Loading config from the initrd with `oem://` was broken because Ignition
was still looking in /usr/share/oem, which is now moved to /oem by the
minimal initrd.
This also fixes mounting the OEM partition when /mnt does not already
exist. This fix is slightly academic, because this currently only
happens when PXE booting, where the OEM partition won't exist anyway,
but we should fail for the right reason.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
For A/B-updated /etc contents we used a custom overlay mount that
provides the default files through a lowerdir loaded from /usr. Since
then we upstreamed mutable systemd-confext support and now we can switch
to it.
This pulls in https://github.com/flatcar/init/pull/138 and
https://github.com/flatcar/bootengine/pull/115 together with backported
systemd patches that have opened or merged upstream PRs to fix --root=
issues and add a refresh skip check to prevent boot disruptions due to
the multiple daemon reloads and - more important - the missing atomic
remount that would mean /etc is gone for a few milliseconds during boot.
The skip logic works best with verity hashes and thus the default
confext must be a verity extension image.
User-provided confext don't work well yet unless they use verity due to
the missing atomic remount and reliance on the skipping logic. We also
need to look into stacking order and other mutabiliy settings.
The backported systemd patches relate to the following upstream PRs:
https://github.com/systemd/systemd/pull/39843 for
vpick-Don-t-use-openat-directly-but-resolve-symlinks
discover-image-Follow-symlinks-in-a-given-root
sysext-Use-correct-image-name-for-extension-release
test-Add-tests-for-handling-symlinks-with-systemd-sy
Note that the patch in the PR relies on
0859fe3f32774f1e0c787974cc252ff922a1b868 but the backport patch not.
https://github.com/systemd/systemd/pull/39980 for
sysext-Create-mutable-directory-with-the-right-mode
sysext-Skip-refresh-if-no-changes-are-found
https://github.com/systemd/systemd/pull/39991 for
sysext-Get-verity-user-certs-from-given-root
https://github.com/systemd/systemd/pull/40063 for
sysext-Fix-config-file-support-with-root
which relies on https://github.com/systemd/systemd/pull/38250 for
man-sysext.conf-add-systemd-sysext-config-files
sysext-introduce-global-config-file
sysext-support-ImagePolicy-global-config-option
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
It was never updated in a meaningful way. It was only used directly in
lsb_release, which is a dead standard. It was included in the os-release
`PRETTY_NAME` but not as a field on its own.
Closes: https://github.com/flatcar/scripts/pull/88
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
This is needed to support modern terminals like foot and Alacritty.
These take up around 7.5MB more, but the btrfs compression should reduce
this considerably.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Update the changelog entry to include information about OEM sysexts
being signed and built during the image phase.
Signed-off-by: Daniel Zatovic <daniel.zatovic@gmail.com>
