Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-kiwi for openSUSE:Factory checked in at 2024-09-16 17:40:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-kiwi (Old) and /work/SRC/openSUSE:Factory/.python-kiwi.new.29891 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-kiwi" Mon Sep 16 17:40:31 2024 rev:122 rq:1200859 version:10.1.11 Changes: -------- --- /work/SRC/openSUSE:Factory/python-kiwi/python-kiwi.changes 2024-09-08 12:00:32.615865793 +0200 +++ /work/SRC/openSUSE:Factory/.python-kiwi.new.29891/python-kiwi.changes 2024-09-16 17:40:42.215166442 +0200 @@ -1,0 +2,152 @@ +Fri Sep 13 16:33:19 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Bump version: 10.1.10 â 10.1.11 + +------------------------------------------------------------------- +Fri Sep 13 10:42:38 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- doc: Add login information test build test images + +------------------------------------------------------------------- +Fri Sep 13 10:23:39 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Bump version: 10.1.9 â 10.1.10 + +------------------------------------------------------------------- +Thu Sep 12 18:53:52 CEST 2024 - Michal Suchanek <msucha...@suse.de> + +- bootloader: Fix up ppc64 bootinfo again + + To make the code look pretty extra newline is inserted at the start of + bootinfo file. This appears to break boot on Power9 PowerVM LPARs. + +------------------------------------------------------------------- +Thu Sep 12 17:29:29 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Add support for erofs + + erofs is an alternative readonly filesystem that can be + used as alternative to squashfs. This Fixes #2633 + +------------------------------------------------------------------- +Thu Sep 12 10:57:33 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Fixed enclave integration test + + The SELinux policy of Fedora Rawhide when running completely in + an initrd is not suitable to let the system boot up. Thus the + current solution is to boot in permissive mode. A better solution + for the future would probably be a selinux policy for enclaves + +------------------------------------------------------------------- +Wed Sep 11 14:15:07 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- limit eif_build requires to fedora >= 42 + +------------------------------------------------------------------- +Wed Sep 11 13:07:29 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Bump version: 10.1.8 â 10.1.9 + +------------------------------------------------------------------- +Wed Sep 11 12:48:43 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Added sshd to nitro-enclave integration test + +------------------------------------------------------------------- +Wed Sep 11 12:21:08 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Fixed container sync options + + Do not exclude/filter any security/xattr capabilities. + +------------------------------------------------------------------- +Wed Sep 11 12:20:34 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Update container integration test + + Add getcap to check on filesystem capabilities + +------------------------------------------------------------------- +Wed Sep 11 11:01:33 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Add new build type provides for enclave + + Add a provides tag (read by the open buildservice) for the new + enclave builder. Also add a recommends to eif_builder in + the systemdeps-core meta package + +------------------------------------------------------------------- +Tue Sep 10 15:51:58 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Update enclave documentation + + Fixup repo setup in the build documentation + +------------------------------------------------------------------- +Tue Sep 10 15:35:15 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Bump version: 10.1.7 â 10.1.8 + +------------------------------------------------------------------- +Tue Sep 10 15:31:45 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Fixed enclave documentation + + Path to the build test was not correct + +------------------------------------------------------------------- +Tue Sep 10 15:14:10 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Update test-image-nitro-enclave package list + + Fixup package list to match Fedora rawhide + +------------------------------------------------------------------- +Tue Sep 10 15:06:32 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Move test-image-nitro-enclave to rawhide + +------------------------------------------------------------------- +Tue Sep 10 10:20:10 CEST 2024 - Michal Suchanek <msucha...@suse.de> + +- Fix ppc64 chrp bootinfo generation + +------------------------------------------------------------------- +Mon Sep 09 16:05:28 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Fixed documentation header + + Fixed double H1 headers from the boxbuild tweaks chapter. + +------------------------------------------------------------------- +Mon Sep 09 15:32:14 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Bump version: 10.1.6 â 10.1.7 + +------------------------------------------------------------------- +Mon Sep 09 15:26:15 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Move EXEC log message to the right place + + The log information of the command execution was not printed + directly before the actual command invocation. There are other + actions after the log information (e.g Path.which) which itself + produce log information prior the real subprocess execution. + This is very misleading when reading the log file and fixed + in this commit. + +------------------------------------------------------------------- +Mon Sep 09 10:43:09 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Add support for architectures in deb source file + + When apt resolves packages on a multiarch repo it can happen + that dependencies for packages from other architectures are + pulled into the solver process but are not provided by any + repository. To overcome this behavior the repository can + be setup to serve packages only for a specified architecture + or list of architectures. This is related to + OSInside/kiwi-descriptions#102 + +------------------------------------------------------------------- @@ -565,0 +718,9 @@ + +------------------------------------------------------------------- +Fri Jul 05 12:59:22 CEST 2024 - Marcus Schäfer <marcus.schae...@gmail.com> + +- Add new builder for enclaves + + Add new EnclaveBuilder class which allows to build initrd-only + image types. The first enclave implementation covers aws-nitro + images produced via the eif_build tooling. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-kiwi.spec ++++++ --- /var/tmp/diff_new_pack.GtxR8w/_old 2024-09-16 17:40:43.135204816 +0200 +++ /var/tmp/diff_new_pack.GtxR8w/_new 2024-09-16 17:40:43.139204983 +0200 @@ -52,7 +52,7 @@ %endif Name: python-kiwi -Version: 10.1.6 +Version: 10.1.11 Provides: kiwi-schema = 8.1 Release: 0 Url: https://github.com/OSInside/kiwi @@ -122,6 +122,10 @@ %if "%{_vendor}" != "debbuild" Provides: kiwi-image:tbz %endif +%if 0%{?fedora} >= 42 +Provides: kiwi-image:enclave +Requires: eif_build +%endif # tools conditionally used by kiwi %if 0%{?fedora} || 0%{?rhel} >= 8 Recommends: gnupg2 @@ -287,10 +291,17 @@ Provides: kiwi-filesystem:ext4 Provides: kiwi-filesystem:squashfs Provides: kiwi-filesystem:xfs +%if ! (0%{?suse_version} && 0%{?suse_version} < 1600) +Provides: kiwi-filesystem:erofs +Provides: kiwi-image:erofs +%endif %endif Requires: dosfstools Requires: e2fsprogs Requires: xfsprogs +%if ! (0%{?suse_version} && 0%{?suse_version} < 1600) +Requires: erofs-utils +%endif %if 0%{?suse_version} Requires: btrfsprogs %else ++++++ PKGBUILD ++++++ --- /var/tmp/diff_new_pack.GtxR8w/_old 2024-09-16 17:40:43.175206485 +0200 +++ /var/tmp/diff_new_pack.GtxR8w/_new 2024-09-16 17:40:43.179206651 +0200 @@ -3,7 +3,7 @@ pkgname=('python-kiwi' 'kiwi-man-pages' 'dracut-kiwi-lib' 'dracut-kiwi-oem-repart' 'dracut-kiwi-oem-dump' 'dracut-kiwi-live' 'dracut-kiwi-overlay') arch=(x86_64) -pkgver=10.1.6 +pkgver=10.1.11 pkgrel=0 pkgdesc="KIWI - Appliance Builder Next Generation" url="https://github.com/SUSE/kiwi/tarball/master"; @@ -12,7 +12,7 @@ provides=(kiwi-ng kiwi) source=("${pkgname}.tar.gz") changelog="${pkgname}.changes" -md5sums=('6fa45484073041b1f32130d0a640c624') +md5sums=('7f2f4141b4dd2417ffa547356d870946') build() { ++++++ python-kiwi.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/.bumpversion.cfg new/kiwi-10.1.11/.bumpversion.cfg --- old/kiwi-10.1.6/.bumpversion.cfg 2024-09-06 10:41:00.521722600 +0200 +++ new/kiwi-10.1.11/.bumpversion.cfg 2024-09-13 16:33:19.852005700 +0200 @@ -1,5 +1,5 @@ [bumpversion] -current_version = 10.1.6 +current_version = 10.1.11 commit = True tag = True diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/PKG-INFO new/kiwi-10.1.11/PKG-INFO --- old/kiwi-10.1.6/PKG-INFO 1970-01-01 01:00:00.000000000 +0100 +++ new/kiwi-10.1.11/PKG-INFO 1970-01-01 01:00:00.