diff --git a/image/packages/Makefile b/image/packages/Makefile index 660fcae2e..eb01d4804 100644 --- a/image/packages/Makefile +++ b/image/packages/Makefile @@ -3,20 +3,33 @@ SRC_PATH = $(CURDIR) BASE_PATH ?= $(SRC_PATH) MKOSI_CACHE ?= $(BASE_PATH)/mkosi.cache REPODIR ?= $(BASE_PATH)/repo +DOWNGRADESDIR ?= $(BASE_PATH)/downgrades ORAS_IMAGE ?= ghcr.io/edgelesssys/constellation-rpms EXTRA_SEARCH_PATHS ?= MKOSI ?= mkosi +# explicitly downgraded packages that should be available via local repo for pinning +# these are merged with the list of up-to-date packages from mkosi +HELD_PACKAGES := \ + packages/kernel/6.1.7/200.fc37/x86_64/kernel-6.1.7-200.fc37.x86_64.rpm \ + packages/kernel/6.1.7/200.fc37/x86_64/kernel-core-6.1.7-200.fc37.x86_64.rpm \ + packages/kernel/6.1.7/200.fc37/x86_64/kernel-modules-6.1.7-200.fc37.x86_64.rpm \ + packages/kernel/5.19.17/300.fc37/x86_64/kernel-5.19.17-300.fc37.x86_64.rpm \ + packages/kernel/5.19.17/300.fc37/x86_64/kernel-core-5.19.17-300.fc37.x86_64.rpm \ + packages/kernel/5.19.17/300.fc37/x86_64/kernel-modules-5.19.17-300.fc37.x86_64.rpm +HELD_RPMS := $(addprefix $(DOWNGRADESDIR)/,$(HELD_PACKAGES)) + .PHONY: all clean update repo testrepo all: repo -update: clean-image clean-cache clean-repo +update: clean-image clean-cache clean-repo downgrades $(MKOSI) build @if [ -n $(SUDO_UID) ] && [ -n $(SUDO_GID) ]; then \ chown -R $(SUDO_UID):$(SUDO_GID) image.*; \ fi find $(MKOSI_CACHE) -name "*.rpm" -exec cp {} $(REPODIR)/ \; + find $(DOWNGRADESDIR) -name "*.rpm" -exec cp {} $(REPODIR)/ \; cd $(REPODIR) && sha256sum *.rpm > $(REPODIR)/SHA256SUMS push: @@ -31,7 +44,14 @@ pull: clean-repo chown -R $(SUDO_UID):$(SUDO_GID) image.*; \ fi -repo: +downgrades: $(HELD_RPMS) + +$(DOWNGRADESDIR)/%: + @mkdir -p $(dir $@) + @echo "Downloading $*" + @curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/$* + +repo: $(HELD_RPMS) rm -rf $(REPODIR)/repodata cd $(REPODIR) && sha256sum -c SHA256SUMS createrepo_c $(REPODIR) @@ -58,4 +78,7 @@ clean-repo: clean-image: -$(MKOSI) clean -clean: clean-cache clean-repo clean-image +clean-downgrades: + -rm -rf $(DOWNGRADESDIR)/packages + +clean: clean-cache clean-repo clean-image clean-downgrades diff --git a/image/packages/TAG b/image/packages/TAG index 3ee16e4bf..48190455c 100644 --- a/image/packages/TAG +++ b/image/packages/TAG @@ -1 +1 @@ -2f3d8950d5813525b141f2212fb7e099544645d1696f612912fbe58485790010 +e4506d03a9dbf41026ae6e2d4d836f8040f6005b138d50e9bb4d63100b449007 diff --git a/image/packages/downgrades/.gitignore b/image/packages/downgrades/.gitignore new file mode 100644 index 000000000..e7a9c1347 --- /dev/null +++ b/image/packages/downgrades/.gitignore @@ -0,0 +1 @@ +*.rpm diff --git a/image/packages/repo/SHA256SUMS b/image/packages/repo/SHA256SUMS index d4925c136..9829ff252 100644 --- a/image/packages/repo/SHA256SUMS +++ b/image/packages/repo/SHA256SUMS @@ -5,11 +5,11 @@ c356d05e80f2b57ea2598b45b168fff6da189038e3f3ef0305dd90cfdd2a045f authselect-1.4 38d1877d647bb5f4047d22982a51899c95bdfea1d7b2debbff37c66f0fc0ed44 basesystem-11-14.fc37.noarch.rpm e50ddbdb35ecec1a9bf4e19fd87c6216382be313c3b671704d444053a1cfd183 bash-5.2.15-1.fc37.x86_64.rpm 6e74a8ed5b472cf811f9bf429a999ed3f362e2c88566a461517a12c058abd401 bzip2-libs-1.0.8-12.fc37.x86_64.rpm -97e2a8bdc663e7441d79696b35e1f28410f5fc993e5a0707049f328df83007ed ca-certificates-2022.2.54-5.fc37.noarch.rpm +b2dcac3e49cbf75841d41ee1c53f1a91ffa78ba03dab8febb3153dbf76b2c5b2 ca-certificates-2023.2.60-1.0.fc37.noarch.rpm 52046cd6dbb56ae2ed30a5b6749076289b9976592e4aba5a3d2f3f176f36f740 catatonit-0.1.7-10.fc37.x86_64.rpm f6f20cd278c8112fc67a405c0dd3894f6c3c83f1bb328b977cc3cdac6f0d06a1 conmon-2.1.5-1.fc37.x86_64.rpm 7ae87fa6d6d81c6f1aa0883f713b1d1fe18dd830a352ff6c9dba9f54e27dae14 conntrack-tools-1.4.6-4.fc37.x86_64.rpm -b928e45f22285f1167459125a34722f56c59692456e2409ace3aeca95a7efa8c containerd-1.6.14-2.fc37.x86_64.rpm +459eab1af604863c8fb519bf3c47525e5934e280268dfc1311395e37ac94fab7 containerd-1.6.15-1.fc37.x86_64.rpm 4a6d047ad981d4ee585623047b495db58a1fe12e61246dfcb57f3236ffd58db7 containernetworking-plugins-1.1.1-8.fc37.x86_64.rpm 9162910554c5ff177cf7d813414455159bc8d391116ad3f098dbe3e392b0e12f containers-common-1-76.fc37.noarch.rpm 1fea7ad1e209d0b71a8d881a738699d747f85cea1342f8f2a5cc55246f074570 containers-common-extra-1-76.fc37.noarch.rpm @@ -83,8 +83,12 @@ e7c83a9058c7e7e05e4c7ba97a363414eb973343ea8f00a1140fbdafe6ca67e2 json-c-0.16-3. 7c660eada8cb6e2d2b0c035a9d1696db945761c07e7900b8003b1b405243adef kbd-2.5.1-3.fc37.x86_64.rpm a6e8f6c0a9973883d33d35381234a88acee5d075ba0a92f811e9728441756d1f kbd-legacy-2.5.1-3.fc37.noarch.rpm b71602703b63f87199a145cd64cf804b19af7275eede730bd3b82296b64417d7 kbd-misc-2.5.1-3.fc37.noarch.rpm -bd9f488e889efe8bea196761340ffb5a5ca7f67a2ba60901fb97b3a28b002ac9 kernel-core-6.1.7-200.fc37.x86_64.rpm -a2e7975edf4e5073631ab5bf8c2e51f7e6aea09cf5c6d6578a71b17fe7603c4e kernel-modules-6.1.7-200.fc37.x86_64.rpm +58523db4f6100f5809c88be7b62a77b4e735492d9a5265cde8d2bd446f8a8e55 kernel-5.19.17-300.fc37.x86_64.rpm +79fe32eda40699a1f80e8ded2e6abe7b51c026e10db2abd4407cd883808ab86a kernel-6.1.7-200.fc37.x86_64.rpm +6e6188f0af668828fbe129466f16f53076dfb408785c2b9830e8a6bee16b7a04 