From b21b728fc94439ed87f0e69c4d85787228533249 Mon Sep 17 00:00:00 2001 From: Sumukh Ballal Date: Thu, 30 May 2024 14:35:22 +0000 Subject: [PATCH 1/4] twoliter: update twoliter to v0.2.0 --- Makefile.toml | 2 +- Twoliter.toml | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Makefile.toml b/Makefile.toml index 7f5f03a1c8a..a20af4c7bcc 100644 --- a/Makefile.toml +++ b/Makefile.toml @@ -7,7 +7,7 @@ BUILDSYS_ROOT_DIR = "${CARGO_MAKE_WORKING_DIRECTORY}" # For binary installation, this should be a released version (prefixed with a v, # for example v0.1.0). For the git sourcecode installation method, this can be # any git rev, e.g. a tag, sha, or branch name. -TWOLITER_VERSION = "v0.1.1" +TWOLITER_VERSION = "v0.2.0" # For binary installation, this is the GitHub repository that has binary release artifacts attached # to it, for example https://github.com/bottlerocket-os/twoliter. For git sourcecode installation, diff --git a/Twoliter.toml b/Twoliter.toml index 9b775105072..0f93e4c7d78 100644 --- a/Twoliter.toml +++ b/Twoliter.toml @@ -1,7 +1,10 @@ schema-version = 1 release-version = "1.21.0" -[sdk] +[vendor.bottlerocket] registry = "public.ecr.aws/bottlerocket" -repo = "bottlerocket-sdk" -tag = "v0.41.0" + +[sdk] +name = "bottlerocket-sdk" +version = "0.41.0" +vendor = "bottlerocket" From 242162ee68db76ded50b90966b87ac67ead9fe8e Mon Sep 17 00:00:00 2001 From: Matthew James Briggs Date: Sun, 5 May 2024 13:38:10 -0700 Subject: [PATCH 2/4] build: add build-package key to all package cargo.tomls --- packages/filesystem/Cargo.toml | 3 +++ packages/libgcc/Cargo.toml | 2 ++ packages/libstd-rust/Cargo.toml | 3 +++ packages/login/Cargo.toml | 2 ++ packages/netdog/Cargo.toml | 2 +- packages/release/Cargo.toml | 2 ++ packages/selinux-policy/Cargo.toml | 2 ++ 7 files changed, 15 insertions(+), 1 deletion(-) diff --git a/packages/filesystem/Cargo.toml b/packages/filesystem/Cargo.toml index 9d5b4a2d7af..1d8f407150f 100644 --- a/packages/filesystem/Cargo.toml +++ b/packages/filesystem/Cargo.toml @@ -5,5 +5,8 @@ edition = "2021" publish = false build = "../build.rs" + +[package.metadata.build-package] + [lib] path = "../packages.rs" diff --git a/packages/libgcc/Cargo.toml b/packages/libgcc/Cargo.toml index 2048d925d3b..070bb948af0 100644 --- a/packages/libgcc/Cargo.toml +++ b/packages/libgcc/Cargo.toml @@ -5,5 +5,7 @@ edition = "2021" publish = false build = "../build.rs" +[package.metadata.build-package] + [lib] path = "../packages.rs" diff --git a/packages/libstd-rust/Cargo.toml b/packages/libstd-rust/Cargo.toml index 992090d3ca2..7f393726a7d 100644 --- a/packages/libstd-rust/Cargo.toml +++ b/packages/libstd-rust/Cargo.toml @@ -5,5 +5,8 @@ edition = "2021" publish = false build = "../build.rs" + +[package.metadata.build-package] + [lib] path = "../packages.rs" diff --git a/packages/login/Cargo.toml b/packages/login/Cargo.toml index 58b521824d2..9ce0ce89bd6 100644 --- a/packages/login/Cargo.toml +++ b/packages/login/Cargo.toml @@ -5,6 +5,8 @@ edition = "2021" publish = false build = "../build.rs" +[package.metadata.build-package] + [lib] path = "../packages.rs" diff --git a/packages/netdog/Cargo.toml b/packages/netdog/Cargo.toml index a4d34dd353f..630dab1dd3c 100644 --- a/packages/netdog/Cargo.toml +++ b/packages/netdog/Cargo.toml @@ -8,7 +8,7 @@ build = "../build.rs" [lib] path = "../packages.rs" -[package.metadata.build-packages] +[package.metadata.build-package] source-groups = [ "netdog", "dogtag", diff --git a/packages/release/Cargo.toml b/packages/release/Cargo.toml index eb1a1e15aa1..e13c508314c 100644 --- a/packages/release/Cargo.toml +++ b/packages/release/Cargo.toml @@ -5,6 +5,8 @@ edition = "2021" publish = false build = "../build.rs" +[package.metadata.build-package] + [lib] path = "../packages.rs" diff --git a/packages/selinux-policy/Cargo.toml b/packages/selinux-policy/Cargo.toml index abf3cfe7164..ef43c153172 100644 --- a/packages/selinux-policy/Cargo.toml +++ b/packages/selinux-policy/Cargo.toml @@ -5,5 +5,7 @@ edition = "2021" publish = false build = "../build.rs" +[package.metadata.build-package] + [lib] path = "../packages.rs" From 3d4dd9eb61bc0fb99ad9920ffbbc1d6d60f53c7e Mon Sep 17 00:00:00 2001 From: "Patrick J.P. Culp" Date: Wed, 29 May 2024 15:34:41 +0000 Subject: [PATCH 3/4] makefile: add new targets for twoliter Adds `repack-variant`, `fetch-variant`. `fetch-friendly-variant` and `fetch-ova`. --- Makefile.toml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Makefile.toml b/Makefile.toml index a20af4c7bcc..0349d7cc5c4 100644 --- a/Makefile.toml +++ b/Makefile.toml @@ -391,6 +391,18 @@ run_task = "run-twoliter" [tasks.build-variant] run_task = "run-twoliter" +[tasks.repack-variant] +run_task = "run-twoliter" + +[tasks.fetch-variant] +run_task = "run-twoliter" + +[tasks.fetch-friendly-variant] +run_task = "run-twoliter" + +[tasks.fetch-ova] +run_task = "run-twoliter" + [tasks.check-licenses] run_task = "run-twoliter" From c86ccb871aa29d7af608040719b1b0f10c98b29f Mon Sep 17 00:00:00 2001 From: "Patrick J.P. Culp" Date: Wed, 29 May 2024 15:36:49 +0000 Subject: [PATCH 4/4] packages: remove ca-certificates Instead of being built as a package, the CA certificate bundle will be installed via the Bottlerocket SDK or with a local bundle by passing BUILDSYS_CACERTS_BUNDLE_OVERRIDE. --- packages/ca-certificates/.gitignore | 1 - packages/ca-certificates/Cargo.toml | 16 --------- packages/ca-certificates/ca-certificates.spec | 34 ------------------- packages/release/Cargo.toml | 1 - .../release-ca-certificates-tmpfiles.conf} | 0 packages/release/release.spec | 4 ++- variants/Cargo.lock | 5 --- 7 files changed, 3 insertions(+), 58 deletions(-) delete mode 100644 packages/ca-certificates/.gitignore delete mode 100644 packages/ca-certificates/Cargo.toml delete mode 100644 packages/ca-certificates/ca-certificates.spec rename packages/{ca-certificates/ca-certificates-tmpfiles.conf => release/release-ca-certificates-tmpfiles.conf} (100%) diff --git a/packages/ca-certificates/.gitignore b/packages/ca-certificates/.gitignore deleted file mode 100644 index 869b93b5770..00000000000 --- a/packages/ca-certificates/.gitignore +++ /dev/null @@ -1 +0,0 @@ -cacert-*.pem diff --git a/packages/ca-certificates/Cargo.toml b/packages/ca-certificates/Cargo.toml deleted file mode 100644 index c79aba72e34..00000000000 --- a/packages/ca-certificates/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "ca-certificates" -version = "0.1.0" -edition = "2021" -publish = false -build = "../build.rs" - -[lib] -path = "../packages.rs" - -[package.metadata.build-package] -releases-url = "https://curl.se/docs/caextract.html" - -[[package.metadata.build-package.external-files]] -url = "https://curl.haxx.se/ca/cacert-2024-03-11.pem" -sha512 = "31f03cc19566d007c4cffdad2ada71d99b4734ad7b13bc4f30d73d321f40cbe13b87a801aa61d9788207a851cc1f95a8af8ac732a372d45edb932f204bce3744" diff --git a/packages/ca-certificates/ca-certificates.spec b/packages/ca-certificates/ca-certificates.spec deleted file mode 100644 index b4fdea15ab3..00000000000 --- a/packages/ca-certificates/ca-certificates.spec +++ /dev/null @@ -1,34 +0,0 @@ -Name: %{_cross_os}ca-certificates -Version: 2024.03.11 -Release: 1%{?dist} -Summary: CA certificates extracted from Mozilla -License: MPL-2.0 -# Note: You can see changes here: -# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt -URL: https://curl.haxx.se/docs/caextract.html -Source0: https://curl.haxx.se/ca/cacert-2024-03-11.pem -Source1: ca-certificates-tmpfiles.conf - -%description -%{summary}. - -%prep - -%build - -%install -install -d %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}/pki/tls/certs -install -p -m 0644 %{S:0} %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}/pki/tls/certs/ca-bundle.crt - -install -d %{buildroot}%{_cross_tmpfilesdir} -install -p -m 0644 %{S:1} %{buildroot}%{_cross_tmpfilesdir}/ca-certificates.conf - -%files -%{_cross_attribution_file} -%dir %{_cross_factorydir}%{_cross_sysconfdir}/pki -%dir %{_cross_factorydir}%{_cross_sysconfdir}/pki/tls -%dir %{_cross_factorydir}%{_cross_sysconfdir}/pki/tls/certs -%{_cross_factorydir}%{_cross_sysconfdir}/pki/tls/certs/ca-bundle.crt -%{_cross_tmpfilesdir}/ca-certificates.conf - -%changelog diff --git a/packages/release/Cargo.toml b/packages/release/Cargo.toml index e13c508314c..422df106af9 100644 --- a/packages/release/Cargo.toml +++ b/packages/release/Cargo.toml @@ -18,7 +18,6 @@ path = "../packages.rs" [dependencies] acpid = { path = "../acpid" } binutils = { path = "../binutils" } -ca-certificates = { path = "../ca-certificates" } chrony = { path = "../chrony" } conntrack-tools = { path = "../conntrack-tools" } containerd = { path = "../containerd" } diff --git a/packages/ca-certificates/ca-certificates-tmpfiles.conf b/packages/release/release-ca-certificates-tmpfiles.conf similarity index 100% rename from packages/ca-certificates/ca-certificates-tmpfiles.conf rename to packages/release/release-ca-certificates-tmpfiles.conf diff --git a/packages/release/release.spec b/packages/release/release.spec index 4f706dacd55..3db2605d7d9 100644 --- a/packages/release/release.spec +++ b/packages/release/release.spec @@ -15,6 +15,7 @@ Source95: release-systemd-networkd.conf Source96: release-repart-local.conf Source97: release-sysctl.conf Source98: release-systemd-system.conf +Source99: release-ca-certificates-tmpfiles.conf Source200: motd.template Source201: proxy-env @@ -99,7 +100,6 @@ Source1500: bootconfig-fips.conf Requires: %{_cross_os}acpid Requires: %{_cross_os}audit -Requires: %{_cross_os}ca-certificates Requires: %{_cross_os}chrony Requires: %{_cross_os}conntrack-tools Requires: %{_cross_os}containerd @@ -154,6 +154,7 @@ install -p -m 0644 %{S:11} %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir} install -d %{buildroot}%{_cross_tmpfilesdir} install -p -m 0644 %{S:93} %{buildroot}%{_cross_tmpfilesdir}/release.conf +install -p -m 0644 %{S:99} %{buildroot}%{_cross_tmpfilesdir}/release-ca-certificates.conf install -p -m 0644 %{S:94} %{buildroot}%{_cross_tmpfilesdir}/release-fips.conf install -d %{buildroot}%{_cross_libdir}/systemd/networkd.conf.d @@ -260,6 +261,7 @@ ln -s preconfigured.target %{buildroot}%{_cross_unitdir}/default.target %{_cross_factorydir}%{_cross_sysconfdir}/nsswitch.conf %{_cross_sysctldir}/80-release.conf %{_cross_tmpfilesdir}/release.conf +%{_cross_tmpfilesdir}/release-ca-certificates.conf %{_cross_libdir}/os-release %dir %{_cross_libdir}/repart.d %{_cross_libdir}/repart.d/80-local.conf diff --git a/variants/Cargo.lock b/variants/Cargo.lock index fef9cc8b7ae..1918bdeb236 100644 --- a/variants/Cargo.lock +++ b/variants/Cargo.lock @@ -333,10 +333,6 @@ dependencies = [ "libz", ] -[[package]] -name = "ca-certificates" -version = "0.1.0" - [[package]] name = "chrony" version = "0.1.0" @@ -1160,7 +1156,6 @@ version = "0.0.0" dependencies = [ "acpid", "binutils", - "ca-certificates", "chrony", "conntrack-tools", "containerd",