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: kiwi -Version: 10.1.6 +Version: 10.1.11 Summary: KIWI - Appliance Builder Home-page: https://osinside.github.io/kiwi/ License: GPL-3.0-or-later diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/doc/source/building_images/build_enclave.rst new/kiwi-10.1.11/doc/source/building_images/build_enclave.rst --- old/kiwi-10.1.6/doc/source/building_images/build_enclave.rst 1970-01-01 01:00:00.000000000 +0100 +++ new/kiwi-10.1.11/doc/source/building_images/build_enclave.rst 2024-09-10 15:51:27.954372600 +0200 @@ -0,0 +1,103 @@ +.. _eif: + +Build an AWS Nitro Enclave +============================== + +.. sidebar:: Abstract + + This page explains how to build AWS Nitro Enclaves. It covers the following topics: + + * how to build an AWS Nitro Enclave + * how to test the enclave via QEMU + +AWS Nitro Enclaves enables customers to create isolated compute environments +to further protect and securely process highly sensitive data such as personally +identifiable information (PII), healthcare, financial, and intellectual property +data within their Amazon EC2 instances. Nitro Enclaves uses the same Nitro +Hypervisor technology that provides CPU and memory isolation for EC2 instances. +For further details please visit https://aws.amazon.com/ec2/nitro/nitro-enclaves + +To add an enclave build to your appliance, create a `type` element with +`image` set to `enclave` in the :file:`config.xml` file as shown below: + +.. code:: xml + + <image schemaversion="{schema_version}" name="kiwi-test-image-nitro-enclave"> + <!-- snip --> + <profiles> + <profile name="default" description="CPIO: default profile" import="true"/> + <profile name="std" description="KERNEL: default kernel" import="true"/> + </profiles> + <preferences> + <type image="enclave" enclave_format="aws-nitro" kernelcmdline="reboot=k panic=30 pci=off console=ttyS0 i8042.noaux i8042.nomux i8042.nopnp i8042.dumbkbd random.trust_cpu=on rdinit=/sbin/init"/> + <!-- additional preferences --> + </preferences> + <packages type="image" profiles="std"> + <package name="kernel"/> + </packages> + <!-- more packages --> + <!-- snip --> + </image> + +The following attributes of the `type` element are relevant: + +- `enclave_format`: Specifies the enclave target + + As of today only the `aws-nitro` enclave target is supported + + +- `kernelcmdline`: Specifies the kernel commandline suitable for the enclave + + An enclave is a system that runs completely in RAM loaded from + an enclave binary format which includes the kernel, initrd and + the kernel commandline suitable for the target system. + +With the appropriate settings specified in :file:`config.xml`, you can build an +image using {kiwi}: + +.. code:: bash + + $ sudo kiwi-ng system build \ + --description kiwi/build-tests/{exc_description_enclave} \ + --set-repo {exc_repo_rawhide} \ + --target-dir /tmp/myimage + +The resulting image is saved in :file:`/tmp/myimage`, and the image can +be tested with QEMU: + +.. code:: bash + + $ sudo qemu-system-x86_64 \ + -M nitro-enclave,vsock=c \ + -m 4G \ + -nographic \ + -chardev socket,id=c,path=/tmp/vhost4.socket \ + -kernel {exc_image_base_name_enclave}.eif + +The image is now complete and ready to use. Access to the system is +possible via ssh through a vsock connection into the guest. To establish +a vsock connection it's required to forward the connection through the +guest AF_VSOCK socket. This can be done via a ProxyCommand setup of the +host ssh as follows: + +.. code:: bash + + $ vi ~/bin/vsock-ssh.sh + + #!/bin/bash + CID=$(echo "$1" | cut -d . -f 1) + socat - VSOCK-CONNECT:$CID:22 + +.. code:: bash + + $ vi ~/.ssh/config + + host *.vsock + ProxyCommand ~/bin/vsock-ssh.sh %h + +After the ssh proxy setup login to the enclave with a custom vsock port +as follows: + +.. code:: bash + + $ ssh root@21.vsock diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/doc/source/building_images.rst new/kiwi-10.1.11/doc/source/building_images.rst --- old/kiwi-10.1.6/doc/source/building_images.rst 2024-04-18 14:53:58.574938500 +0200 +++ new/kiwi-10.1.11/doc/source/building_images.rst 2024-09-13 11:13:19.452062800 +0200 @@ -6,7 +6,8 @@ .. note:: This document provides an overview how to build and use - the {kiwi} supported image types. + the {kiwi} supported image types. All images that we provide + for testing uses the root password: `linux` .. toctree:: :maxdepth: 1 @@ -17,3 +18,4 @@ building_images/build_container_image building_images/build_wsl_container building_images/build_kis + building_images/build_enclave diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/doc/source/conf.py new/kiwi-10.1.11/doc/source/conf.py --- old/kiwi-10.1.6/doc/source/conf.py 2024-09-06 10:41:00.517722600 +0200 +++ new/kiwi-10.1.11/doc/source/conf.py 2024-09-13 16:33:19.852005700 +0200 @@ -70,6 +70,7 @@ '{exc_image_base_name_disk_simple}': 'kiwi-test-image-disk-simple', '{exc_image_base_name_live}': 'kiwi-test-image-live', '{exc_image_base_name_docker}': 'kiwi-test-image-docker', + '{exc_image_base_name_enclave}': 'kiwi-test-image-nitro-enclave', '{exc_netboot}': 'netboot/suse-tumbleweed', '{exc_description_pxe}': 'x86/tumbleweed/test-image-pxe', '{exc_description_vagrant}': 'x86/leap/test-image-vagrant', @@ -78,10 +79,12 @@ '{exc_description_live}': 'x86/leap/test-image-live', '{exc_description_wsl}': 'x86/tumbleweed/test-image-wsl', '{exc_description_docker}': 'x86/leap/test-image-docker', + '{exc_description_enclave}': 'x86/rawhide/test-image-nitro-enclave', '{exc_os_version}': '15.5', '{exc_image_version}': '1.15.3', '{exc_repo_leap}': 'obs://openSUSE:Leap:15.5/standard', '{exc_repo_tumbleweed}': 'http://download.opensuse.org/tumbleweed/repo/oss', + '{exc_repo_rawhide}': 'https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64', '{exc_kiwi_repo}': 'obs://Virtualization:Appliances:Builder/openSUSE_Leap_15.5', '{schema_version}': '8.0', @@ -139,7 +142,7 @@ # built documents. # # The short X.Y version. -version = '10.1.6' +version = '10.1.11' # The full version, including alpha/beta/rc tags. release = version diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/doc/source/image_description/elements.rst new/kiwi-10.1.11/doc/source/image_description/elements.rst --- old/kiwi-10.1.6/doc/source/image_description/elements.rst 2024-08-12 09:38:06.231310000 +0200 +++ new/kiwi-10.1.11/doc/source/image_description/elements.rst 2024-09-13 16:33:03.812008100 +0200 @@ -652,6 +652,13 @@ squashfscompression="uncompressed|gzip|lzo|lz4|xz|zstd": Specifies the compression type for mksquashfs +erofscompression="text" + Specifies the compression type and level for erofs. + The attribute is a free form text because erofs allows paramters + for the different compression types. Please consult the erofs + man page for details how to specify a value for the `-z` option + on `mkfs.erofs` and pass a proper value as erofscompression + standalone_integrity="true|false": For the `oem` type only, specifies to create a standalone `dm_integrity` layer on top of the root filesystem diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/doc/source/image_types_and_results.rst new/kiwi-10.1.11/doc/source/image_types_and_results.rst --- old/kiwi-10.1.6/doc/source/image_types_and_results.rst 2024-05-02 09:12:27.048463600 +0200 +++ new/kiwi-10.1.11/doc/source/image_types_and_results.rst 2024-09-10 14:50:25.238501300 +0200 @@ -48,6 +48,11 @@ Many different deployment strategies are possible. For further details refer to: :ref:`kis` +AWS Nitro Enclave + An initrd based image using the `eif` binary format. The image is + expected to be used in the AWS Nitro Enclave system or for testing + in QEMU. For further details refer to: :ref:`eif` + Image Results ------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/doc/source/troubleshooting/boxbuild_tweaks.rst new/kiwi-10.1.11/doc/source/troubleshooting/boxbuild_tweaks.rst --- old/kiwi-10.1.6/doc/source/troubleshooting/boxbuild_tweaks.rst 2024-08-26 18:05:52.821304800 +0200 +++ new/kiwi-10.1.11/doc/source/troubleshooting/boxbuild_tweaks.rst 2024-09-09 16:05:02.233579600 +0200 @@ -6,9 +6,8 @@ This document describes a few ways to modify box build VMs for testing/debugging. - Increase Box Build Image Size -============================= +----------------------------- In particularly large builds, you may find that the upstream build boxes aren't quite large enough, and diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/bootloader/config/grub2.py new/kiwi-10.1.11/kiwi/bootloader/config/grub2.py --- old/kiwi-10.1.6/kiwi/bootloader/config/grub2.py 2024-09-06 08:45:11.942936000 +0200 +++ new/kiwi-10.1.11/kiwi/bootloader/config/grub2.py 2024-09-13 10:35:38.329110100 +0200 @@ -945,9 +945,9 @@ <chrp-boot> <description>{os_name}</description> <os-name>{os_name}</os-name> - <boot-script>boot &device;:1,\boot\grub2\powerpc-ieee1275\grub.elf</boot-script> + <boot-script>boot &device;:1,\\boot\\grub2\\powerpc-ieee1275\\grub.elf</boot-script> </chrp-boot> - ''') + ''').strip() + os.linesep with open(chrp_bootinfo_file, 'w') as chrp_bootinfo: chrp_bootinfo.write( chrp_config.format(os_name=self.get_menu_entry_install_title()) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/builder/__init__.py new/kiwi-10.1.11/kiwi/builder/__init__.py --- old/kiwi-10.1.6/kiwi/builder/__init__.py 2024-08-14 18:35:25.989191300 +0200 +++ new/kiwi-10.1.11/kiwi/builder/__init__.py 2024-09-10 14:50:25.242501300 +0200 @@ -49,6 +49,8 @@ name_token = ('live', 'LiveImageBuilder') elif image_type in Defaults.get_kis_image_types(): name_token = ('kis', 'KisBuilder') + elif image_type in Defaults.get_enclaves_image_types(): + name_token = ('enclave', 'EnclaveBuilder') elif image_type in Defaults.get_archive_image_types(): name_token = ('archive', 'ArchiveBuilder') elif image_type in Defaults.get_container_image_types(): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/builder/enclave.py new/kiwi-10.1.11/kiwi/builder/enclave.py --- old/kiwi-10.1.6/kiwi/builder/enclave.py 1970-01-01 01:00:00.000000000 +0100 +++ new/kiwi-10.1.11/kiwi/builder/enclave.py 2024-09-10 14:50:25.242501300 +0200 @@ -0,0 +1,195 @@ +# Copyright (c) 2024 SUSE Software Solutions Germany GmbH. All rights reserved. +# +# This file is part of kiwi. +# +# kiwi is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# kiwi is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with kiwi. If not, see <http://www.gnu.org/licenses/> +# +import os +import logging +from typing import Dict + +# project +from kiwi.defaults import Defaults +from kiwi.boot.image import BootImage +from kiwi.system.setup import SystemSetup +from kiwi.system.kernel import Kernel +from kiwi.system.result import Result +from kiwi.runtime_config import RuntimeConfig +from kiwi.xml_state import XMLState +from kiwi.command import Command + +from kiwi.exceptions import ( + KiwiEnclaveFormatError, + KiwiEnclaveBootImageError +) + +log = logging.getLogger('kiwi') + + +class EnclaveBuilder: + """ + **Enclave Builder** + + Enclaves defines initrd-only image types. + + :param object xml_state: instance of :class:`XMLState` + :param str target_dir: target directory path name + :param str root_dir: system image root directory + :param dict custom_args: Custom processing arguments defined as hash keys: + * signing_keys: list of package signing keys + * xz_options: string of XZ compression parameters + """ + def __init__( + self, xml_state: XMLState, target_dir: str, + root_dir: str, custom_args: Dict = None + ): + self.target_dir = target_dir + self.custom_cmdline = xml_state.build_type.get_kernelcmdline() + self.format = xml_state.build_type.get_enclave_format() + + self.system_setup = SystemSetup( + xml_state=xml_state, root_dir=root_dir + ) + xml_state.build_type.set_initrd_system('kiwi') + xml_state.build_type.set_boot(f'{root_dir}/image') + + self.boot_signing_keys = custom_args['signing_keys'] if custom_args \ + and 'signing_keys' in custom_args else None + + self.xz_options = custom_args['xz_options'] if custom_args \ + and 'xz_options' in custom_args else None + + self.boot_image_task = BootImage.new( + xml_state, target_dir, root_dir, + signing_keys=self.boot_signing_keys + ) + # Force BootImageKiwi instance to use existing root_dir + self.boot_image_task.boot_root_directory = root_dir + + self.bundle_format = xml_state.get_build_type_bundle_format() + self.image_name = ''.join( + [ + target_dir, '/', + xml_state.xml_data.get_name(), + '.' + Defaults.get_platform_name(), + '-' + xml_state.get_image_version() + ] + ) + self.image: str = '' + self.initrd: str = '' + self.kernel_filename: str = '' + self.enclave: str = '' + self.result = Result(xml_state) + self.runtime_config = RuntimeConfig() + + def create(self) -> Result: + """ + Build an eif image using the eif-cli + + Image types which triggers this builder are: + + * image="enclave" + + :return: result + + :rtype: instance of :class:`Result` + """ + if not self.format: + raise KiwiEnclaveFormatError( + 'No enclave_format= specified in build type' + ) + + # Create initrd + self.boot_image_task.create_initrd() + + # extract kernel from boot system + kernel = Kernel(self.boot_image_task.boot_root_directory) + kernel_data = kernel.get_kernel() + if kernel_data: + self.kernel_filename = ''.join( + [ + os.path.basename(self.image_name), '-', + kernel_data.version, '.kernel' + ] + ) + kernel.copy_kernel( + self.target_dir, self.kernel_filename + ) + else: + raise KiwiEnclaveBootImageError( + 'No kernel in boot image tree %s found' % + self.boot_image_task.boot_root_directory + ) + + self.initrd = os.path.basename(self.boot_image_task.initrd_filename) + + if self.format == 'aws-nitro': + self.enclave = self.image_name + ".eif" + Command.run( + [ + 'eif_build', + '--kernel', '/'.join([self.target_dir, self.kernel_filename]), + '--ramdisk', '/'.join([self.target_dir, self.initrd]), + '--cmdline', self.custom_cmdline, + '--output', self.enclave + ] + ) + + Result.verify_image_size( + self.runtime_config.get_max_size_constraint(), + self.initrd + ) + # store image bundle_format in result + if self.bundle_format: + self.result.add_bundle_format(self.bundle_format) + + self.result.add( + key='enclave', + filename=self.enclave, + use_for_bundle=True, + compress=self.runtime_config.get_bundle_compression( + default=False + ), + shasum=True + ) + + # create image root metadata + self.result.add( + key='image_packages', + filename=self.system_setup.export_package_list( + self.target_dir + ), + use_for_bundle=True, + compress=False, + shasum=False + ) + self.result.add( + key='image_changes', + filename=self.system_setup.export_package_changes( + self.target_dir + ), + use_for_bundle=True, + compress=True, + shasum=False + ) + self.result.add( + key='image_verified', + filename=self.system_setup.export_package_verification( + self.target_dir + ), + use_for_bundle=True, + compress=False, + shasum=False + ) + return self.result diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/builder/filesystem.py new/kiwi-10.1.11/kiwi/builder/filesystem.py --- old/kiwi-10.1.6/kiwi/builder/filesystem.py 2024-05-02 09:12:27.060463700 +0200 +++ new/kiwi-10.1.11/kiwi/builder/filesystem.py 2024-09-13 16:33:03.812008100 +0200 @@ -89,7 +89,7 @@ self.blocksize = xml_state.build_type.get_target_blocksize() self.filesystem_setup = FileSystemSetup(xml_state, root_dir) self.filesystems_no_device_node = [ - 'squashfs' + 'squashfs', 'erofs' ] self.luks = xml_state.get_luks_credentials() self.result = Result(xml_state) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/builder/live.py new/kiwi-10.1.11/kiwi/builder/live.py --- old/kiwi-10.1.6/kiwi/builder/live.py 2024-08-26 17:19:47.852434000 +0200 +++ new/kiwi-10.1.11/kiwi/builder/live.py 2024-09-13 16:33:03.812008100 +0200 @@ -246,7 +246,7 @@ filesystem_setup = FileSystemSetup( self.xml_state, self.root_dir ) - if root_filesystem != 'squashfs': + if root_filesystem not in ['squashfs', 'erofs']: # Create a filesystem image of the specified type # and put it into a SquashFS container root_image = Temporary().new_file() @@ -302,12 +302,15 @@ else: # Put the root filesystem into SquashFS directly with FileSystem.new( - name='squashfs', + name=root_filesystem, device_provider=DeviceProvider(), root_dir=self.root_dir + os.sep, custom_args={ 'compression': self.xml_state.build_type.get_squashfscompression() + } if root_filesystem == 'squashfs' else { + 'compression': + self.xml_state.build_type.get_erofscompression() } ) as live_container_image: container_image = Temporary().new_file() @@ -316,6 +319,12 @@ ) Path.create(self.media_dir.name + '/LiveOS') os.chmod(container_image.name, 0o644) + # Note: we keep the filename of the read-only image as it is + # even if another read-only filesystem not matching this + # filename is used. This is because the following filename + # is also used in the initrd code for the kiwi-live and + # dmsquash dracut modules. The name can be overwritten + # with the rd.live.squashimg boot option though. shutil.copy( container_image.name, self.media_dir.name + '/LiveOS/squashfs.img' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/command.py new/kiwi-10.1.11/kiwi/command.py --- old/kiwi-10.1.6/kiwi/command.py 2024-05-02 09:12:27.060463700 +0200 +++ new/kiwi-10.1.11/kiwi/command.py 2024-09-09 15:26:02.864029600 +0200 @@ -115,7 +115,6 @@ :rtype: CommandT """ from .path import Path - log.debug('EXEC: [%s]', ' '.join(command)) environment = custom_env or os.environ cmd_abspath: Optional[str] if command[0].startswith("/"): @@ -134,6 +133,7 @@ log.debug('EXEC: %s', message) return None stderr = subprocess.STDOUT if stderr_to_stdout else subprocess.PIPE + log.debug('EXEC: [%s]', ' '.join(command)) try: process = subprocess.Popen( [cmd_abspath] + command[1:], diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/defaults.py new/kiwi-10.1.11/kiwi/defaults.py --- old/kiwi-10.1.6/kiwi/defaults.py 2024-09-06 