runcom · November 7, 2023 13:01
diff --git a/01-edge-base.conf b/01-edge-base.conf
 dracutmodules+=" ostree systemd-ask-password ignition ignition-edge network-manager network url-lib clevis clevis-pin-null crypt lvm fido2 udev-rules fs-lib uefi-lib "
diff --git a/80-iot.preset b/80-iot.preset
 #
 # Fedora IoT
 #

 # greenboot generic health checking framework
 enable greenboot-grub2-set-counter.service
 enable greenboot-grub2-set-success.service
 enable greenboot-healthcheck.service
 enable greenboot-rpm-ostree-grub2-check-fallback.service
 enable greenboot-status.service
 enable greenboot-task-runner.service
 enable redboot-auto-reboot.service
 enable redboot-task-runner.service

 # PARSEC services
 enable parsec.service
 enable dbus-parsec.service

 # zezere_ignition provides first-boot provisioning and configuration
 enable zezere_ignition.timer

 enable ignition-firstboot-complete.service
 enable coreos-ignition-write-issues.service
 enable fdo-client-linuxapp.service
 enable NetworkManager.service
 enable firewalld.service
diff --git a/Dockerfile b/Dockerfile
 FROM registry.gitlab.com/centos/cloud/sagano/centos-boot-tier-1:stream9
 USER root
 COPY 80-iot.preset /usr/lib/systemd/system-preset
 COPY 01-edge-base.conf /usr/lib/dracut/dracut.conf.d
 RUN update-crypto-policies --set DEFAULT:SHA1 && \
    rpm-ostree install \
 	ignition \
 	ignition-edge \
 	ssh-key-dir \
 	grub2 \
 	grub2-efi-x64 \
 	efibootmgr \
 	shim-x64 \
 	microcode_ctl \
 	iwl1000-firmware \
 	iwl100-firmware \
 	iwl105-firmware \
 	iwl135-firmware \
 	iwl2000-firmware \
 	iwl2030-firmware \
 	iwl3160-firmware \
 	iwl5000-firmware \
 	iwl5150-firmware \
 	iwl6050-firmware \
 	iwl7260-firmware \
 	redhat-release \
 	glibc \
 	rpm \
 	rpm-ostree \
 	glibc-minimal-langpack \
 	nss-altfiles \
 	dracut-config-generic \
 	dracut-network \
 	basesystem \
 	bash \
 	platform-python \
 	shadow-utils \
 	chrony \
 	setup \
 	shadow-utils \
 	sudo \
 	systemd \
 	coreutils \
 	util-linux \
 	curl \
 	vim-minimal \
 	polkit \
 	lvm2 \
 	cryptsetup \
 	pinentry \
 	e2fsprogs \
 	dosfstools \
 	keyutils \
 	gnupg2 \
 	attr \
 	xz \
 	gzip \
 	firewalld \
 	iptables \
 	NetworkManager \
 	NetworkManager-wifi \
 	NetworkManager-wwan \
 	wpa_supplicant \
 	dnsmasq \
 	traceroute \
 	hostname \
 	iproute \
 	iputils \
 	procps-ng \
 	#rootfiles \
 	passwd \
 	policycoreutils \
 	policycoreutils-python-utils \
 	setools-console \
 	less \
 	tar \
 	rsync \
 	usbguard \
 	bash-completion \
 	tmux \
 	ima-evm-utils \
 	audit \
 	podman \
 	containernetworking-plugins \
 	container-selinux \
 	skopeo \
 	criu \
 	slirp4netns \
 	fuse-overlayfs \
 	clevis \
 	clevis-dracut \
 	clevis-luks \
 	greenboot \
 	greenboot-default-health-checks \
 	fdo-client \
 	fdo-owner-cli \
 	sos \
 	&& ostree container commit
 RUN KERNEL_VERSION=$(rpm -q kernel | cut -c 8-); \
    dracut --reproducible -v -f \
    /lib/modules/$KERNEL_VERSION/initramfs.img $KERNEL_VERSION && \
    ostree container commit
	#
	# Fedora IoT
	#

	# greenboot generic health checking framework
	enable greenboot-grub2-set-counter.service
	enable greenboot-grub2-set-success.service
	enable greenboot-healthcheck.service
	enable greenboot-rpm-ostree-grub2-check-fallback.service
	enable greenboot-status.service
	enable greenboot-task-runner.service
	enable redboot-auto-reboot.service
	enable redboot-task-runner.service

	# PARSEC services
	enable parsec.service
	enable dbus-parsec.service

	# zezere_ignition provides first-boot provisioning and configuration
	enable zezere_ignition.timer

	enable ignition-firstboot-complete.service
	enable coreos-ignition-write-issues.service
	enable fdo-client-linuxapp.service
	enable NetworkManager.service
	enable firewalld.service
	FROM registry.gitlab.com/centos/cloud/sagano/centos-boot-tier-1:stream9
	USER root
	COPY 80-iot.preset /usr/lib/systemd/system-preset
	COPY 01-edge-base.conf /usr/lib/dracut/dracut.conf.d
	RUN update-crypto-policies --set DEFAULT:SHA1 && \
	rpm-ostree install \
	ignition \
	ignition-edge \
	ssh-key-dir \
	grub2 \
	grub2-efi-x64 \
	efibootmgr \
	shim-x64 \
	microcode_ctl \
	iwl1000-firmware \
	iwl100-firmware \
	iwl105-firmware \
	iwl135-firmware \
	iwl2000-firmware \
	iwl2030-firmware \
	iwl3160-firmware \
	iwl5000-firmware \
	iwl5150-firmware \
	iwl6050-firmware \
	iwl7260-firmware \
	redhat-release \
	glibc \
	rpm \
	rpm-ostree \
	glibc-minimal-langpack \
	nss-altfiles \
	dracut-config-generic \
	dracut-network \
	basesystem \
	bash \
	platform-python \
	shadow-utils \
	chrony \
	setup \
	shadow-utils \
	sudo \
	systemd \
	coreutils \
	util-linux \
	curl \
	vim-minimal \
	polkit \
	lvm2 \
	cryptsetup \
	pinentry \
	e2fsprogs \
	dosfstools \
	keyutils \
	gnupg2 \
	attr \
	xz \
	gzip \
	firewalld \
	iptables \
	NetworkManager \
	NetworkManager-wifi \
	NetworkManager-wwan \
	wpa_supplicant \
	dnsmasq \
	traceroute \
	hostname \
	iproute \
	iputils \
	procps-ng \
	#rootfiles \
	passwd \
	policycoreutils \
	policycoreutils-python-utils \
	setools-console \
	less \
	tar \
	rsync \
	usbguard \
	bash-completion \
	tmux \
	ima-evm-utils \
	audit \
	podman \
	containernetworking-plugins \
	container-selinux \
	skopeo \
	criu \
	slirp4netns \
	fuse-overlayfs \
	clevis \
	clevis-dracut \
	clevis-luks \
	greenboot \
	greenboot-default-health-checks \
	fdo-client \
	fdo-owner-cli \
	sos \
	&& ostree container commit
	RUN KERNEL_VERSION=$(rpm -q kernel \| cut -c 8-); \
	dracut --reproducible -v -f \
	/lib/modules/$KERNEL_VERSION/initramfs.img $KERNEL_VERSION && \
	ostree container commit