[pull] main from ublue-os:main #7
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Closes #78
With zfs 2.1.x, depmod ran automatically. Though unclear why, it no longer seems to occur when installing zfs 2.2.x RPMs in a container build (it does still work automatically on a non image-based Fedora system). Manually running depmod, as in this commit, ensures the 2.2.x kmods load as expected.
fix: run depmod after installing ZFS RPMs
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Add the new package from `ucore-kmods` which includes the signing key. This enables a user to import the signing key as a MOK using: sudo mokutil --import /etc/pki/akmods/certs/akmods-ublue.der Closes #82
feat: add package with secure boot public signing key
docs: update SecureBoot to include zfs
These files should enable rpm-ostreed/container tooling to validate signed images when using appropriate references. It will require signed images for ghcr.io/ublue-os images. Relates: #101
feat: enable signed images
I intentionally stopped publishing a `:latest` tag back on April 1st. It was not intended to be an April Fool's joke, but rather a cleanup to best practices of not using that tag. However, the old images did not expire, so the old `:latest` continues to exist, confusing both users and our website's image discovery code. I suppose it turned out to be a long lived April Fool's joke after all! This resumes the publishing of the tag, ensuring it matches the `:stable` tag, and only on the `ucore` image. There will be no `:latest` for nvidia, zfs or testing images, nor `fedora-coreos` or `ucore-hci`.
chore(ci): resume use of latest tag for stable image
Convert to a reusable workflow such that stable and testing builds can happen on separate schedules and so that stable builds are all that gate merge success, allowing testing to be more unstable.
This should allow faster overall builds of ucore and ucore-hci by building in parallel, and removes the need to publish ucore to GHCR even for PRs just to allow ucore-hci to build successfully.
pciutils was already pulled in by open-vm-tools, but pciutils and usbutils are especially useful on a bare metal machine.
Since the fedora-coreos images built here specifically are built with our custom kmod builds of nvidia and zfs, the public signing key should be provided to provide those users the ability to easily import the key as a MOK should they wish to run SecureBoot
The perl-Sys-Hostname package had been missing which prevented sanoid/syncoid from running properly. Also clarified in README that ucore-minimal only adds pv, not the full set of sanoid deps.
add 3 misc improvements
Install nfs and samba packages per issue discussion.
docs: update README for NFS and Samba
docs: add SELinux comments to README
Closes: #87
A helpful issue was filed with PR which will help address some spurious issues with the github actions workflows. That inspired me to improve the github-release-install.sh script such that it will more properly fail(retry) when http errors occur. Relates: ublue-os/main#502
chore(ci): improve retry errors for github installs
Co-authored-by: Benjamin Sherman <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Benjamin Sherman <[email protected]>
Co-authored-by: Benjamin Sherman <[email protected]>
- uses RUN --mount to avoid COPY directives which create wasted layers for temp files - uses ubuntu 24.04 for newer podman/buildah versions which can use --mount - cannot inspect local container-storage due to something with the configuration of the ubuntu 24.04 builders (should be investigated)
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Benjamin Sherman <[email protected]>
Co-authored-by: Thomas Wiest <[email protected]>
Co-authored-by: Benjamin Sherman <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Benjamin Sherman <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )