Base manifest configuration for Fedora CoreOS.
Use https://github.com/coreos/coreos-assembler to build it.
Discussions in https://discussion.fedoraproject.org/c/server/coreos. Bug tracking and feature requests at https://github.com/coreos/fedora-coreos-tracker.
There is one branch for each stream. The default branch is
testing-devel
,
on which all development happens. See
the design
and tooling
docs for more information about streams.
All file changes in testing-devel
are propagated to other
branches (to bodhi-updates
through
config-bot,
and to testing
through usual promotion), with the
following exceptions:
manifest.yaml
: contains the stream "identity", such as the ref, additional commit metadata, and yum input repos.- lockfiles (
manifest-lock.*
files): lockfiles are imported frombodhi-updates
totesting-devel
. Overrides (manifest-lock.overrides.*
) are manually curated.
We intend for Fedora CoreOS to be used directly for a wide variety of use cases. However, we also want to support "custom" derivatives such as Fedora Silverblue, etc. Hence the configuration in this repository is split up into reusable "layers" and components on the rpm-ostree side.
To derive from this repository, the recommendation is to add it
as a git submodule. Then create your own manifest.yaml
which does
include: fedora-coreos-config/ignition-and-ostree.yaml
for example.
You will also want to create an overlay.d
and symlink in components
in this repository's `overlay.d.
Since testing-devel
is directly promoted to testing
, it
must always be in a known state. The way we enforce this is
by requiring all packages to have a corresponding entry in
the lockfile.
Therefore, to add new packages to the OS, one must also add the corresponding entries in the lockfiles:
- for packages which should follow Bodhi updates, place them
in
manifest-lock.$basearch.json
- for packages which should remain pinned, place them
in
manifest-lock.overrides.$basearch.yaml
There will be better tooling to come to enable this, though one easy way to do this is for now:
- add packages to the correct YAML manifest
- run
cosa fetch --update-lockfile
- commit only the new package entries
Updating this repo itself is easy:
- bump
releasever
inmanifest.yaml
- update the repos in
manifest.yaml
if needed - run
cosa fetch --update-lockfile
- PR the result
Though there are also some releng-related knobs that may need changes:
- verify that the
f${releasever}-coreos-signing-pending
Koji tag has been created - update RoboSignatory config so that: