_ASSEMBLER_GIT:+-v $COREOS_ASSEMBLER_GIT/src/:/usr/lib/coreos-assembler/:ro}                           \
-               ${COREOS_ASSEMBLER_CONTAINER_RUNTIME_ARGS}                                                                     \
-               ${COREOS_ASSEMBLER_CONTAINER:-$COREOS_ASSEMBLER_CONTAINER_LATEST} "$@"
-    rc=$?; set +x; return $rc
-}

image/docs/README.md

@@ -1,208 +0,0 @@
-# Fedora CoreOS Assembler
-
-We use the [Fedora CoreOS Assembler](https://coreos.github.io/coreos-assembler/) to build the base image for Constellation nodes.
-
-## Setup
-
-Prerequisites: `podman` and `qemu-kvm` are installed, nested virtualization is enabled.
-Make sure your user is allowed read and write access on `/dev/kvm`.
-If the device is not mounted in the container try the following command, and restart the container:
-``` shell
-sudo chmod 666 /dev/kvm
-```
-
-* Pull the assembler container image
-
-    ``` shell
-    podman pull quay.io/coreos-assembler/coreos-assembler
-    ```
-
-* Create a working directory on your host system
-
-    ``` shell
-    mkdir fcos && cd fcos
-    ```
-
-* Set up a bash alias
-
-    Add the following to your `.bashrc` to easily start the image assembler using `cosa`:
-    ``` bash
-    cosa() {
-        env | grep COREOS_ASSEMBLER
-        local -r COREOS_ASSEMBLER_CONTAINER_LATEST="quay.io/coreos-assembler/coreos-assembler:latest"
-        if [[ -z ${COREOS_ASSEMBLER_CONTAINER} ]] && $(podman image exists ${COREOS_ASSEMBLER_CONTAINER_LATEST}); then
-            local -r cosa_build_date_str="$(podman inspect -f "{{.Created}}" ${COREOS_ASSEMBLER_CONTAINER_LATEST} | awk '{print $1}')"
-            local -r cosa_build_date="$(date -d ${cosa_build_date_str} +%s)"
-            if [[ $(date +%s) -ge $((cosa_build_date + 60*60*24*7)) ]] ; then
-                echo -e "\e[0;33m----" >&2
-                echo "The COSA container image is more that a week old and likely outdated." >&2
-                echo "You should pull the latest version with:" >&2
-                echo "podman pull ${COREOS_ASSEMBLER_CONTAINER_LATEST}" >&2
-                echo -e "----\e[0m" >&2
-                sleep 10
-            fi
-        fi
-        set -x
-        podman run --rm -ti --security-opt label=disable --privileged                                    \
-                   --uidmap=1000:0:1 --uidmap=0:1:1000 --uidmap 1001:1001:64536                          \
-                   -v ${PWD}:/srv/ --device /dev/kvm --device /dev/fuse                                  \
-                   --tmpfs /tmp -v /var/tmp:/var/tmp --name cosa                                         \
-                   ${COREOS_ASSEMBLER_CONFIG_GIT:+-v $COREOS_ASSEMBLER_CONFIG_GIT:/srv/src/config/:ro}   \
-                   ${COREOS_ASSEMBLER_GIT:+-v $COREOS_ASSEMBLER_GIT/src/:/usr/lib/coreos-assembler/:ro}  \
-                   ${COREOS_ASSEMBLER_CONTAINER_RUNTIME_ARGS}                                            \
-                   ${COREOS_ASSEMBLER_CONTAINER:-$COREOS_ASSEMBLER_CONTAINER_LATEST} "$@"
-        rc=$?; set +x; return $rc
-    }
-    ```
-
-* Run the builder
-
-    ``` shell
-    cosa shell
-    ```
-
-* Initialize the build
-
-    ``` shell
-    cosa init https://github.com/coreos/fedora-coreos-config
-    ```
-
-* Fetch metadata and packages
-
-    ``` shell
-    cosa fetch
-    ```
-
-* Build a qemu VM image
-
-    ``` shell
-    cosa build
-    ```
-
-    Each build will create a new directory in `$PWD/builds/`, containing the generated OSTree commit and the qemu VM image.
-
-* Run the image
-
-    ``` shell
-    cosa run
-    ```
-
-## Customization
-
-The CoreOS Assembler offers three main customization options:
-* [`manifest.yaml`](https://coreos.github.io/coreos-assembler/working/#manifestyaml)
-
-    An rpm-ostree "manifest" or "treefile", primarily, a list of RPMs and their associated repositories.
-    See the rpm-ostree documentation for the [treefile format reference](https://coreos.github.io/rpm-ostree/treefile/)