kernel-core-5.19.17-300.fc37.x86_64.rpm +0cf19273c41f0a98b2980796098c56e7ccc9649351a4180badc24ed8f3c01eaa kernel-core-6.1.7-200.fc37.x86_64.rpm +504e2ef53bd192e39c820bd2f0f04d3c18d4c0c5424b2d607d2a72838da2c8ac kernel-modules-5.19.17-300.fc37.x86_64.rpm +47eee9f17e7731550bc5a139456a319e7dee7160483d9b5e88a0b3d07bf8d846 kernel-modules-6.1.7-200.fc37.x86_64.rpm e3fd19c3020e55d80b8a24edb68506d2adbb07b2db29eecbde91facae1cca59d keyutils-libs-1.6.1-5.fc37.x86_64.rpm b57193efad83c9cdb3acf6ad843e1ef17b8c00382a8395713b1480905e23f786 kmod-30-2.fc37.x86_64.rpm 73a1a0f041819c1d50501a699945f0121a3b6e1f54df40cd0bf8f94b1b261ef5 kmod-libs-30-2.fc37.x86_64.rpm @@ -136,7 +140,7 @@ c533e7328564278eaad26e47ca523244cf300d9df3f2a35b593bb2ad4b0fb0cd libnetfilter_q 4543c991e6f536468d9d47527a201b58b9bc049364a6bdfe15a2f910a02e68f6 libnl3-3.7.0-2.fc37.x86_64.rpm a1e9428515b0df1c2a423ad3c35bcdf93333172fe346169bb3018a882e27be5f libnsl2-2.0.0-4.fc37.x86_64.rpm 0faaf92ba1998d23f01759ca0420840ebcbcefaebc3465c460cede62a9af0235 libnvme-1.2-1.fc37.x86_64.rpm -5f8e9e88cf8b77db0590188e7a9df79936de5ea2d56a5a809c9283820cb64809 libpcap-1.10.2-1.fc37.x86_64.rpm +6fd955a6637e2998476cf1a9ccde0af350b1a8931ec5b58efed5e86c38af41f8 libpcap-1.10.3-1.fc37.x86_64.rpm 90801f2f5ce98f2ba06f659b4676cb55d39f8e597a8f2da3e59dc943abe8f5a6 libpsl-0.21.1-6.fc37.x86_64.rpm c31765d3762972304b8489ad8d5cd7ddd608b74be2bb06866a9cd8ffefc1dab8 libpwquality-1.4.5-1.fc37.x86_64.rpm 344a9fc34ec697522d8a4f92880ab9fdf24d68e531c03747f866a45831b1af62 librepo-1.15.1-1.fc37.x86_64.rpm @@ -286,8 +290,8 @@ f87ad8fc18f4da254966cc6f99b533dc8125e1ec0eaefd5f89a6b6398cb13a34 util-linux-cor 6729064fde510b7cefc646b5c501b388c1e75cf64ddca24b8a6caac6642a735a WALinuxAgent-udev-2.8.0.11-1.fc37.noarch.rpm c8d8a5b7f490f1ea973024b12b281ab482434bcc4d5e53db51918be6124080ea wget-1.21.3-4.fc37.x86_64.rpm f1302b8a938e3c8235510f02d1500b36b03ca8990b5380280ba0a383416c75f0 which-2.21-35.fc37.x86_64.rpm -4d5c9d11876f3a1688d31fa669986eaaa4c0717435ca99e78fb86bf5ddc193cf xz-5.2.5-10.fc37.x86_64.rpm -9f9541ae85dcbefd66fd88c014ccf176b8a6b32788443981490d3a76381c2cc9 xz-libs-5.2.5-10.fc37.x86_64.rpm +7af1096450d0d76dcd5666e31736f18ff44de9908f2e87d89be88592b176c643 xz-5.4.1-1.fc37.x86_64.rpm +8c06eef8dd28d6dc1406e65e4eb8ee3db359cf6624729be4e426f6b01c4117fd xz-libs-5.4.1-1.fc37.x86_64.rpm b0ca9c6ed5935cde0094694127c13b99a441207eb084f44fb3aa093669c9957c yajl-2.1.0-19.fc37.x86_64.rpm 7b6ec4b5e92ae158d215c9f419173bf825870677717fe4a1375fc16e38cd479b zchunk-libs-1.2.3-1.fc37.x86_64.rpm 7b0eda1ad9e9a06e61d9fe41e5e4e0fbdc8427bc252f06a7d29cd7ba81a71a70 zlib-1.2.12-5.fc37.x86_64.rpm