I'm building my own fedora Silverblue based OS. Since I want to sign all relevant parts for secure boot (kernel, kernel modules, bootloader, etc.) during compose, I need a way to temporarily import my secure boot keys.
Therefore I'm trying to split up my rpm-ostree compose tree command into multiple stages, as suggested by postprocess-script.
# Source
rpm-ostree compose tree --repo=repo --layer-repo=repo --cachedir=cache --unified-core --add-metadata-string="version=${variant_pretty} ${version}.${buildid}" "fedora-${variant}.yaml"
# Destination
rm -rf tmp
rpm-ostree compose install --repo=repo --cachedir=cache --unified-core --force-nocache "fedora-ppos.yaml" tmp
# Do everything that is required for signing
cp .. # Copy external files to tmp build root inside /tmp/rootfs
chroot ${baseDir} /bin/bash -x << 'EOF'
# [...] Do all the signing
EOF
# Finish up the commit/os
rpm-ostree compose postprocess --unified-core tmp/rootfs "fedora-${variant}.yaml"
rpm-ostree compose commit --repo=repo --unified-core --add-metadata-string="version=${variant_pretty} ${version}.${buildid}" "fedora-${variant}.yaml" tmp/rootfs
When I then take a look at the filesystem, it has a lot of files inside /etcwith the wrong ownership. They have (user:group) 1000:1000 instead of 0:0.
I guess this somehow happens since I'm executing everything with sudo and my user ID is 1000. rpm-ostree compose postprocess then does not fix those issues.
Host system details
Expected vs actual behavior
I'm building my own fedora Silverblue based OS. Since I want to sign all relevant parts for secure boot (kernel, kernel modules, bootloader, etc.) during compose, I need a way to temporarily import my secure boot keys. Therefore I'm trying to split up my
rpm-ostree compose tree
command into multiple stages, as suggested bypostprocess-script
.When I then take a look at the filesystem, it has a lot of files inside
/etc
with the wrong ownership. They have (user:group)1000:1000
instead of0:0
.I guess this somehow happens since I'm executing everything with
sudo
and my user ID is1000
.rpm-ostree compose postprocess
then does not fix those issues.A full example is available here: https://github.com/AP-Sensing/PhotonPonyOS/blob/29b37eaf9b8536816807125ae1ca48a3ef198010/justfile#L251-L261
Expected: Splitting up
rpm-ostree compose tree
should produce the same result.Steps to reproduce it
Would you like to work on the issue?
No. Don't know how.