-
-* [`overlay.d/`](https://coreos.github.io/coreos-assembler/working/#overlayd)
-
-    A generic way to embed architecture-independent configuration and scripts by creating subdirectories in `overlay.d/`.
-    Each subdirectory is added to the OSTree commit in lexicographic order.
-
-* [`image.yaml`](https://coreos.github.io/coreos-assembler/working/#imageyaml)
-
-    Configuration for the output disk images
-
-Additionally, one may use [`overrides`](https://coreos.github.io/coreos-assembler/working/#using-overrides) to embed local RPMs from the build environment, that should not be pulled from a remote repository:
-
-1. Package the binary as an RPM
-
-2. Add any dependencies of the RPM to `manifest.yaml`
-
-3. Run `cosa fetch` to prepare dependencies
-
-4. Place the RPM in `overrides/rpm`
-
-5. Add the name of your RPM to `manifest.yaml`
-
-6. Run `cosa build`. Your RPM will be added to the final image.
-
-
-Example: We want to build FCOS with our own kernel
-
-1. Follow [Kernel Building](#kernel-building) to build the kernel
-
-    You should end up with at least three RPMs: `kernel`, `kernel-core`, `kernel-modules`.
-    `kernel` depends on `core` and `modules`, `modules` on `core`, and `core` on common FCOS packages (`bash`, `systemd`, etc.).
-    These dependencies should already be in the manifest.
-
-2. Run `cosa fetch`
-
-3. Place the kernel RPMs in `overrides/rpm`
-
-    `kernel`, `kernel-core`, `kernel-modules` should already be in the manifest (`src/config/manifests/bootable-rpm-ostree.yaml`)
-
-4. Run `cosa build` to create the image
-
-5. Test the image with `cosa run`
-
-6. Run `cosa buildextend-gcp` and `cosa buildextend-azure` to additionaly create a VM image for GCP and Azure
-
-## RPM packaging
-
-If we want to make the most use of CoreOS assembler we should package our applications as RPM packages.
-See [creating rpm packages](https://docs.fedoraproject.org/en-US/quick-docs/creating-rpm-packages/).
-
-Brief overview of the required steps:
-
-1. Create a directory with your source code or binary file
-
-2. Add a <package>.spec file
-
-    Run the following command to create a spec file template that you can update with information about your package
-    ``` shell
-    rpmdev-newspec <package>
-    ```
-
-3. Create the RPM
-
-    ``` shell
-    fedpkg --release f35 local
-    ```
-
-## Kernel Building
-
-See the [building a custom kernel](https://docs.fedoraproject.org/en-US/quick-docs/kernel/build-custom-kernel/) from the Fedora Project documentation.
-
-The following assumes you are running on a current release of Fedora.
-We have a Fedora 35 image available on GCP, make sure you have enough space available and the VM is capable to build the kernel in a reasonable time (e2-standard-8 takes ~2h to finish the build).
-
-1. Install dependencies and clone the kernel
-
-    ``` shell
-    sudo dnf install fedpkg fedora-packager rpmdevtools ncurses-devel pesign grubby qt3-devel libXi-devel gcc-c++
-    fedpkg clone -a kernel && cd kernel
-    sudo dnf builddep kernel.spec
-    ```
-
-    Optionally install `ccache` to speed up rebuilds
-    ``` shell
-    sudo dnf install ccache
-    ```
-
-2. Check out the kernel branch you want to base your build on
-
-    Each release has its own branch. E.g. to customize the kernel for Fedora 35, check out `origin/f35`. `rawhide` tracks the latest iteration, following closely behind the mainline kernel.
-    ``` shell
-    git checkout origin/f35
-    git checkout -b custom-kernel
-    ```
-
-3. Customize buildid by chaning `# define buildid .local` to `%define buildid .<your_custom_id_here>` in `kernel.spec`
-
-4. Apply your changes and patches to the kernel
-
-5. Build the RPMs
-
-    This will take a while
-    ``` shell
-    fedpkg local
-    ```
-    The built kernel RPMs will be in `./x86_64/`
-
-6. You can now use and install the kernel packages
-
-    ``` shell
-    sudo dnf install --nogpgcheck ./x86_64/kernel-$version.rpm
-    ```