08:45:11.942936000 +0200 +++ new/kiwi-10.1.11/kiwi/defaults.py 2024-09-13 16:33:03.812008100 +0200 @@ -1523,7 +1523,7 @@ """ return [ 'ext2', 'ext3', 'ext4', 'btrfs', 'squashfs', - 'xfs', 'fat16', 'fat32' + 'xfs', 'fat16', 'fat32', 'erofs' ] @staticmethod @@ -1647,6 +1647,17 @@ return ['kis', 'pxe'] @staticmethod + def get_enclaves_image_types(): + """ + Provides supported enclave(initrd-only) image types + + :return: enclave image type names + + :rtype: list + """ + return ['enclave'] + + @staticmethod def get_boot_image_description_path(): """ Provides the path to find custom kiwi boot descriptions diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/exceptions.py new/kiwi-10.1.11/kiwi/exceptions.py --- old/kiwi-10.1.6/kiwi/exceptions.py 2024-08-14 18:35:25.989191300 +0200 +++ new/kiwi-10.1.11/kiwi/exceptions.py 2024-09-10 14:50:25.242501300 +0200 @@ -492,6 +492,13 @@ """ +class KiwiEnclaveBootImageError(KiwiError): + """ + Exception raised if no kernel image was found while + building an enclave image. + """ + + class KiwiRaidSetupError(KiwiError): """ Exception raised if invalid or not enough user data is provided @@ -853,3 +860,10 @@ """ Exception raised if the disk password could not be set """ + + +class KiwiEnclaveFormatError(KiwiError): + """ + Exception raised if no enclave_format attribute specified + for the selected build type + """ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/filesystem/__init__.py new/kiwi-10.1.11/kiwi/filesystem/__init__.py --- old/kiwi-10.1.6/kiwi/filesystem/__init__.py 2024-05-02 09:12:27.064463600 +0200 +++ new/kiwi-10.1.11/kiwi/filesystem/__init__.py 2024-09-13 16:33:03.812008100 +0200 @@ -54,7 +54,8 @@ 'fat16': 'Fat16', 'fat32': 'Fat32', 'squashfs': 'SquashFs', - 'swap': 'Swap' + 'swap': 'Swap', + 'erofs': 'EroFs' } try: filesystem = importlib.import_module( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/filesystem/erofs.py new/kiwi-10.1.11/kiwi/filesystem/erofs.py --- old/kiwi-10.1.6/kiwi/filesystem/erofs.py 1970-01-01 01:00:00.000000000 +0100 +++ new/kiwi-10.1.11/kiwi/filesystem/erofs.py 2024-09-13 16:33:03.812008100 +0200 @@ -0,0 +1,60 @@ +# Copyright (c) 2024 SUSE Software Solutions Germany GmbH. All rights reserved. +# +# This file is part of kiwi. +# +# kiwi is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# kiwi is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with kiwi. If not, see <http://www.gnu.org/licenses/> +# +from typing import List + +# project +from kiwi.filesystem.base import FileSystemBase +from kiwi.command import Command + + +class FileSystemEroFs(FileSystemBase): + """ + **Implements creation of erofs filesystem** + """ + def create_on_file( + self, filename, label: str = None, exclude: List[str] = None + ): + """ + Create erofs filesystem from data tree + + :param string filename: result file path name + :param string label: volume label + :param list exclude: list of exclude dirs/files + """ + self.filename = filename + exclude_options = [] + compression = self.custom_args.get('compression') + if compression: + self.custom_args['create_options'].append('-z') + self.custom_args['create_options'].append(compression) + + if exclude: + for item in exclude: + exclude_options.append(f'--exclude-regex={item}') + + if label: + self.custom_args['create_options'].append('-L') + self.custom_args['create_options'].append(label) + + Command.run( + [ + 'mkfs.erofs' + ] + self.custom_args['create_options'] + exclude_options + [ + self.filename, self.root_dir + ] + ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/oci_tools/umoci.py new/kiwi-10.1.11/kiwi/oci_tools/umoci.py --- old/kiwi-10.1.6/kiwi/oci_tools/umoci.py 2024-07-23 10:47:16.790534700 +0200 +++ new/kiwi-10.1.11/kiwi/oci_tools/umoci.py 2024-09-11 13:07:12.644025300 +0200 @@ -137,9 +137,6 @@ os.sep.join([self.oci_root_dir, 'rootfs']), exclude_list=exclude_list, options=Defaults.get_sync_options() + [ - '--filter', '-x! user.*', - '--filter', '-x! security.ima*', - '--filter', '-x! security.capability*', '--delete' ] ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/repository/apt.py new/kiwi-10.1.11/kiwi/repository/apt.py --- old/kiwi-10.1.6/kiwi/repository/apt.py 2024-08-12 09:38:06.239309800 +0200 +++ new/kiwi-10.1.11/kiwi/repository/apt.py 2024-09-09 15:25:03.512024900 +0200 @@ -138,7 +138,8 @@ prio: int = None, dist: str = None, components: str = None, user: str = None, secret: str = None, credentials_file: str = None, repo_gpgcheck: bool = None, pkg_gpgcheck: bool = None, - sourcetype: str = None, customization_script: str = None + sourcetype: str = None, customization_script: str = None, + architectures: str = None ) -> None: """ Add apt_get repository @@ -157,6 +158,8 @@ :param str sourcetype: unused :param str customization_script: custom script called after the repo file was created + :param str architectures: + identifies which architectures are supported by this repository """ sources_file = '/'.join( [self.shared_apt_get_dir['sources-dir'], name + '.sources'] @@ -175,6 +178,10 @@ with open(sources_file, 'w') as repo: repo_details = 'Types: deb' + os.linesep repo_details += 'URIs: ' + uri + os.linesep + if architectures: + repo_details += 'Architectures: {}{}'.format( + architectures.replace(',', ' '), os.linesep + ) if not dist: # create a debian flat repository setup. We consider the # repository metadata to exist on the toplevel of the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/repository/base.py new/kiwi-10.1.11/kiwi/repository/base.py --- old/kiwi-10.1.6/kiwi/repository/base.py 2024-08-12 09:38:06.239309800 +0200 +++ new/kiwi-10.1.11/kiwi/repository/base.py 2024-09-09 15:25:03.512024900 +0200 @@ -77,7 +77,7 @@ self, name: str, uri: str, repo_type: str, prio: int, dist: str, components: str, user: str, secret: str, credentials_file: str, repo_gpgcheck: bool, pkg_gpgcheck: bool, sourcetype: str, - customization_script: str = None + customization_script: str = None, architectures: str = None ) -> None: """ Add repository @@ -97,6 +97,7 @@ :param bool pkg_gpgcheck: unused :param str sourcetype: unused :param str customization_script: unused + :param str architectures: unused """ raise NotImplementedError diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/repository/dnf4.py new/kiwi-10.1.11/kiwi/repository/dnf4.py --- old/kiwi-10.1.6/kiwi/repository/dnf4.py 2024-08-12 09:38:06.239309800 +0200 +++ new/kiwi-10.1.11/kiwi/repository/dnf4.py 2024-09-09 15:25:03.512024900 +0200 @@ -192,7 +192,8 @@ prio: int = None, dist: str = None, components: str = None, user: str = None, secret: str = None, credentials_file: str = None, repo_gpgcheck: bool = False, pkg_gpgcheck: bool = False, - sourcetype: str = None, customization_script: str = None + sourcetype: str = None, customization_script: str = None, + architectures: str = None ) -> None: """ Add dnf repository @@ -212,6 +213,7 @@ source type, one of 'baseurl', 'metalink' or 'mirrorlist' :param str customization_script: custom script called after the repo file was created + :param str architectures: unused """ repo_file = self.shared_dnf_dir['reposd-dir'] + '/' + name + '.repo' self.repo_names.append(name + '.repo') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/repository/dnf5.py new/kiwi-10.1.11/kiwi/repository/dnf5.py --- old/kiwi-10.1.6/kiwi/repository/dnf5.py 2024-08-12 09:38:06.239309800 +0200 +++ new/kiwi-10.1.11/kiwi/repository/dnf5.py 2024-09-09 15:25:03.512024900 +0200 @@ -192,7 +192,8 @@ prio: int = None, dist: str = None, components: str = None, user: str = None, secret: str = None, credentials_file: str = None, repo_gpgcheck: bool = False, pkg_gpgcheck: bool = False, - sourcetype: str = None, customization_script: str = None + sourcetype: str = None, customization_script: str = None, + architectures: str = None ) -> None: """ Add dnf repository @@ -212,6 +213,7 @@ source type, one of 'baseurl', 'metalink' or 'mirrorlist' :param str customization_script: custom script called after the repo file was created + :param str architectures: unused """ repo_file = self.shared_dnf_dir['reposd-dir'] + '/' + name + '.repo' self.repo_names.append(name + '.repo') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/repository/pacman.py new/kiwi-10.1.11/kiwi/repository/pacman.py --- old/kiwi-10.1.6/kiwi/repository/pacman.py 2024-08-12 09:38:06.239309800 +0200 +++ new/kiwi-10.1.11/kiwi/repository/pacman.py 2024-09-09 15:25:03.512024900 +0200 @@ -115,7 +115,8 @@ prio: int = None, dist: str = None, components: str = None, user: str = None, secret: str = None, credentials_file: str = None, repo_gpgcheck: bool = False, pkg_gpgcheck: bool = False, - sourcetype: str = None, customization_script: str = None + sourcetype: str = None, customization_script: str = None, + architectures: str = None ) -> None: """ Add pacman repository @@ -134,6 +135,7 @@ :param str sourcetype: unused :param str customization_script: custom script called after the repo file was created + :param str architectures: unused """ repo_file = '{0}/{1}.repo'.format( self.shared_pacman_dir['repos-dir'], name diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/repository/zypper.py new/kiwi-10.1.11/kiwi/repository/zypper.py --- old/kiwi-10.1.6/kiwi/repository/zypper.py 2024-08-12 09:38:06.239309800 +0200 +++ new/kiwi-10.1.11/kiwi/repository/zypper.py 2024-09-09 15:25:03.512024900 +0200 @@ -252,7 +252,8 @@ prio: int = None, dist: str = None, components: str = None, user: str = None, secret: str = None, credentials_file: str = None, repo_gpgcheck: bool = False, pkg_gpgcheck: bool = False, - sourcetype: str = None, customization_script: str = None + sourcetype: str = None, customization_script: str = None, + architectures: str = None ) -> None: """ Add zypper repository @@ -271,6 +272,7 @@ :param str sourcetype: unused :param str customization_script: custom script called after the repo file was created + :param str architectures: unused """ if credentials_file: repo_secret = os.sep.join( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/schema/kiwi.rnc new/kiwi-10.1.11/kiwi/schema/kiwi.rnc --- old/kiwi-10.1.6/kiwi/schema/kiwi.rnc 2024-08-14 18:35:25.993191500 +0200 +++ new/kiwi-10.1.11/kiwi/schema/kiwi.rnc 2024-09-13 16:33:03.812008100 +0200 @@ -36,7 +36,7 @@ partition-size-type = xsd:token {pattern = "(\d+|\d+M|\d+G)"} vhd-tag-type = xsd:token {pattern = "[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}"} groups-list = xsd:token {pattern = "[a-zA-Z0-9_\-\.:]+(,[a-zA-Z0-9_\-\.:]+)*"} -arch-name = xsd:token {pattern = "(x86_64|i586|i686|ix86|aarch64|arm64|armv5el|armv5tel|armv6hl|armv6l|armv7hl|armv7l|ppc|ppc64|ppc64le|s390|s390x|riscv64)(,(x86_64|i586|i686|ix86|aarch64|arm64|armv5el|armv5tel|armv6hl|armv6l|armv7hl|armv7l|ppc|ppc64|ppc64le|s390|s390x|riscv64))*"} +arch-name = xsd:token {pattern = "(x86_64|i586|i686|ix86|aarch64|arm64|amd64|armv5el|armv5tel|armv6hl|armv6l|armv7hl|armv7l|ppc|ppc64|ppc64le|s390|s390x|riscv64)(,(x86_64|i586|i686|ix86|aarch64|arm64|amd64|armv5el|armv5tel|armv6hl|armv6l|armv7hl|armv7l|ppc|ppc64|ppc64le|s390|s390x|riscv64))*"} portnum-type = xsd:token {pattern = "(\d+|\d+/(udp|tcp))"} grub_console = xsd:token {pattern = "(none|console|gfxterm|serial|vga_text|mda_text|morse|spkmodem)( (none|console|serial|at_keyboard|usb_keyboard))*"} fs_attributes = xsd:token {pattern = "(no-copy-on-write|synchronous-updates)(,(no-copy-on-write|synchronous-updates))*"} @@ -1135,6 +1135,15 @@ attribute sourcetype { "baseurl" | "metalink" | "mirrorlist" } + k.repository.architectures.attribute = + ## Specifies for which architecture(s) this repository is + ## supposed to provide packages. Multiple architecture names + ## needs to be separated by a comma + attribute architectures { arch-name } + >> sch:pattern [ id = "architectures" is-a = "repo_type" + sch:param [ name = "attr" value = "architectures" ] + sch:param [ name = "types" value = "apt-deb" ] + ] k.repository.attlist = k.repository.type.attribute? & k.repository.profiles.attribute? & @@ -1152,7 +1161,8 @@ k.repository.package_gpgcheck.attribute? & k.repository.priority.attribute? & k.repository.password.attribute? & - k.repository.username.attribute? + k.repository.username.attribute? & + k.repository.architectures.attribute? k.repository = ## The Name of the Repository element repository { @@ -1661,7 +1671,7 @@ k.type.filesystem.attribute = ## Specifies the root filesystem type attribute filesystem { - "btrfs" | "ext2" | "ext3" | "ext4" | "squashfs" | "xfs" + "btrfs" | "ext2" | "ext3" | "ext4" | "squashfs" | "erofs" | "xfs" } >> sch:pattern [ id = "filesystem" is-a = "image_type" sch:param [ name = "attr" value = "filesystem" ] @@ -1672,6 +1682,13 @@ sch:param [ name = "attr" value = "filesystem" ] sch:param [ name = "types" value = "oem" ] ] + k.type.erofscompression.attribute = + ## Specifies the compression type for erofs + attribute erofscompression { text } + >> sch:pattern [ id = "erofscompression" is-a = "image_type" + sch:param [ name = "attr" value = "erofscompression" ] + sch:param [ name = "types" value = "oem pxe kis iso erofs" ] + ] k.type.squashfscompression.attribute = ## Specifies the compression type for mksquashfs attribute squashfscompression { @@ -1869,6 +1886,13 @@ sch:param [ name = "attr" value = "format" ] sch:param [ name = "types" value = "oem" ] ] + k.type.enclave_format.attribute = + ## Specifies the format of the virtual disk. + attribute enclave_format { "aws-nitro" } + >> sch:pattern [ id = "enclave_format" is-a = "image_type" + sch:param [ name = "attr" value = "enclave_format" ] + sch:param [ name = "types" value = "enclave" ] + ] k.type.formatoptions.attribute = ## Specifies additional format options passed on to qemu-img ## formatoptions is a comma separated list of format specific @@ -1941,8 +1965,8 @@ ## Specifies the image type attribute image { "btrfs" | "cpio" | "docker" | "ext2" | "ext3" | - "ext4" | "iso" | "oem" | "pxe" | "kis" | "squashfs" | "tbz" | - "xfs" | "oci" | "appx" + "ext4" | "iso" | "oem" | "pxe" | "kis" | "squashfs" | "erofs" | "tbz" | + "xfs" | "oci" | "appx" | "enclave" } >> sch:pattern [ id = "metadata_path_mandatory" is-a = "image_type_requirement" @@ -2023,7 +2047,7 @@ attribute kernelcmdline { text } >> sch:pattern [ id = "kernelcmdline" is-a = "image_type" sch:param [ name = "attr" value = "kernelcmdline" ] - sch:param [ name = "types" value = "oem iso pxe kis" ] + sch:param [ name = "types" value = "oem iso pxe kis enclave" ] ] k.type.luks_version.attribute = ## Specify LUKS version. This can be either set to "luks", "luks1" @@ -2261,11 +2285,13 @@ k.type.editbootinstall.attribute? & k.type.filesystem.attribute? & k.type.flags.attribute? & + k.type.enclave_format.attribute? & k.type.format.attribute? & k.type.formatoptions.attribute? & k.type.fsmountoptions.attribute? & k.type.fscreateoptions.attribute? & k.type.squashfscompression.attribute? & + k.type.erofscompression.attribute? & k.type.gcelicense.attribute? & k.type.hybridpersistent.attribute? & k.type.hybridpersistent_filesystem.attribute? & diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/schema/kiwi.rng new/kiwi-10.1.11/kiwi/schema/kiwi.rng --- old/kiwi-10.1.6/kiwi/schema/kiwi.rng 2024-08-14 18:35:25.993191500 +0200 +++ new/kiwi-10.1.11/kiwi/schema/kiwi.rng 2024-09-13 16:33:03.812008100 +0200 @@ -83,7 +83,7 @@ </define> <define name="arch-name"> <data type="token"> - <param name="pattern">(x86_64|i586|i686|ix86|aarch64|arm64|armv5el|armv5tel|armv6hl|armv6l|armv7hl|armv7l|ppc|ppc64|ppc64le|s390|s390x|riscv64)(,(x86_64|i586|i686|ix86|aarch64|arm64|armv5el|armv5tel|armv6hl|armv6l|armv7hl|armv7l|ppc|ppc64|ppc64le|s390|s390x|riscv64))*</param> + <param name="pattern">(x86_64|i586|i686|ix86|aarch64|arm64|amd64|armv5el|armv5tel|armv6hl|armv6l|armv7hl|armv7l|ppc|ppc64|ppc64le|s390|s390x|riscv64)(,(x86_64|i586|i686|ix86|aarch64|arm64|amd64|armv5el|armv5tel|armv6hl|armv6l|armv7hl|armv7l|ppc|ppc64|ppc64le|s390|s390x|riscv64))*</param> </data> </define> <define name="portnum-type"> @@ -1728,6 +1728,18 @@ </choice> </attribute> </define> + <define name="k.repository.architectures.attribute"> + <attribute name="architectures"> + <a:documentation>Specifies for which architecture(s) this repository is +supposed to provide packages. Multiple architecture names +needs to be separated by a comma</a:documentation> + <ref name="arch-name"/> + </attribute> + <sch:pattern id="architectures" is-a="repo_type"> + <sch:param name="attr" value="architectures"/> + <sch:param name="types" value="apt-deb"/> + </sch:pattern> + </define> <define name="k.repository.attlist"> <interleave> <optional> @@ -1775,6 +1787,9 @@ <optional> <ref name="k.repository.username.attribute"/> </optional> + <optional> + <ref name="k.repository.architectures.attribute"/> + </optional> </interleave> </define> <define name="k.repository"> @@ -2420,6 +2435,7 @@ <value>ext3</value> <value>ext4</value> <value>squashfs</value> + <value>erofs</value> <value>xfs</value> </choice> </attribute> @@ -2432,6 +2448,15 @@ <sch:param name="types" value="oem"/> </sch:pattern> </define> + <define name="k.type.erofscompression.attribute"> + <attribute name="erofscompression"> + <a:documentation>Specifies the compression type for erofs</a:documentation> + </attribute> + <sch:pattern id="erofscompression" is-a="image_type"> + <sch:param name="attr" value="erofscompression"/> + <sch:param name="types" value="oem pxe kis iso erofs"/> + </sch:pattern> + </define> <define name="k.type.squashfscompression.attribute"> <attribute name="squashfscompression"> <a:documentation>Specifies the compression type for mksquashfs</a:documentation> @@ -2690,6 +2715,16 @@ <sch:param name="types" value="oem"/> </sch:pattern> </define> + <define name="k.type.enclave_format.attribute"> + <attribute name="enclave_format"> + <a:documentation>Specifies the format of the virtual disk.