Drop the vmware_insecure image

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
2026-05-05 12:16:41 +02:00 · 2026-04-27 14:51:13 +01:00 · 2026-04-27 14:51:13 +01:00 · bc6d20c5e8
commit bc6d20c5e8
parent ffda107907
8 changed files with 3 additions and 101 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -191,7 +191,7 @@ jobs:

          if echo "$formats" | tr ' ' '\n' | grep -q '^vmware'; then
            formats=$(echo "$formats" | tr ' ' '\n' | sed '/vmware.*/d')
-            formats+=" vmware vmware_insecure vmware_ova vmware_raw"
+            formats+=" vmware vmware_ova vmware_raw"
          fi
          if echo "$formats" | tr ' ' '\n' | grep -q -P '^(ami|aws)'; then
            formats=$(echo "$formats" | tr ' ' '\n' | sed '/ami.*/d' | sed '/aws/d')
--- a/build_library/vm_image_util.sh
+++ b/build_library/vm_image_util.sh
@ -35,7 +35,6 @@ VALID_IMG_TYPES=(
    vagrant_vmware_fusion
    virtualbox
    vmware
-    vmware_insecure
    vmware_ova
    vmware_raw
    xen
@ -60,7 +59,6 @@ VALID_OEM_PACKAGES=(
    scaleway
    stackit
    vagrant
-    vagrant-key
    vagrant-virtualbox
    virtualbox
    vmware
@ -191,12 +189,6 @@ IMG_vmware_ova_OEM_SYSEXT=oem-vmware
 IMG_vmware_raw_OEM_PACKAGE=common-oem-files
 IMG_vmware_raw_OEM_SYSEXT=oem-vmware

-## vmware_insecure
-IMG_vmware_insecure_DISK_FORMAT=vmdk_scsi
-IMG_vmware_insecure_DISK_LAYOUT=vm
-IMG_vmware_insecure_CONF_FORMAT=vmware_zip
-IMG_vmware_insecure_OEM_PACKAGE=oem-vagrant-key
-
 ## parallels
 IMG_parallels_BUNDLE_FORMAT=pvm_tgz
 IMG_parallels_DISK_FORMAT=hdd
@ -937,64 +929,6 @@ EOF
    fi
 }

-_write_vmware_zip_conf() {
-    local src_name=$(basename "$VM_SRC_IMG")
-    local dst_name=$(basename "$VM_DST_IMG")
-    local dst_dir=$(dirname "$VM_DST_IMG")
-    local vmx_path="${dst_dir}/$(_src_to_dst_name "${src_name}" ".vmx")"
-    local vmx_file=$(basename "${vmx_path}")
-    local zip="${dst_dir}/$(_src_to_dst_name "${src_name}" ".zip")"
-
-    _write_vmx_conf "$1"
-
-    # Move the disk/vmx to tmp, they will be zipped.
-    mv "${VM_DST_IMG}" "${VM_TMP_DIR}/${dst_name}"
-    mv "${vmx_path}" "${VM_TMP_DIR}/${vmx_file}"
-    cat > "${VM_TMP_DIR}/insecure_ssh_key" <<EOF
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI
-w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP
-kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2
-hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO
-Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW
-yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd
-ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1
-Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf
-TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK
-iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A
-sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf
-4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP
-cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk
-EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN
-CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX
-3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG
-YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj
-3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+
-dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz
-6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC
-P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF
-llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ
-kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH
-+vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ
-NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s=
-----END RSA PRIVATE KEY-----
-EOF
-    chmod 600 "${VM_TMP_DIR}/insecure_ssh_key"
-
-    zip --junk-paths "${zip}" \
-        "${VM_TMP_DIR}/${dst_name}" \
-        "${VM_TMP_DIR}/${vmx_file}" \
-        "${VM_TMP_DIR}/insecure_ssh_key"
-
-    cat > "${VM_README}" <<EOF
-Use insecure_ssh_key in the zip for login access.
-TODO: more instructions!
-EOF
-
-    # Replace list, not append, since we packaged up the disk image.
-    VM_GENERATED_FILES=( "${zip}" "${VM_README}" )
-}
-
 # Generate a new-style (xl) Xen config file for both pvgrub and pygrub
 _write_xl_conf() {
    local vm_mem="${1:-$(_get_vm_opt MEM)}"
--- a/changelog/changes/2026-04-27-vmware-insecure.md
+++ b/changelog/changes/2026-04-27-vmware-insecure.md
@ -0,0 +1 @@
+- Dropped the VMware "insecure" image. This was added a long time ago, and it is not clear to the current Flatcar team what purpose it served. It included the Vagrant insecure SSH key but without the other Vagrant files. If you want to use Vagrant, then do so with VirtualBox or Parallels. If you want to deploy onto VMware quickly, then use the OVA image.
--- a/ci-automation/vms.sh
+++ b/ci-automation/vms.sh
@ -83,7 +83,7 @@ function _vm_build_impl() {
    formats="$*"
    if echo "$formats" | tr ' ' '\n' | grep -q '^vmware'; then
      formats=$(echo "$formats" | tr ' ' '\n' | sed '/vmware.*/d')
-      formats+=" vmware vmware_insecure vmware_ova vmware_raw"
+      formats+=" vmware vmware_ova vmware_raw"
    fi
    if echo "$formats" | tr ' ' '\n' | grep -q -P '^(ami|aws)'; then
      formats=$(echo "$formats" | tr ' ' '\n' | sed '/ami.*/d' | sed '/aws/d')
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vagrant-key/files/cloud-config.yml
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vagrant-key/files/cloud-config.yml
@ -1,4 +0,0 @@
-#cloud-config
-
-ssh_authorized_keys:
-  - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vagrant-key/files/grub.cfg
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vagrant-key/files/grub.cfg
@ -1,3 +0,0 @@
-# Flatcar GRUB settings
-
-set oem_id="vagrant"
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vagrant-key/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vagrant-key/metadata.xml
@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-</pkgmetadata>
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vagrant-key/oem-vagrant-key-0.0.3-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vagrant-key/oem-vagrant-key-0.0.3-r1.ebuild
@ -1,22 +0,0 @@
-# Copyright 2013 The CoreOS Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-DESCRIPTION="OEM suite for login access via Vagrant's ssh key."
-HOMEPAGE=""
-SRC_URI=""
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64"
-IUSE=""
-
-# no source directory
-S="${WORKDIR}"
-
-src_install() {
-	insinto "/oem"
-	doins "${FILESDIR}/cloud-config.yml"
-	doins "${FILESDIR}/grub.cfg"
-}
				`@ -0,0 +1 @@`
				`- Dropped the VMware "insecure" image. This was added a long time ago, and it is not clear to the current Flatcar team what purpose it served. It included the Vagrant insecure SSH key but without the other Vagrant files. If you want to use Vagrant, then do so with VirtualBox or Parallels. If you want to deploy onto VMware quickly, then use the OVA image.`