feat; use CentOS Stream CoreOS (SCOS) as source

OKD already provides SCOS images. They are VERY similar to FCOS, only a few minor tweaks to make them as close as I can imagine. Stream 10 images seem to not have had an update in several months.
ublue-os · Feb 6, 2025 · 836deb7 · 836deb7
1 parent d2010f3
commit 836deb7
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 56 deletions.
diff --git a/Containerfile b/Containerfile
@@ -1,6 +1,7 @@
-ARG MAJOR_VERSION="${MAJOR_VERSION:-stream9}"
+ARG FROM_IMG="${FROM_IMG:-quay.io/okd/centos-stream-coreos-9}"
+ARG FROM_TAG="${FROM_TAG:-4.18-x86_64}"
 
-FROM quay.io/centos-bootc/centos-bootc:$MAJOR_VERSION
+FROM ${FROM_IMG}:${FROM_TAG}
 
 # Install/remove packages to make an image with resembles Fedora CoreOS
 COPY build.sh /tmp/build.sh

diff --git a/Justfile b/Justfile
@@ -1,6 +1,8 @@
 export repo_organization := env("GITHUB_REPOSITORY_OWNER", "ublue-os")
 export image_name := env("IMAGE_NAME", "ccos")
-export centos_version := env("CENTOS_VERSION", "stream9")
+export centos_version := env("CENTOS_VERSION", "9")
+export scos_image := env("SCOS_IMAGE", "quay.io/okd/centos-stream-coreos")
+export scos_tag:= env("SCOS_TAG", "4.18-x86_64")
 export default_tag := env("DEFAULT_TAG", "latest")
 
 # work around issue with upstream image builder,
@@ -81,7 +83,8 @@ build $target_image=image_name $tag=default_tag:
     ver="${tag}-${centos_version}.$(date +%Y%m%d)"
 
     BUILD_ARGS=()
-    BUILD_ARGS+=("--build-arg" "MAJOR_VERSION=${centos_version}")
+    BUILD_ARGS+=("--build-arg" "FROM_IMG=${scos_image}-${centos_version}")
+    BUILD_ARGS+=("--build-arg" "FROM_TAG=${scos_tag}")
     # BUILD_ARGS+=("--build-arg" "IMAGE_NAME=${image_name}")
     # BUILD_ARGS+=("--build-arg" "IMAGE_VENDOR=${repo_organization}")
     # if [[ -z "$(git status -s)" ]]; then
@@ -94,7 +97,7 @@ build $target_image=image_name $tag=default_tag:
     # LABELS+=("--label" "ostree.linux=${kernel_release}")
     LABELS+=("--label" "io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/ccos/main/README.md")
     LABELS+=("--label" "io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4")
-    LABELS+=("--label" "org.opencontainers.image.description=CentOS-based CoreOS-style bootc images")
+    LABELS+=("--label" "org.opencontainers.image.description=CentOS Stream CoreOS-based bootc images")
 
     podman build \
         "${BUILD_ARGS[@]}" \

diff --git a/build.sh b/build.sh
@@ -7,30 +7,17 @@ mkdir -m 0700 -p /var/roothome
 # Fast track https://gitlab.com/fedora/bootc/base-images/-/merge_requests/71
 ln -sf /run /var/run
 
+dnf config-manager --set-enabled extras-common
+dnf config-manager --set-enabled baseos
+dnf config-manager --set-enabled appstream
+
 #dnf config-manager --set-enabled crb
 #dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
 
-# add some packages present in Fedora CoreOS but not CentOS bootc
+# add some packages present in Fedora CoreOS but not Stream CoreOS
 dnf -y install --setopt=install_weak_deps=False \
-  NetworkManager-team \
-  afterburn \
-  afterburn-dracut \
-  audit \
-  authselect \
-  clevis-dracut \
   clevis-pin-tpm2 \
-  coreos-installer \
-  coreos-installer-bootinfra \
-  firewalld \
-  git-core \
-  hwdata \
-  ignition \
-  ipcalc \
-  iscsi-initiator-utils \
   nfs-utils-coreos \
-  runc \
-  rsync \
-  ssh-key-dir \
   wireguard-tools
 
 # remove some packages present in CentOS bootc but not Fedora CoreOS
@@ -40,36 +27,10 @@ dnf -y remove \
   quota \
   quota-nls
 
-# apply CoreOS overlays
-cd /tmp/
-git clone https://github.com/coreos/fedora-coreos-config
-cd fedora-coreos-config
-git checkout stable
-cd overlay.d
-# remove overlays which should not be used on CentOS
-# no composefs by default on CentoOS stream9
-rm -fr 08composefs
-# remove fedora specific stuff
-rm -fr 15fcos/usr/lib/dracut
-rm -fr 15fcos/usr/lib/motd.d
-rm -fr 15fcos/usr/lib/systemd
-rm -fr 15fcos/usr/libexec
-# zincati should not even exist in a bootc image
-rm -fr 16disable-zincati
-# now try to apply
-for od in $(find * -maxdepth 0 -type d); do
-  pushd ${od}
-  find * -maxdepth 0 -type d -exec rsync -av ./{}/ /{}/ \;
-  if [ -f statoverride ]; then
-    for line in $(grep ^= statoverride|sed 's/ /=/'); do
-      DEC=$(echo $line|cut -f2 -d=)
-      OCT=$(printf %o ${DEC})
-      FILE=$(echo $line|cut -f3 -d=)
-      chmod ${OCT} ${FILE}
-    done
-  fi
-  popd
-done
-
-# enable systemd-resolved for proper name resolution
-systemctl enable systemd-resolved.service
+# required for bootc container lint; copied from centos-bootc image
+cat << EOF > /usr/lib/ostree/prepare-root.conf
+[composefs]
+enabled = yes
+[sysroot]
+readonly = true
+EOF