Add flatpaks (#32)

.github/workflows/build-and-test.yml

@@ -15,6 +15,7 @@ env:
   IMAGE_REPO: 'quay.io/fedora-ostree-desktops'
   IMAGE_TAG: '39'
   VARIANT: 'Server'
+  FLATPAK_REMOTE_REFS: app/org.videolan.VLC/x86_64/stable  runtime/org.kde.Platform/x86_64/5.15-23.08
   SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
   ENROLLMENT_PASSWORD: 'container-installer'
 
@@ -27,6 +28,8 @@ jobs:
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
 
       - name: Docker meta
         id: meta
@@ -62,7 +65,9 @@ jobs:
     permissions:
       contents: read
       packages: write
+    continue-on-error: false
     strategy:
+      fail-fast: false
       matrix:
         version:
           - 38
@@ -98,6 +103,7 @@ jobs:
           image_tag: ${{ env.IMAGE_TAG }}
           version: ${{ matrix.version }}
           variant: ${{ env.VARIANT }}
+          flatpak_remote_refs: ${{ env.FLATPAK_REMOTE_REFS }}
           secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }}
           enrollment_password: ${{ env.ENROLLMENT_PASSWORD }}
           iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
@@ -128,14 +134,18 @@ jobs:
     permissions:
       contents: read
       packages: write
+    continue-on-error: false
     strategy:
+      fail-fast: false
       matrix:
         version:
           - 38
           - 39
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
 
       - name: Ensure qemu is installed
         run: |
@@ -159,7 +169,7 @@ jobs:
       - name: Run ISO checks
         run: |
           mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso
-          make test-iso VERSION=${{ matrix.version }}
+          make test-iso VERSION=${{ matrix.version }} FLATPAK_REMOTE_REFS="${{ env.FLATPAK_REMOTE_REFS}}"
 
       - name: Add Kickstart and Grub options to ISO
         run: |
@@ -203,11 +213,15 @@ jobs:
         env:
           VM_USER: core
           VM_PASS: foobar
+          VM_IP: "127.0.0.1"
+          VM_PORT: "5555"
         run: |
           mkfifo vm.stdin
           qemu-system-x86_64 -name "Anaconda" \
             -m 4096 -cpu qemu64 -display none -smp 2 \
             -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 \
+            -device e1000,netdev=net0 \
+            -netdev user,id=net0,hostfwd=tcp::${VM_PORT}-:22 \
             -device virtio-serial \
             -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \
             -boot c -hda disk.qcow2 -serial telnet:localhost:4321,server,nowait & export QEMU_PID=$!
@@ -218,18 +232,23 @@ jobs:
           
           timeout 30m bash -c "while ! (grep 'login:' vm.stdout); do sleep 1; done"
 
-          export VM_IP=$({ echo '{"execute": "guest-network-get-interfaces"}'; sleep 2; } | socat unix-connect:/tmp/qga.sock - | jq -r '.return[1]["ip-addresses"][] | select(."ip-address-type"=="ipv4") | .["ip-address"]')
-          if ! (echo > /dev/tcp/${VM_IP}/22)
+          if ! (echo > /dev/tcp/${VM_IP}/${VM_PORT})
           then
             echo "SSH must be installed and enabled inside the container"
           fi
           
-          echo "VM ready for tests at IP ${VM_IP}"
-          for check in $(ls tests/vm)
-          do
-            if [[ -f $check && $check != "README.md" ]]
-            then
-              chmod +x $check
-              ./${check}
-            fi
-          done
+          echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}"
+          echo "Creating Ansible inventory"
+          cat << EOF > ansible_inventory
+          ungrouped:
+            hosts:
+              vm:
+                ansible_host: ${VM_IP}
+                ansible_port: ${VM_PORT}
+                ansible_user: ${VM_USER}
+                ansible_password: ${VM_PASS}
+                ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
+          EOF
+          
+          #make test-vm
+          kill $QEMU_PID

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "external/fedora-lorax-templates"]
+	path = external/fedora-lorax-templates
+	url = https://pagure.io/fedora-lorax-templates.git
+	branch = f39