</a:documentation> + <value>aws-nitro</value> + </attribute> + <sch:pattern id="enclave_format" is-a="image_type"> + <sch:param name="attr" value="enclave_format"/> + <sch:param name="types" value="enclave"/> + </sch:pattern> + </define> <define name="k.type.formatoptions.attribute"> <attribute name="formatoptions"> <a:documentation>Specifies additional format options passed on to qemu-img @@ -2797,10 +2832,12 @@ <value>pxe</value> <value>kis</value> <value>squashfs</value> + <value>erofs</value> <value>tbz</value> <value>xfs</value> <value>oci</value> <value>appx</value> + <value>enclave</value> </choice> </attribute> <sch:pattern id="metadata_path_mandatory" is-a="image_type_requirement"> @@ -2908,7 +2945,7 @@ </attribute> <sch:pattern id="kernelcmdline" is-a="image_type"> <sch:param name="attr" value="kernelcmdline"/> - <sch:param name="types" value="oem iso pxe kis"/> + <sch:param name="types" value="oem iso pxe kis enclave"/> </sch:pattern> </define> <define name="k.type.luks_version.attribute"> @@ -3267,6 +3304,9 @@ <ref name="k.type.flags.attribute"/> </optional> <optional> + <ref name="k.type.enclave_format.attribute"/> + </optional> + <optional> <ref name="k.type.format.attribute"/> </optional> <optional> @@ -3282,6 +3322,9 @@ <ref name="k.type.squashfscompression.attribute"/> </optional> <optional> + <ref name="k.type.erofscompression.attribute"/> + </optional> + <optional> <ref name="k.type.gcelicense.attribute"/> </optional> <optional> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/system/prepare.py new/kiwi-10.1.11/kiwi/system/prepare.py --- old/kiwi-10.1.6/kiwi/system/prepare.py 2024-08-12 09:38:06.243309700 +0200 +++ new/kiwi-10.1.11/kiwi/system/prepare.py 2024-09-09 15:25:03.516024800 +0200 @@ -158,6 +158,7 @@ for xml_repo in repository_sections: repo_type = xml_repo.get_type() repo_source = xml_repo.get_source().get_path() + repo_architectures = xml_repo.get_architectures() repo_user = xml_repo.get_username() repo_secret = xml_repo.get_password() repo_alias = xml_repo.get_alias() @@ -209,7 +210,8 @@ repo_type, repo_priority, repo_dist, repo_components, repo_user, repo_secret, uri.credentials_file_name(), repo_repository_gpgcheck, repo_package_gpgcheck, - repo_sourcetype, repo_customization_script + repo_sourcetype, repo_customization_script, + repo_architectures ) if clear_cache: repo.delete_repo_cache(repo_alias) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/system/setup.py new/kiwi-10.1.11/kiwi/system/setup.py --- old/kiwi-10.1.6/kiwi/system/setup.py 2024-08-12 09:38:06.243309700 +0200 +++ new/kiwi-10.1.11/kiwi/system/setup.py 2024-09-09 15:25:03.516024800 +0200 @@ -149,6 +149,7 @@ for xml_repo in repository_sections: repo_type = xml_repo.get_type() repo_source = xml_repo.get_source().get_path() + repo_architectures = xml_repo.get_architectures() repo_user = xml_repo.get_username() repo_secret = xml_repo.get_password() repo_alias = xml_repo.get_alias() @@ -184,7 +185,8 @@ repo_type, repo_priority, repo_dist, repo_components, repo_user, repo_secret, uri.credentials_file_name(), repo_repository_gpgcheck, repo_package_gpgcheck, - repo_sourcetype, repo_customization_script + repo_sourcetype, repo_customization_script, + repo_architectures ) def import_cdroot_files(self, target_dir: str) -> None: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/version.py new/kiwi-10.1.11/kiwi/version.py --- old/kiwi-10.1.6/kiwi/version.py 2024-09-06 10:41:00.517722600 +0200 +++ new/kiwi-10.1.11/kiwi/version.py 2024-09-13 16:33:19.852005700 +0200 @@ -18,5 +18,5 @@ """ Global version information used in kiwi and the package """ -__version__ = '10.1.6' +__version__ = '10.1.11' __githash__ = '$Format:%H$' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/kiwi/xml_parse.py new/kiwi-10.1.11/kiwi/xml_parse.py --- old/kiwi-10.1.6/kiwi/xml_parse.py 2024-08-14 18:35:25.993191500 +0200 +++ new/kiwi-10.1.11/kiwi/xml_parse.py 2024-09-13 16:33:03.812008100 +0200 @@ -2442,7 +2442,7 @@ """The Name of the Repository""" subclass = None superclass = k_source - def __init__(self, source=None, type_=None, profiles=None, arch=None, alias=None, sourcetype=None, components=None, distribution=None, imageinclude=None, imageonly=None, repository_gpgcheck=None, customize=None, package_gpgcheck=None, priority=None, password=None, username=None): + def __init__(self, source=None, type_=None, profiles=None, arch=None, alias=None, sourcetype=None, components=None, distribution=None, imageinclude=None, imageonly=None, repository_gpgcheck=None, customize=None, package_gpgcheck=None, priority=None, password=None, username=None, architectures=None): self.original_tagname_ = None super(repository, self).__init__(source, ) self.type_ = _cast(None, type_) @@ -2460,6 +2460,7 @@ self.priority = _cast(int, priority) self.password = _cast(None, password) self.username = _cast(None, username) + self.architectures = _cast(None, architectures) def factory(*args_, **kwargs_): if CurrentSubclassModule_ is not None: subclass = getSubclassFromModule_( @@ -2501,6 +2502,8 @@ def set_password(self, password): self.password = password def get_username(self): return self.username def set_username(self, username): self.username = username + def get_architectures(self): return self.architectures + def set_architectures(self, architectures): self.architectures = architectures def validate_arch_name(self, value): # Validate type arch-name, a restriction on xs:token. if value is not None and Validate_simpletypes_: @@ -2590,6 +2593,9 @@ if self.username is not None and 'username' not in already_processed: already_processed.add('username') outfile.write(' username=%s' % (self.gds_encode(self.gds_format_string(quote_attrib(self.username), input_name='username')), )) + if self.architectures is not None and 'architectures' not in already_processed: + already_processed.add('architectures') + outfile.write(' architectures=%s' % (quote_attrib(self.architectures), )) def exportChildren(self, outfile, level, namespaceprefix_='', name_='repository', fromsubclass_=False, pretty_print=True): super(repository, self).exportChildren(outfile, level, namespaceprefix_, name_, True, pretty_print=pretty_print) def build(self, node): @@ -2689,6 +2695,12 @@ if value is not None and 'username' not in already_processed: already_processed.add('username') self.username = value + value = find_attr_value_('architectures', node) + if value is not None and 'architectures' not in already_processed: + already_processed.add('architectures') + self.architectures = value + self.architectures = ' '.join(self.architectures.split()) + self.validate_arch_name(self.architectures) # validate type arch-name super(repository, self).buildAttributes(node, attrs, already_processed) def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): super(repository, self).buildChildren(child_, node, nodeName_, True) @@ -3082,7 +3094,7 @@ """The Image Type of the Logical Extend""" subclass = None superclass = None - def __init__(self, boot=None, bootfilesystem=None, firmware=None, bootkernel=None, bootpartition=None, bootpartsize=None, efipartsize=None, efifatimagesize=None, eficsm=None, efiparttable=None, dosparttable_extended_layout=None, bootprofile=None, btrfs_quota_groups=None, btrfs_root_is_snapshot=None, btrfs_root_is_subvolume=None, btrfs_set_default_volume=None, btrfs_root_is_readonly_snapshot=None, compressed=None, devicepersistency=None, editbootconfig=None, editbootinstall=None, filesystem=None, flags=None, format=None, formatoptions=None, fsmountoptions=None, fscreateoptions=None, squashfscompression=None, gcelicense=None, hybridpersistent=None, hybridpersistent_filesystem=None, gpt_hybrid_mbr=None, force_mbr=None, initrd_system=None, image=None, metadata_path=None, installboot=None, install_continue_on_timeout=None, installprovidefailsafe=None, installiso=None, installstick=None, installpxe=None, mediacheck=None, kernelcmdline=None, luks=None, luks_version=None, luksOS=None, l uks_randomize=None, luks_pbkdf=None, mdraid=None, overlayroot=None, overlayroot_write_partition=None, overlayroot_readonly_partsize=None, verity_blocks=None, embed_verity_metadata=None, standalone_integrity=None, embed_integrity_metadata=None, integrity_legacy_hmac=None, integrity_metadata_key_description=None, integrity_keyfile=None, primary=None, ramonly=None, rootfs_label=None, spare_part=None, spare_part_mountpoint=None, spare_part_fs=None, spare_part_fs_attributes=None, spare_part_is_last=None, target_blocksize=None, target_removable=None, selinux_policy=None, vga=None, vhdfixedtag=None, volid=None, application_id=None, wwid_wait_timeout=None, derived_from=None, delta_root=None, ensure_empty_tmpdirs=None, xen_server=None, publisher=None, disk_start_sector=None, root_clone=None, boot_clone=None, bundle_format=None, bootloader=None, containerconfig=None, machine=None, oemconfig=None, size=None, systemdisk=None, partitions=None, vagrantconfig=None, installmedia=None, luksformat=No ne): + def __init__(self, boot=None, bootfilesystem=None, firmware=None, bootkernel=None, bootpartition=None, bootpartsize=None, efipartsize=None, efifatimagesize=None, eficsm=None, efiparttable=None, dosparttable_extended_layout=None, bootprofile=None, btrfs_quota_groups=None, btrfs_root_is_snapshot=None, btrfs_root_is_subvolume=None, btrfs_set_default_volume=None, btrfs_root_is_readonly_snapshot=None, compressed=None, devicepersistency=None, editbootconfig=None, editbootinstall=None, filesystem=None, flags=None, enclave_format=None, format=None, formatoptions=None, fsmountoptions=None, fscreateoptions=None, squashfscompression=None, erofscompression=None, gcelicense=None, hybridpersistent=None, hybridpersistent_filesystem=None, gpt_hybrid_mbr=None, force_mbr=None, initrd_system=None, image=None, metadata_path=None, installboot=None, install_continue_on_timeout=None, installprovidefailsafe=None, installiso=None, installstick=None, installpxe=None, mediacheck=None, kernelcmdline=None, luks=None, luks_version=None, luksOS=None, luks_randomize=None, luks_pbkdf=None, mdraid=None, overlayroot=None, overlayroot_write_partition=None, overlayroot_readonly_partsize=None, verity_blocks=None, embed_verity_metadata=None, standalone_integrity=None, embed_integrity_metadata=None, integrity_legacy_hmac=None, integrity_metadata_key_description=None, integrity_keyfile=None, primary=None, ramonly=None, rootfs_label=None, spare_part=None, spare_part_mountpoint=None, spare_part_fs=None, spare_part_fs_attributes=None, spare_part_is_last=None, target_blocksize=None, target_removable=None, selinux_policy=None, vga=None, vhdfixedtag=None, volid=None, application_id=None, wwid_wait_timeout=None, derived_from=None, delta_root=None, ensure_empty_tmpdirs=None, xen_server=None, publisher=None, disk_start_sector=None, root_clone=None, boot_clone=None, bundle_format=None, bootloader=None, containerconfig=None, machine=None, oemconfig=None, size=None, systemdisk=None, partitions=None, vagrantc onfig=None, installmedia=None, luksformat=None): self.original_tagname_ = None self.boot = _cast(None, boot) self.bootfilesystem = _cast(None, bootfilesystem) @@ -3107,11 +3119,13 @@ self.editbootinstall = _cast(None, editbootinstall) self.filesystem = _cast(None, filesystem) self.flags = _cast(None, flags) + self.enclave_format = _cast(None, enclave_format) self.format = _cast(None, format) self.formatoptions = _cast(None, formatoptions) self.fsmountoptions = _cast(None, fsmountoptions) self.fscreateoptions = _cast(None, fscreateoptions) self.squashfscompression = _cast(None, squashfscompression) + self.erofscompression = _cast(None, erofscompression) self.gcelicense = _cast(None, gcelicense) self.hybridpersistent = _cast(bool, hybridpersistent) self.hybridpersistent_filesystem = _cast(None, hybridpersistent_filesystem) @@ -3316,6 +3330,8 @@ def set_filesystem(self, filesystem): self.filesystem = filesystem def get_flags(self): return self.flags def set_flags(self, flags): self.flags = flags + def get_enclave_format(self): return self.enclave_format + def set_enclave_format(self, enclave_format): self.enclave_format = enclave_format def get_format(self): return self.format def set_format(self, format): self.format = format def get_formatoptions(self): return self.formatoptions @@ -3326,6 +3342,8 @@ def set_fscreateoptions(self, fscreateoptions): self.fscreateoptions = fscreateoptions def get_squashfscompression(self): return self.squashfscompression def set_squashfscompression(self, squashfscompression): self.squashfscompression = squashfscompression + def get_erofscompression(self): return self.erofscompression + def set_erofscompression(self, erofscompression): self.erofscompression = erofscompression def get_gcelicense(self): return self.gcelicense def set_gcelicense(self, gcelicense): self.gcelicense = gcelicense def get_hybridpersistent(self): return self.hybridpersistent @@ -3596,6 +3614,9 @@ if self.flags is not None and 'flags' not in already_processed: already_processed.add('flags') outfile.write(' flags=%s' % (self.gds_encode(self.gds_format_string(quote_attrib(self.flags), input_name='flags')), )) + if self.enclave_format is not None and 'enclave_format' not in already_processed: + already_processed.add('enclave_format') + outfile.write(' enclave_format=%s' % (self.gds_encode(self.gds_format_string(quote_attrib(self.enclave_format), input_name='enclave_format')), )) if self.format is not None and 'format' not in already_processed: already_processed.add('format') outfile.write(' format=%s' % (self.gds_encode(self.gds_format_string(quote_attrib(self.format), input_name='format')), )) @@ -3611,6 +3632,9 @@ if self.squashfscompression is not None and 'squashfscompression' not in already_processed: already_processed.add('squashfscompression') outfile.write(' squashfscompression=%s' % (self.gds_encode(self.gds_format_string(quote_attrib(self.squashfscompression), input_name='squashfscompression')), )) + if self.erofscompression is not None and 'erofscompression' not in already_processed: + already_processed.add('erofscompression') + outfile.write(' erofscompression=%s' % (self.gds_encode(self.gds_format_string(quote_attrib(self.erofscompression), input_name='erofscompression')), )) if self.gcelicense is not None and 'gcelicense' not in already_processed: already_processed.add('gcelicense') outfile.write(' gcelicense=%s' % (self.gds_encode(self.gds_format_string(quote_attrib(self.gcelicense), input_name='gcelicense')), )) @@ -3973,6 +3997,11 @@ already_processed.add('flags') self.flags = value self.flags = ' '.join(self.flags.split()) + value = find_attr_value_('enclave_format', node) + if value is not None and 'enclave_format' not in already_processed: + already_processed.add('enclave_format') + self.enclave_format = value + self.enclave_format = ' '.join(self.enclave_format.split()) value = find_attr_value_('format', node) if value is not None and 'format' not in already_processed: already_processed.add('format') @@ -3995,6 +4024,10 @@ already_processed.add('squashfscompression') self.squashfscompression = value self.squashfscompression = ' '.join(self.squashfscompression.split()) + value = find_attr_value_('erofscompression', node) + if value is not None and 'erofscompression' not in already_processed: + already_processed.add('erofscompression') + self.erofscompression = value value = find_attr_value_('gcelicense', node) if value is not None and 'gcelicense' not in already_processed: already_processed.add('gcelicense') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/package/python-kiwi-spec-template new/kiwi-10.1.11/package/python-kiwi-spec-template --- old/kiwi-10.1.6/package/python-kiwi-spec-template 2024-09-02 09:08:05.238638900 +0200 +++ new/kiwi-10.1.11/package/python-kiwi-spec-template 2024-09-13 16:33:03.812008100 +0200 @@ -122,6 +122,10 @@ %if "%{_vendor}" != "debbuild" Provides: kiwi-image:tbz %endif +%if 0%{?fedora} >= 42 +Provides: kiwi-image:enclave +Requires: eif_build +%endif # tools conditionally used by kiwi %if 0%{?fedora} || 0%{?rhel} >= 8 Recommends: gnupg2 @@ -287,10 +291,17 @@ Provides: kiwi-filesystem:ext4 Provides: kiwi-filesystem:squashfs Provides: kiwi-filesystem:xfs +%if ! (0%{?suse_version} && 0%{?suse_version} < 1600) +Provides: kiwi-filesystem:erofs +Provides: kiwi-image:erofs +%endif %endif Requires: dosfstools Requires: e2fsprogs Requires: xfsprogs +%if ! (0%{?suse_version} && 0%{?suse_version} < 1600) +Requires: erofs-utils +%endif %if 0%{?suse_version} Requires: btrfsprogs %else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/pyproject.toml new/kiwi-10.1.11/pyproject.toml --- old/kiwi-10.1.6/pyproject.toml 2024-09-06 10:41:00.517722600 +0200 +++ new/kiwi-10.1.11/pyproject.toml 2024-09-13 16:33:19.852005700 +0200 @@ -1,6 +1,6 @@ [tool.poetry] name = "kiwi" -version = "10.1.6" +version = "10.1.11" description = "KIWI - Appliance Builder" license = "GPL-3.0-or-later" readme = "README.rst" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/test/data/bootinfo.txt new/kiwi-10.1.11/test/data/bootinfo.txt --- old/kiwi-10.1.6/test/data/bootinfo.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/kiwi-10.1.11/test/data/bootinfo.txt 2024-09-13 10:35:38.333110000 +0200 @@ -0,0 +1,5 @@ +<chrp-boot> +<description>Bob</description> +<os-name>Bob</os-name> +<boot-script>boot &device;:1,\boot\grub2\powerpc-ieee1275\grub.elf</boot-script> +</chrp-boot> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/test/unit/bootloader/config/grub2_test.py new/kiwi-10.1.11/test/unit/bootloader/config/grub2_test.py --- old/kiwi-10.1.6/test/unit/bootloader/config/grub2_test.py 2024-09-06 08:45:11.942936000 +0200 +++ new/kiwi-10.1.11/test/unit/bootloader/config/grub2_test.py 2024-09-10 14:46:08.990282800 +0200 @@ -1727,6 +1727,9 @@ mock_exists.side_effect = side_effect + with open('../data/bootinfo.txt') as chrp: + grub2_test_chrp_boot = chrp.read() + with patch('builtins.open', create=True) as mock_open: mock_open.return_value = MagicMock(spec=io.IOBase) file_handle = mock_open.return_value.__enter__.return_value @@ -1745,12 +1748,7 @@ call('search --file --set=root /boot/0xffffffff\n'), call('set prefix=($root)/boot/grub2\n'), call('source ($root)/boot/grub2/grub.cfg\n'), - call( - '\n<chrp-boot>\n<description>Bob</description>\n' - '<os-name>Bob</os-name>\n<boot-script>' - 'boot &device;:1,\boot\grub2\powerpc-ieee1275\grub.elf' - '</boot-script>\n</chrp-boot>\n' - ), + call(grub2_test_chrp_boot), call('source /boot/grub2/grub.cfg\n') ] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/test/unit/builder/enclave_test.py new/kiwi-10.1.11/test/unit/builder/enclave_test.py --- old/kiwi-10.1.6/test/unit/builder/enclave_test.py 1970-01-01 01:00:00.000000000 +0100 +++ new/kiwi-10.1.11/test/unit/builder/enclave_test.py 2024-09-10 14:50:25.246501200 +0200 @@ -0,0 +1,108 @@ +from collections import namedtuple +from unittest.mock import ( + patch, Mock, MagicMock +) +from pytest import ( + raises, fixture +) +import kiwi + +from kiwi.builder.enclave import EnclaveBuilder +from kiwi.exceptions import ( + KiwiEnclaveBootImageError, + KiwiEnclaveFormatError +) + + +class TestEnclaveBuilder: + @fixture(autouse=True) + def inject_fixtures(self, caplog): + self._caplog = caplog + + @patch('kiwi.builder.enclave.BootImage') + def setup(self, mock_boot): + self.setup = Mock() + self.runtime_config = Mock() + self.runtime_config.get_max_size_constraint = Mock( + return_value=None + ) + kiwi.builder.enclave.RuntimeConfig = Mock( + return_value=self.runtime_config + ) + kiwi.builder.enclave.SystemSetup = Mock( + return_value=self.setup + ) + self.boot_image_task = MagicMock() + self.boot_image_task.boot_root_directory = 'initrd_dir' + self.boot_image_task.initrd_filename = 'initrd_file_name' + mock_boot.new.return_value = self.boot_image_task + self.xml_state = Mock() + self.xml_state.profiles = None + self.xml_state.get_image_version = Mock( + return_value='1.2.3' + ) + self.xml_state.get_initrd_system = Mock( + return_value='dracut' + ) + self.xml_state.xml_data.get_name = Mock( + return_value='some-image' + ) + self.xml_state.build_type = Mock() + self.xml_state.build_type.get_kernelcmdline = Mock( + return_value='some' + ) + kernel_type = namedtuple( + 'kernel', ['filename', 'version'] + ) + self.kernel = Mock() + self.kernel.get_kernel = Mock( + return_value=kernel_type(filename='some-kernel', version='42') + ) + kiwi.builder.enclave.Kernel = Mock( + return_value=self.kernel + ) + self.enclave = EnclaveBuilder( + self.xml_state, 'target_dir', 'root_dir', + custom_args={'signing_keys': ['key_file_a', 'key_file_b']} + ) + self.enclave.compressed = True + + @patch('kiwi.builder.enclave.BootImage') + def setup_method(self, cls, mock_boot): + self.setup() + + @patch('kiwi.builder.enclave.BootImage') + def test_create_invalid_enclave_format(self, mock_boot): + self.enclave.format = '' + with raises(KiwiEnclaveFormatError): + self.enclave.create() + + @patch('kiwi.builder.enclave.Command.run') + def test_create_aws_nitro(self, mock_Command_run): + self.enclave.format = 'aws-nitro' + self.boot_image_task.required = Mock( + return_value=True + ) + self.enclave.create() + + self.boot_image_task.create_initrd.assert_called_once_with() + self.setup.export_package_list.assert_called_once_with( + 'target_dir' + ) + self.setup.export_package_verification.assert_called_once_with( + 'target_dir' + ) + mock_Command_run.assert_called_once_with( + [ + 'eif_build', + '--kernel', 'target_dir/some-image.x86_64-1.2.3-42.kernel', + '--ramdisk', 'target_dir/initrd_file_name', + '--cmdline', 'some', + '--output', 'target_dir/some-image.x86_64-1.2.3.eif' + ] + ) + + def test_create_no_kernel_found(self): + self.kernel.get_kernel.return_value = False + with raises(KiwiEnclaveBootImageError): + self.enclave.create() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/test/unit/builder/init_test.py new/kiwi-10.1.11/test/unit/builder/init_test.py --- old/kiwi-10.1.6/test/unit/builder/init_test.py 2024-08-14 18:35:25.997191400 +0200 +++ new/kiwi-10.1.11/test/unit/builder/init_test.py 2024-09-10 14:50:25.250501200 +0200 @@ -61,6 +61,17 @@ xml_state, 'target_dir', 'root_dir', None ) + @patch('kiwi.builder.enclave.EnclaveBuilder') + def test_enclave_builder(self, mock_builder): + xml_state = Mock() + xml_state.get_build_type_name = Mock( + return_value='enclave' + ) + ImageBuilder.new(xml_state, 'target_dir', 'root_dir') + mock_builder.assert_called_once_with( + xml_state, 'target_dir', 'root_dir', None + ) + @patch('kiwi.builder.archive.ArchiveBuilder') def test_archive_builder(self, mock_builder): xml_state = Mock() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/test/unit/filesystem/erofs_test.py new/kiwi-10.1.11/test/unit/filesystem/erofs_test.py --- old/kiwi-10.1.6/test/unit/filesystem/erofs_test.py 1970-01-01 01:00:00.000000000 +0100 +++ new/kiwi-10.1.11/test/unit/filesystem/erofs_test.py 2024-09-13 16:33:03.812008100 +0200 @@ -0,0 +1,43 @@ +from unittest.mock import patch + +import unittest.mock as mock + +from kiwi.defaults import Defaults +from kiwi.filesystem.erofs import FileSystemEroFs + + +class TestFileSystemEroFs: + @patch('os.path.exists') + def setup(self, mock_exists): + mock_exists.return_value = True + self.erofs = FileSystemEroFs( + mock.Mock(), 'root_dir', + custom_args={'compression': 'zstd,level=21'} + ) + + @patch('os.path.exists') + def setup_method(self, cls, mock_exists): + self.setup() + + @patch('kiwi.filesystem.erofs.Command.run') + def test_create_on_file(self, mock_command): + Defaults.set_platform_name('x86_64') + self.erofs.create_on_file('myimage', 'label') + mock_command.assert_called_once_with( + [ + 'mkfs.erofs', '-z', 'zstd,level=21', + '-L', 'label', 'myimage', 'root_dir' + ] + ) + + @patch('kiwi.filesystem.erofs.Command.run') + def test_create_on_file_exclude_data(self, mock_command): + Defaults.set_platform_name('x86_64') + self.erofs.create_on_file('myimage', 'label', ['foo']) + mock_command.assert_called_once_with( + [ + 'mkfs.erofs', '-z', 'zstd,level=21', + '-L', 'label', '--exclude-regex=foo', + 'myimage', 'root_dir' + ] + ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/test/unit/oci_tools/umoci_test.py new/kiwi-10.1.11/test/unit/oci_tools/umoci_test.py --- old/kiwi-10.1.6/test/unit/oci_tools/umoci_test.py 2024-07-23 10:47:16.806534800 +0200 +++ new/kiwi-10.1.11/test/unit/oci_tools/umoci_test.py 2024-09-11 13:07:12.644025300 +0200 @@ -60,9 +60,6 @@ options=[ '--archive', '--hard-links', '--xattrs', '--acls', '--one-file-system', '--inplace', - '--filter', '-x! user.*', - '--filter', '-x! security.ima*', - '--filter', '-x! security.capability*', '--delete' ] ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/test/unit/repository/apt_test.py new/kiwi-10.1.11/test/unit/repository/apt_test.py --- old/kiwi-10.1.6/test/unit/repository/apt_test.py 2024-05-02 09:12:27.112463700 +0200 +++ new/kiwi-10.1.11/test/unit/repository/apt_test.py 2024-09-09 15:25:03.516024800 +0200 @@ -151,11 +151,13 @@ mock_open.return_value = MagicMock(spec=io.IOBase) file_handle = mock_open.return_value.__enter__.return_value self.repo.add_repo( - 'foo', 'kiwi_iso_mount/uri', 'deb', None, 'xenial', 'a b' + 'foo', 'kiwi_iso_mount/uri', 'deb', None, 'xenial', 'a b', + architectures='amd64,arm64' ) file_handle.write.assert_called_once_with( 'Types: deb\n' 'URIs: file:/kiwi_iso_mount/uri\n' + 'Architectures: amd64 arm64\n' 'Suites: xenial\n' 'Components: a b\n' ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/test/unit/system/prepare_test.py new/kiwi-10.1.11/test/unit/system/prepare_test.py --- old/kiwi-10.1.6/test/unit/system/prepare_test.py 2024-08-12 09:38:06.267310000 +0200 +++ new/kiwi-10.1.11/test/unit/system/prepare_test.py 2024-09-09 15:25:03.516024800 +0200 @@ -287,12 +287,12 @@ call( 'uri-alias', 'uri', None, 42, None, None, None, None, 'credentials-file', None, None, - 'baseurl', None + 'baseurl', None, None ), call( 'uri-alias', 'uri', 'rpm-md', None, None, None, None, None, 'credentials-file', None, None, - None, '../data/script' + None, '../data/script', None ) ] assert repo.delete_repo_cache.call_args_list == [ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/test/unit/system/setup_test.py new/kiwi-10.1.11/test/unit/system/setup_test.py --- old/kiwi-10.1.6/test/unit/system/setup_test.py 2024-08-12 09:38:06.267310000 +0200 +++ new/kiwi-10.1.11/test/unit/system/setup_test.py 2024-09-09 15:25:03.516024800 +0200 @@ -1678,7 +1678,7 @@ self.setup_with_real_xml.import_repositories_marked_as_imageinclude() assert repo.add_repo.call_args_list[0] == call( 'uri-alias', 'uri', 'rpm-md', None, None, None, None, None, - 'kiwiRepoCredentials', None, None, None, '../data/script' + 'kiwiRepoCredentials', None, None, None, '../data/script', None ) @patch('os.path.exists') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kiwi-10.1.6/tox.ini new/kiwi-10.1.11/tox.ini --- old/kiwi-10.1.6/tox.ini 2024-05-02 09:12:27.132463700 +0200 +++ new/kiwi-10.1.11/tox.ini 2024-09-10 14:50:25.250501200 +0200 @@ -49,6 +49,7 @@ check: python3 devel: python3 packagedoc: python3 + doc: python3 passenv = * usedevelop = True
