Commit Graph

15 Commits

Author SHA1 Message Date
Moritz Sanft
f7c2392be2
image: update mkosi to 24.3 (#3342)
* flake: format

* image: update mkosi to 24.3

This updates mkosi to a next-version of v24.3, which is now available in nixpkgs. This removes the non-hermetic `uidmap` dependency, which is a great advantage. It will also be less of an effort to upgrade to v25 going forward.
Changes required are keeping `/var/cache` around (which is reproducible for our images, so no problem), as mkosi needs files from it in the build process. mkosi now additionally requires an explicit option to fetch the signing keys for the package repositories from the internet. A hack was required to satisfy the Bazel package, which should probably be solved properly at some point.
2024-09-09 11:18:51 +02:00
Moritz Sanft
1989bce0a5
bootstrapper: disable gRPC logging (#3134)
* bootstrapper: disable gRPC logging

* bootstrapper: remove debug flag

* upgrade-agent: remove gRPC logging

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-06-05 09:24:08 +02:00
Moritz Sanft
69048e430e
image: fix podman config path (#3139) 2024-06-04 11:02:59 +02:00
Moritz Sanft
5c3a7a5580
image: update to Fedora 40 (#3104)
* deps: upgrade OS to Fedora 40

* image: measure uki sections uname and sbat for systemd >= 254

* deps: update mainline kernel for Fedora 40

* image: update kernel to 6.6.30

* image: update upload docs

---------

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2024-05-16 09:10:09 +02:00
Malte Poll
889677c795 image: update mkosi and use package directory feature 2024-02-20 12:50:13 +01:00
Malte Poll
403acf75aa image: add mainline kernel and azure tdx image target 2024-01-16 17:34:44 +01:00
3u13r
120ae9d227
image: lower file limit for containerd (#2815) 2024-01-11 12:47:38 +01:00
Malte Poll
58e7af5364 image: create package manifest in chroot
rpm doesn't work properly when run on the host.
2023-12-13 18:19:59 +01:00
Malte Poll
23e456a265 nix: update flake and use mkosi with sorted cpio 2023-12-13 18:19:59 +01:00
Malte Poll
bd3430fcf0 image: provide runtime dependencies of cryptsetup in OS image.
This adds nix store paths to the initrd and sysroot of bootable Fedora images.
2023-12-01 09:35:33 +01:00
3u13r
618da92c7f
image: use all of cilium's sysctl overrides (#2532) 2023-10-30 11:19:58 +01:00
Malte Poll
1a141c3972
image: add rpm database as build output (#2442)
For reproducibility reasons, the final OS image does not ship the rpm database in sqlite format.
For supply chain security and license compliance reasons, we want to keep the rpm database of os images as a detached build artifact.
We now ship a reproducible, human readable manifest of installed rpms in the image under "/usr/share/constellation/packagemanifest" and upload the full rpm database as a build artifact (rpmdb.tar).
2023-10-17 14:04:41 +02:00
Malte Poll
bad9edb99b
image: move mkosi settings into their actual sections (#2471)
mkosi now warns about what settings are defined in what sections.
Soon, the config parsing might fail when settings are in the wrong sections.
2023-10-17 12:44:19 +02:00
Malte Poll
8bc1d80d86 image: install rpms from lockfile 2023-10-17 09:23:56 +02:00
Malte Poll
d904766b9c image: base layer 2023-09-27 17:58:19 +02:00