Makefile

@@ -8,6 +8,10 @@ IMAGE_TAG = $(VERSION)
 VARIANT = Server
 WEB_UI = false
 REPOS = /etc/yum.repos.d/fedora.repo /etc/yum.repos.d/fedora-updates.repo
+ADDITIONAL_TEMPLATES = 
+FLATPAK_REMOTE_NAME = flathub
+FLATPAK_REMOTE_URL = https://flathub.org/repo/flathub.flatpakrepo
+FLATPAK_REMOTE_REFS = 
 ENROLLMENT_PASSWORD =
 SECURE_BOOT_KEY_URL =
 ADDITIONAL_TEMPLATES =
@@ -22,7 +26,10 @@ _IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED))
 _VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG)
 _REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS))
 _LORAX_TEMPLATES = $(subst .in,,$(shell ls lorax_templates/*.tmpl.in)) $(foreach file,$(shell ls lorax_templates/scripts/post),lorax_templates/post_$(file).tmpl)
-_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED ENROLLMENT_PASSWORD
+_EXTERNAL_TEMPLATES = fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl
+_FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2)
+_FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2)
+_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED FLATPAK_REMOTE_NAME FLATPAK_REMOTE_URL FLATPAK_REMOTE_REFS _FLATPAK_REPO_URL _FLATPAK_REPO_GPG ENROLLMENT_PASSWORD
 
 ifeq ($(VARIANT),Server)
 _LORAX_ARGS = --macboot --noupgrade
@@ -34,6 +41,10 @@ ifeq ($(WEB_UI),true)
 _LORAX_ARGS += -i anaconda-webui
 endif
 
+ifneq ($(FLATPAK_REMOTE_REFS),)
+_LORAX_ARGS += -i flatpak-libs
+endif
+
 # Step 7: Build end ISO
 ## Default action
 build/deploy.iso:  boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt
@@ -84,7 +95,6 @@ lorax_templates/post_%.tmpl: lorax_templates/scripts/post/%
 	do \
 		if [[ $$line =~ ^\<\% ]]; \
 		then \
-			echo $$line >> lorax_templates/post_$*.tmpl; \
 			echo >> lorax_templates/post_$*.tmpl; \
 		else \
 			if [[ $$header == 0 ]]; \
@@ -111,7 +121,6 @@ lorax_templates/%.tmpl: lorax_templates/%.tmpl.in
 	$(eval _VARS = IMAGE_NAME IMAGE_TAG _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED)
 	$(foreach var,$(_VARS),$(var)=$($(var))) envsubst '$(foreach var,$(_VARS),$$$(var))' < $(_BASE_DIR)/lorax_templates/$*.tmpl.in > $(_BASE_DIR)/lorax_templates/$*.tmpl
 
-
 # Step 2: Replace vars in repo files
 repos/%.repo: /etc/yum.repos.d/%.repo
 	mkdir repos || true
@@ -139,6 +148,8 @@ boot.iso: $(_LORAX_TEMPLATES) $(_REPO_FILES)
 		$(foreach file,$(_REPO_FILES),--repo $(_BASE_DIR)/$(file)) \
 		$(foreach file,$(_LORAX_TEMPLATES),--add-template $(_BASE_DIR)/$(file)) \
 		$(foreach file,$(ADDITIONAL_TEMPLATES),--add-template $(file)) \
+		$(foreach file,$(_FLATPAK_TEMPLATES),--add-template $(file)) \
+		$(foreach file,$(_EXTERNAL_TEMPLATES),--add-template $(_BASE_DIR)/external/$(file)) \
 		--rootfs-size $(ROOTFS_SIZE) \
 		$(foreach var,$(_TEMPLATE_VARS),--add-template-var "$(shell echo $(var) | tr '[:upper:]' '[:lower:]')=$($(var))") \
 		$(_BASE_DIR)/results/
@@ -177,12 +188,34 @@ clean:
 	rm -f $(_BASE_DIR)/*.log || true
 
 install-deps:
-	dnf install -y lorax xorriso skopeo coreutils
+	dnf install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils
+
+test: test-iso test-vm
 
 test-iso:
 	$(eval _TESTS = $(filter-out README.md,$(shell ls tests/iso)))
-	$(foreach test,$(_TESTS),chmod +x tests/iso/$(test))
-	$(foreach test,$(_TESTS),./tests/iso/$(test) deploy.iso)
-
-.PHONY: clean install-deps
+	$(eval _VARS = VERSION FLATPAK_REMOTE_NAME _FLATPAK_REPO_URL)
 
