add proof of concept for building with osbuild

Dockerfile

@@ -23,6 +23,7 @@ COPY ./ /root/containerbuild/
 RUN ./build.sh write_archive_info
 RUN ./build.sh make_and_makeinstall
 RUN ./build.sh configure_user
+RUN ./build.sh patch_osbuild
 
 # clean up scripts (it will get cached in layers, but oh well)
 WORKDIR /srv/

build.sh

@@ -22,6 +22,7 @@ if [ $# -gt 1 ]; then
   echo "    configure_yum_repos"
   echo "    install_rpms"
   echo "    make_and_makeinstall"
+  echo "    patch_osbuild"
   exit 1
 fi
 
@@ -168,6 +169,12 @@ write_archive_info() {
     prepare_git_artifacts "${srcdir}" /cosa/coreos-assembler-git.json /cosa/coreos-assembler-git.tar.gz
 }
 
+patch_osbuild() {
+    # A few patches that either haven't made it into a release or
+    # that will be obsoleted with other work that will be done soon.
+    cat /usr/lib/coreos-assembler/*.patch | patch -p1 -d /usr/lib/python3.11/site-packages/
+}
+
 if [ $# -ne 0 ]; then
   # Run the function specified by the calling script
   ${1}
@@ -182,4 +189,5 @@ else
   install_ocp_tools
   trust_redhat_gpg_keys
   configure_user
+  patch_osbuild
 fi

src/0001-objectstore-also-mount-etc-containers-for-host-build.patch

@@ -0,0 +1,92 @@
+From d4b3e3655deb7d55792e52fe6a11c609fb24e3b8 Mon Sep 17 00:00:00 2001
+From: Dusty Mabe <dusty@dustymabe.com>
+Date: Tue, 24 Oct 2023 14:08:44 -0400
+Subject: [PATCH] objectstore: also mount /etc/containers for "host" buildroot
+
+In the case we are not using a buildroot (i.e. we are using
+the host as the buildroot) let's also mount in /etc/containers
+into the environment. There are sometimes where software running
+from /usr can't operate without configuration in /etc and this
+will allow it to work.
+
+An example of software hitting this problem is skopeo. With a
+simple config like:
+
+```
+version: '2'
+mpp-vars:
+  release: 38
+pipelines:
+  - name: skopeo-tree
+    # build: name:build
+    source-epoch: 1659397331
+    stages:
+      - type: org.osbuild.skopeo
+        inputs:
+          images:
+            type: org.osbuild.containers
+            origin: org.osbuild.source
+            mpp-resolve-images:
+              images:
+                - source: quay.io/fedora/fedora-coreos
+                  tag: stable
+                  name: localhost/fcos
+        options:
+          destination:
+            type: containers-storage
+            storage-path: /usr/share/containers/storage
+```
+
+We end up hitting an error like this:
+
+```
+time="2023-10-24T18:27:14Z" level=fatal msg="Error loading trust policy: open /etc/containers/policy.json: no such file or directory"
+Traceback (most recent call last):
+  File "/run/osbuild/bin/org.osbuild.skopeo", line 90, in <module>
+    r = main(args["inputs"], args["tree"], args["options"])
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/run/osbuild/bin/org.osbuild.skopeo", line 73, in main
+    subprocess.run(["skopeo", "copy", image_source, dest], check=True)
+  File "/usr/lib64/python3.11/subprocess.py", line 571, in run
+    raise CalledProcessError(retcode, process.args,
+subprocess.CalledProcessError: Command '['skopeo', 'copy', 'dir:/tmp/tmp5_qcng99/image', 'containers-storage:[overlay@/run/osbuild/tree/usr/share/containers/storage+/run/containers/storage]localhost/fcos']' returned non-zero exit status 1.
+```
+
+This PR adds in a mount for /etc/containers from the host so that
+/etc/containers/policy.json can be accessed.
+---
+ osbuild/objectstore.py | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/osbuild/objectstore.py b/osbuild/objectstore.py
+index 4a19ce9..922d5ee 100644
+--- a/osbuild/objectstore.py
++++ b/osbuild/objectstore.py
+@@ -283,14 +283,22 @@ class HostTree:
+         self._root = self.store.tempdir(prefix="host")
+
+         root = self._root.name
+-        # Create a bare bones root file system
+-        # with just /usr mounted from the host
++        # Create a bare bones root file system. Starting with just
++        # /usr mounted from the host.
+         usr = os.path.join(root, "usr")
+         os.makedirs(usr)
++        # Also add in /etc/containers, which will allow us to access
++        # /etc/containers/policy.json and enable moving containers
++        # (skopeo): https://github.com/osbuild/osbuild/pull/1410
++        # If https://github.com/containers/image/issues/2157 ever gets
++        # fixed we can probably remove this bind mount.
++        etc_containers = os.path.join(root, "etc", "containers")
++        os.makedirs(etc_containers)
+
+         # ensure / is read-only
+         mount(root, root)
+         mount("/usr", usr)
++        mount("/etc/containers", etc_containers)
+
+     @property
+     def tree(self) -> os.PathLike:
+-- 
+2.41.0
+

