From 01323b3115f282ff328349e3bc67f7f1a56aeac9 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Fri, 19 Jan 2024 17:56:28 -0600 Subject: [PATCH 1/3] feat: add usbutils to ucore image pciutils was already pulled in by open-vm-tools, but pciutils and usbutils are especially useful on a bare metal machine. --- README.md | 1 + ucore/packages.json | 2 ++ 2 files changed, 3 insertions(+) diff --git a/README.md b/README.md index 90f3c99..a935ce4 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ This image builds on `ucore-minimal` but adds drivers, storage tools and utiliti - intel wifi firmware - CoreOS omits this despite including atheros wifi firmware... hardware enablement FTW - [mergerfs](https://github.com/trapexit/mergerfs) - [snapraid](https://www.snapraid.it/) + - usbutils(and pciutils) - technically pciutils is pulled in by open-vm-tools in ucore-minimal ### `ucore-hci` diff --git a/ucore/packages.json b/ucore/packages.json index 6324fbe..413ec2f 100644 --- a/ucore/packages.json +++ b/ucore/packages.json @@ -24,7 +24,9 @@ "iwlegacy-firmware", "iwlwifi-dvm-firmware", "iwlwifi-mvm-firmware", + "pciutils", "snapraid", + "usbutils", "xdg-dbus-proxy", "xdg-user-dirs" ], From fd4ea2b275fd7b62b89fa05e229671ac33db74a6 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Fri, 19 Jan 2024 18:13:50 -0600 Subject: [PATCH 2/3] feat: add ublue-os public signing key to fedora-coreos images Since the fedora-coreos images built here specifically are built with our custom kmod builds of nvidia and zfs, the public signing key should be provided to provide those users the ability to easily import the key as a MOK should they wish to run SecureBoot --- fedora-coreos/Containerfile | 1 + fedora-coreos/install.sh | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/fedora-coreos/Containerfile b/fedora-coreos/Containerfile index c32db33..36e9fa1 100644 --- a/fedora-coreos/Containerfile +++ b/fedora-coreos/Containerfile @@ -9,6 +9,7 @@ ARG NVIDIA_TAG="${NVIDIA_TAG}" ARG ZFS_TAG="${ZFS_TAG}" ARG KMOD_SRC="${KMOD_SRC:-ghcr.io/ublue-os/ucore-kmods:${COREOS_VERSION}}" +COPY --from=${KMOD_SRC} /rpms/kmods/*.rpm /tmp/rpms/ COPY --from=${KMOD_SRC} /rpms/kmods/nvidia/*.rpm /tmp/rpms/nvidia/ COPY --from=${KMOD_SRC} /rpms/kmods/zfs/*.rpm /tmp/rpms/zfs/ diff --git a/fedora-coreos/install.sh b/fedora-coreos/install.sh index 3554b8b..f0559f4 100755 --- a/fedora-coreos/install.sh +++ b/fedora-coreos/install.sh @@ -23,7 +23,9 @@ sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-cisco-openh264.repo # inspect to see what RPMS we copied in find /tmp/rpms/ -## CONDITIONAL: install ZFS (and sanoid deps) +rpm-ostree install /tmp/rpms/ublue-os-ucore-addons-*.rpm + +## CONDITIONAL: install ZFS if [[ "-zfs" == "${ZFS_TAG}" ]]; then rpm-ostree install pv /tmp/rpms/zfs/*.rpm # for some reason depmod ran automatically with zfs 2.1 but not with 2.2 From a2b9c960c359496afc607c93a104d76cb445ae50 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Fri, 19 Jan 2024 18:30:06 -0600 Subject: [PATCH 3/3] fix: add missing sanoid dependencies The perl-Sys-Hostname package had been missing which prevented sanoid/syncoid from running properly. Also clarified in README that ucore-minimal only adds pv, not the full set of sanoid deps. --- README.md | 3 ++- ucore/install-ucore-minimal.sh | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a935ce4..e07258c 100644 --- a/README.md +++ b/README.md @@ -61,8 +61,9 @@ Suitable for running containerized workloads on either bare metal or virtual mac - [nvidia-container-toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/sample-workload.html) - latest toolkit which supports both root and rootless podman containers and CDI - [nvidia container selinux policy](https://github.com/NVIDIA/dgx-selinux/tree/master/src/nvidia-container-selinux) - allows using `--security-opt label=type:nvidia_container_t` for some jobs (some will still need `--security-opt label=disable` as suggested by nvidia) - Optional [ZFS versions](#tag-matrix) add: - - [sanoid/syncoid dependencies](https://github.com/jimsalterjrs/sanoid) - [see below](#zfs) for details - [ZFS driver](https://github.com/ublue-os/ucore-kmods) - latest driver (currently pinned to 2.2.x series) + - [sanoid/syncoid dependencies](https://github.com/jimsalterjrs/sanoid) - [see below](#zfs) for details + - note: on `ucore-minimal` images, only `pv` is installed - Disables Zincati auto upgrade/reboot service - Enables staging of automatic system updates via rpm-ostreed - Enables password based SSH auth (required for locally running cockpit web interface) diff --git a/ucore/install-ucore-minimal.sh b/ucore/install-ucore-minimal.sh index 6596b44..fbb7918 100755 --- a/ucore/install-ucore-minimal.sh +++ b/ucore/install-ucore-minimal.sh @@ -33,7 +33,9 @@ if [[ "-zfs" == "${ZFS_TAG}" ]]; then mhash \ perl-Capture-Tiny \ perl-Config-IniFiles \ + perl-Data-Dumper \ perl-Getopt-Long \ + perl-Sys-Hostname \ pv # for some reason depmod ran automatically with zfs 2.1 but not with 2.2 depmod -A ${KERNEL}