+	sudo apt-get update
+	sudo apt-get install -y squashfs-tools
+	sudo modprobe loop
+	sudo mkdir /mnt/iso /mnt/install
+	sudo mount -o loop deploy.iso /mnt/iso
+	sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install
+
+	chmod +x $(foreach test,$(_TESTS),tests/iso/$(test))
+	for test in $(_TESTS); \
+	do \
+	  $(foreach var,$(_VARS),$(var)=$($(var))) ./tests/iso/$${test}; \
+	done
+
+	# Cleanup
+	sudo umount /mnt/install
+	sudo umount /mnt/iso
+
+test-vm:
+	$(eval _TESTS = $(filter-out README.md,$(shell ls tests/vm)))
+	chmod +x $(foreach test,$(_TESTS),tests/vm/$(test))
+	for test in $(_TESTS); do ./tests/vm/$${test} deploy.iso; done
+
+.PHONY: clean install-deps test test-iso test-vm

README.md

@@ -1,4 +1,4 @@
-![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/build-and-test.yml/badge.svg??event=push)
+![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/build-and-test.yml/badge.svg?event=push)
 
 # Build Container Installer Action
 This action is used to enerate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer`

action.yml

@@ -20,6 +20,18 @@ inputs:
   extra_boot_params:
     description: Extra params used by grub to boot the anaconda installer
     required: false
+  flatpak_remote_name:
+    description: Name of the Flatpak remote repo
+    required: false
+    default: "flathub"
+  flatpak_remote_refs:
+    description: Space delimited list of refs to the flatpak packages to install
+    required: false
+    default: ""
+  flatpak_remote_url:
+    description: The URL of the Flatpak remote flatpakrepo file
+    required: false
+    default: https://flathub.org/repo/flathub.flatpakrepo
   image_name:
     description: Name of the source container image
     required: true
@@ -69,17 +81,19 @@ runs:
         if [[ -z "${{ github.action_ref }}" ]]; then if [[ "${{ github.ref_name }}" =~ (.*)/merge ]]; then tag=pr-${BASH_REMATCH[1]}; else tag=${{ github.ref_name }}; fi; fi
         if [[ -z "${tag}" ]]; then tag=${{ github.action_ref }}; fi
         docker run --privileged --volume ${{ github.workspace }}:/github/workspace ghcr.io/jasonn3/build-container-installer:${tag} \
+          ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \
           ARCH=${{ inputs.arch }} \
+          ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \
+          FLATPAK_REMOTE_NAME=${{ inputs.flatpak_remote_name }} \
+          FLATPAK_REMOTE_REFS="${{ inputs.flatpak_remote_refs }}" \
+          FLATPAK_REMOTE_URL=${{ inputs.flatpak_remote_url }} \
           IMAGE_NAME=${{ inputs.image_name }} \
           IMAGE_REPO=${{ inputs.image_repo }} \
-          VARIANT=${{ inputs.variant }} \
-          VERSION=${{ inputs.version }} \
           IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \
-          WEB_UI=${{ inputs.web_ui }} \
-          ISO_NAME=${{ inputs.iso_name }} \
-          ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \
           SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }} \
-          "ADDITIONAL_TEMPLATES=${{ inputs.additional_templates }}"
+          VARIANT=${{ inputs.variant }} \
+          VERSION=${{ inputs.version }} \
+          WEB_UI=${{ inputs.web_ui }}
 
     - name: Rename ISO file
       id: rename_iso

entrypoint.sh

@@ -2,19 +2,24 @@
 
 set -ex
 
-for entry in $@
+# Create /dev/loop0 if it doesn't already exist. `losetup` has an issue creating it during the first run
+mknod -m 0660 /dev/loop0 b 7 0 2>/dev/null || true
+
+for i
 do
-  export $entry
+  key=$(echo ${i} | cut -d= -f1)
+  value=$(echo ${i} | cut -d= -f2-)
+  export ${key}="${value}"
 done
 