src/0002-Mount-boot-from-host-in-host-builder-case.patch

@@ -0,0 +1,45 @@
+From 2e34303f2e9ef1d48b965703976ef1029d7309f1 Mon Sep 17 00:00:00 2001
+From: Dusty Mabe <dusty@dustymabe.com>
+Date: Fri, 1 Sep 2023 12:18:25 -0400
+Subject: [PATCH] Mount boot from host in host builder case
+
+---
+ osbuild/buildroot.py   | 2 +-
+ osbuild/objectstore.py | 3 +++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/osbuild/buildroot.py b/osbuild/buildroot.py
+index 5b47d70..a0f654d 100644
+--- a/osbuild/buildroot.py
++++ b/osbuild/buildroot.py
+@@ -196,7 +196,7 @@ class BuildRoot(contextlib.AbstractContextManager):
+
+         # Import directories from the caller-provided root.
+         imports = ["usr"]
+-        if self.mount_boot:
++        if True:
+             imports.insert(0, "boot")
+
+         for p in imports:
+diff --git a/osbuild/objectstore.py b/osbuild/objectstore.py
+index 922d5ee..6a3f89a 100644
+--- a/osbuild/objectstore.py
++++ b/osbuild/objectstore.py
+@@ -294,11 +294,14 @@ class HostTree:
+         # fixed we can probably remove this bind mount.
+         etc_containers = os.path.join(root, "etc", "containers")
+         os.makedirs(etc_containers)
++        boot = os.path.join(root, "boot")
++        os.makedirs(boot)
+
+         # ensure / is read-only
+         mount(root, root)
+         mount("/usr", usr)
+         mount("/etc/containers", etc_containers)
++        mount("/boot", boot)
+
+     @property
+     def tree(self) -> os.PathLike:
+-- 
+2.41.0
+

src/cmd-buildextend-metal

@@ -261,13 +261,21 @@ EOF
 cat "${image_json}" image-dynamic.json | jq -s add > image-for-disk.json
 platforms_json="${workdir}/tmp/platforms.json"
 yaml2json "${configdir}/platforms.yaml" "${platforms_json}"
-runvm "${qemu_args[@]}" -- \
-        /usr/lib/coreos-assembler/create_disk.sh \
-            --config "$(pwd)"/image-for-disk.json \
-            --kargs "${kargs}" \
-            --platform "${ignition_platform_id}" \
-            --platforms-json "${platforms_json}" \
-            "${disk_args[@]}"
+
+if [ "${image_type}" == "qemu" ] && [ "${COSA_USE_OSBUILD:-}" != "" ]; then
+    runvm -- /usr/lib/coreos-assembler/runvm-osbuild              \
+                "${ostree_repo}" "${ref}"                         \
+                /usr/lib/coreos-assembler/coreos.osbuild.mpp.yaml \
+                "${path}.tmp"
+else
+    runvm "${qemu_args[@]}" -- \
+            /usr/lib/coreos-assembler/create_disk.sh \
+                --config "$(pwd)"/image-for-disk.json \
+                --kargs "${kargs}" \
+                --platform "${ignition_platform_id}" \
+                --platforms-json "${platforms_json}" \
+                "${disk_args[@]}"
+fi
 
 if [[ $secure_execution -eq "1" && -z "${hostkey}" ]]; then
     /usr/lib/coreos-assembler/secex-genprotimgvm-scripts/runvm.sh \