image/docs/cloud-providers.md

@@ -1,45 +0,0 @@
-# Cloud Providers
-
-Custom CoreOS images created here can be uploaded to supported cloud providers. This documents contains information on how to manually spawn cloud provider instances using custom CoreOS images.
-
-## GCP
-
-```shell
-gcloud compute instances create <INSTANCE_NAME> --zone=<ZONE>  --machine-type=<MACHINE_TYPE> --image <IMAGE_NAME>  --maintenance-policy=TERMINATE --confidential-compute --shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/compute,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/service.management,https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/trace.append
-```
-
-## Azure
-
-Non-CVM:
-```
-az image list
-# copy image id from output of previous command
-az vm create --resource-group <RESOURCE_GROUP> --location <LOCATION> --name <INSTANCE_NAME> --os-type linux --public-ip-sku Standard --image <IMAGE_ID>
-```
-
-### Create Marketplace offer
-
-- Upload a vhd and image to azure portal using the Makefile
-- Create (or reuse) a `shared image gallery`:
-  - Create image gallery if it does not exist yet
-    - Search for "Azure compute galleries" in azure portal
-    - Click "create"
-    - Choose "constellation-images" resource group and pick a name, then click create
-- Create a VM image definition
-  - Search for "Azure compute galleries" in azure portal and choose the created gallery
-  - Click "Create a VM image definition"
-  - OS type: Linux
-  - OS state: Generalized
-  - VM generation: Gen 2
-  - Publisher: EdgelessSystems
-  - Offer: constellation-coreos
-  - SKU: constellation-coreos
-  - Source image: Choose image uploaded using Makefile
-  - Create
-- Create Marketplace offer (on https://partner.microsoft.com/)
-  - Navigate to marketplace offers overview (https://partner.microsoft.com/en-us/dashboard/marketplace-offers/overview)
-  - If you want to create a new version of an existing plan, skip this section
-  - Click "New offer" -> "Azure Virtual Machine"
-  - Choose an offer id and alias
-  - Create a new plan on "Plan overview" -> "Create new plan", choose a plan id and plan name
-  - In "Technical configuration", create a generation, choose "Azure shared image gallery" and select the image created earlier

image/podman.env

@@ -1,16 +0,0 @@
-cosa() {
-    env | grep COREOS_ASSEMBLER
-    local -r COREOS_ASSEMBLER_CONTAINER_LATEST="localhost/coreos-assembler"
-    test -t 1 && USE_TTY="-ti"
-    set -x
-    podman run --rm ${USE_TTY} --security-opt label=disable --privileged                                                      \
-               --uidmap=1000:0:1 --uidmap=0:1:1000 --uidmap 1001:1001:64536                                                   \
-               -v ${PWD}:/srv/ --device /dev/kvm --device /dev/fuse                                                           \
-               --tmpfs /tmp -v /var/tmp:/var/tmp --name constellation-cosa                                                    \
-               -v ${NETRC}:/home/builder/.netrc:ro                                                                            \
-               ${COREOS_ASSEMBLER_CONFIG_GIT:+-v $COREOS_ASSEMBLER_CONFIG_GIT:/srv/src/config/:ro}                            \
-               ${COREOS_ASSEMBLER_GIT:+-v $COREOS_ASSEMBLER_GIT/src/:/usr/lib/coreos-assembler/:ro}                           \
-               ${COREOS_ASSEMBLER_CONTAINER_RUNTIME_ARGS}                                                                     \
-               ${COREOS_ASSEMBLER_CONTAINER:-$COREOS_ASSEMBLER_CONTAINER_LATEST} "$@"
-    rc=$?; set +x; return $rc
-}