 # Pull container
-make container/${IMAGE_NAME}-${IMAGE_TAG} $@
+make container/${IMAGE_NAME}-${IMAGE_TAG} "$@"
 
 # Build base ISO
-make boot.iso $@
+make boot.iso "$@"
 
 # Add container to ISO
-make build/deploy.iso $@
+make build/deploy.iso "$@"
 
 # Make output dir in github workspace
 mkdir /github/workspace/build || true

lorax_templates/scripts/post/configure_flatpak

@@ -0,0 +1,11 @@
+<%page args="_flatpak_repo_gpg"/>
+
+if [[ -d /ostree/deploy/default/var/lib/flatpak/repo ]]
+then
+    echo ${_flatpak_repo_gpg} | base64 -d > /ostree/deploy/default/var/lib/flatpak/repo/flathub.trustedkeys.gpg
+elif [[ -d /var/lib/flatpak/repo ]]
+then
+    echo ${_flatpak_repo_gpg} | base64 -d > /var/lib/flatpak/repo/flathub.trustedkeys.gpg
+else
+    echo "Could not find Flatpaks repo"
+fi

lorax_templates/set_flatpak_repo.tmpl.in

@@ -0,0 +1,4 @@
+<%page args="flatpak_remote_name, _flatpak_repo_url"/>
+
+replace "flatpak_manager\.add_remote\(\".*\", \".*\"\)" "flatpak_manager.add_remote(\"${flatpak_remote_name}\", \"${_flatpak_repo_url}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py
+replace "flatpak_manager\.replace_installed_refs_remote\(\".*\"\)" "flatpak_manager.replace_installed_refs_remote(\"${flatpak_remote_name}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py

tests/iso/os-release.sh

@@ -1,24 +1,7 @@
 #!/bin/bash
 
-iso=$1
-
-sudo apt-get update
-sudo apt-get install -y squashfs-tools
-
-sudo mkdir /mnt/{iso,install}
-
-# Mount ISO
-sudo mount -o loop $iso /mnt/iso
-
-# Mount squashfs
-sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install
-
 FOUND_VERSION=$(cat /mnt/install/etc/os-release | grep VERSION_ID | cut -d= -f2)
 
-# Cleanup
-sudo umount /mnt/install
-sudo umount /mnt/iso
-
 if [[ ${FOUND_VERSION} != ${VERSION} ]]
 then
     echo "Version mismatch"

tests/iso/verify_flatpakrepo_updated.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+add_line=$(grep flatpak_manager.add_remote /mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py)
+
+add_line_repo=$(echo ${add_line} | grep ${FLATPAK_REMOTE_NAME})
+add_line_url=$(echo ${add_line} | grep ${_FLATPAK_REPO_URL})
+
+result=0
+if [ -z "${add_line_repo}" ]
+then
+    echo "Repo name not updated on add_remote line"
+    result=1
+else
+    echo "Repo name found on add_remote line"
+fi
+
+if [ -z "${add_line_url}" ]
+then
+    echo "Repo url not updated on add_remote line"
+    result=1
+else
+    echo "Repo url found on add_remote line"
+fi
+
+replace_line=$(grep flatpak_manager.replace_installed_refs_remote /mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py)
+
+replace_line_repo=$(echo ${replace_line} | grep ${FLATPAK_REMOTE_NAME})
+
+if [ -z "${replace_line_repo}" ]
+then
+    echo "Repo name not updated on replace_installed_refs line"
+    result=1
+else
+    echo "Repo name found on replace_installed_refs line"
+fi
+
+exit ${result}

tests/vm/flatpak.yml

@@ -0,0 +1,10 @@
+#!/usr/bin/env -S ansible-playbook -i ./ansible_inventory
+---
+- name: Test for flatpaks
+  hosts: vm
+  gather_facts: no
+
+  tasks:
+  - name: Test updating flatpak packages
+    ansible.builtin.command:
+      cmd: /usr/bin/flatpak update -y