search

osbuild / bootc-image-builder

A container for deploying bootable container images.
https://osbuild.org
Apache License 2.0
140 stars 58 forks source link

building a qcow2 from a derived image doesn't work throwing Selinux error in the pipeline #168

Open runcom opened 9 months ago

runcom commented 9 months ago

Building a derived image on osx with podman desktop and trying to create a qcow2 fails with selinux error in the pipeline. Here's the Containerfile used - note it doesn't matter if the non-dev version of the centos-bootc:stream9 container is used, it still fails.

FROM quay.io/centos-bootc/centos-bootc-dev:stream9
RUN rpm-ostree install gdm firefox gnome-kiosk-script-session plymouth-system-theme firewalld
RUN rm -rf /var/lib/gdm/.config/pulse/default.pa && rm -rf /var/lib/xkb/README.compiled
COPY custom.conf /etc/gdm/
COPY core.conf /usr/lib/sysusers.d/
COPY --chmod=0755 --chown=1042:1042 gnome-kiosk-script /usr/lib/
COPY kiosk-gdm /usr/lib/
COPY kiosk.conf /usr/lib/tmpfiles.d/
RUN mkdir -p /usr/etc-system/ && \
    echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf && \
    echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7xFq1HtZKZiaD8MfkhNtn37m8GSc1W168NoSaT9RSf cardno:000F_C36A3FC0' > /usr/etc-system/root.keys && chmod 0600 /usr/etc-system/root.keys
RUN systemctl enable sshd && firewall-offline-cmd --disabled
RUN systemctl set-default graphical.target && ostree container commit

if I just use bib to create a qcow2 from centos-bootc:stream9 or centos-bootc-dev:stream9 it works flawlessy instead

The error I always get is 

 ⏱  Duration: 0s
org.osbuild.ostree.selinux: 033dd409cb4cd702596676d94321a1dd5f23a90a4f163557aec276603d20b5e3 {
  "deployment": {
    "osname": "default",
    "ref": "ostree/1/1/0"
  }
}
Traceback (most recent call last):
  File "/run/osbuild/bin/org.osbuild.ostree.selinux", line 95, in <module>
    r = main(stage_args["tree"],
  File "/run/osbuild/bin/org.osbuild.ostree.selinux", line 80, in main
    raise ValueError("Could not find SELinux policy")
ValueError: Could not find SELinux policy

⏱  Duration: 0s

Failed
Error: running osbuild failed: exit status 1
2024/02/01 09:48:43 error: running osbuild failed: exit status 1

here's the full pipelines log:

podman run \
    --rm \
    -it \
    --privileged \
    --pull=newer \
    --security-opt label=type:unconfined_t \
    -v $(pwd)/config.json:/config.json \
    -v $(pwd)/output:/output \
    quay.io/centos-bootc/bootc-image-builder:latest \
    --type qcow2 \
    --config /config.json \
    quay.io/runcom/kiosk-base:latest
Generating manifest-qcow2.json ... DONE
Building manifest-qcow2.json
source/org.osbuild.skopeo (org.osbuild.skopeo): Getting image source signatures
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:2ad0a0fc42196a143f32c3f12c2c6069f4d17bfe15da6cd9a8d6f218b3070ca3
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:4a5f4a6603cd1623dc680d66502b3d96e70b36ae8dabea53b8532f0d8bfa965a
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:2e4960a02a6368e170f228b4fa106e3c710985860fb5c1801686ae96c94e2e38
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:e9696bd3499f2463d9ac659c076b49f77939d5d8880b19cdb68a7058af4c9e44
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:4b5f90120f1143456a058761e410c4e9794467002852c6c04b2ba85b37a60808
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:1be6be164bbd6705807fb07de5310646da50330bb137e6b3a5f231a33312af58
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:cc8749a253d9477f9303b71fc21c0289ae290ffe7dc718271627bf14005fc9b4
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:c0d1fdaaa1d72f146d6824297b5821a39d5387be345561705c7caa25ca47cf88
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:5071d287f7c7db296d5c28f34097e0647f7e77e57c084a24427b8b67bf9268b2
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:f7c3e4981127ccc5832c54f2f7b3704402c0d3fc0e5290f704d259351aa55c88
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:6c2e22d7b9b19b57645b401b2561e54d8ce8ef9872828a701095d2eed278428c
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:5956b8f11f80d013a46bac783e9d1b57b20226fa071d416428b43b5696375c91
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:c8bef76f2c94d4cc7a420f245a5d39a7593aa68df578a3ba11f27b7c54fb4d04
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:d71aab47db7a5596be1e320bab2c08fba924ad635f31bbaa1002344114992039
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:d3ae93dae5d97c785eba84c0a7972ad3e642e3f5214643bf61bc1f6512fdd708
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:4726293aa2a33ff85b98c4a71bd4fb21e6e3df24812cb409c412192c5a939115
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:ff42e03d47a841053f7a186bd824718d42ff1d406ae47e07c37e752cdf563c14
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:94b5821e307145939e33f2df175c317315cf88df7466933dee5b757d1f227508
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:999f9af559e4a46b19cee18c6ac132b59a1056a8974e7a799acd186d0f8a0108
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:0614e40d506f2160fbb8c4904f512953b6fe8cc7f1f2c099eb7ef04b49d370f4
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:21b080004e82d1fcf3047e8151994cead0c4f3a1532c3deff7e9bfa7aa7af663
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:83abaf6d6857c6205a75e1ef1674015f5da94c88d535421752e761457c30e9f5
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:ac8e626392a1f9dc56c2619d13fe20dbeb7d35264f0f79def88b504a2c645733
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:a3a568395ae2c83d8c26a745345ba996214cf347b502dd487afa5daa4d7a34ad
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:379fef1872ce19fffc8a6f0d54cba46618ee7232270c5669869ed6de71aca569
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:2d19a128033e0a53ea4fd9306b3d3a4d8008effbe6906bea0ede2dbada2ffb5c
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:99e0a5d400870763e44fbc09991caa64fb573071b2fce8c36a3eb2448b7bc08e
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:0270fde0d4d373bfc00391c5eab11c93114016eef4aa74bb13e798fd74963457
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:ddb083605a303814a02bff4f93286e7ee2c8436959f5c9c7a629feb500d014dc
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:27bcd423590746df7d4c62994fb8b7bd57a9ec66d590f0890c08498c0d1c145b
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:9128594d5c6ead9ad197f976698827477d618a94a96cacfbcbc915f70d1e1407
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:3ee5b3a43c74526384cf82c102646bf59c97d4526ddcac452d8fdb0ee33945fb
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:6ecf34d6acab0e18b92ba33e99787cf95db08e0bfca15856242c26de47e588a4
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:cc08b56138c7f253f58e79d63b2f70b2eeb57be4c8b6ac93cf2cc765859872a0
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:ecec55d49774543868959ac7b3dcf2cc23f4f67baa7a9053587155f9865978db
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:2310bd66d182ce8cb8d550419364f5967aa0d95f7d81c1e11b15ae08467be7c6
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:38206305e735ab0de33d2281dd1e1e22b100e7292494dd47a72ee0cfe139f74d
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:2699daace685d35d6ba3421ec41b104f4e0e131db4f661bc6fd3dbccdeb544a7
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:58f1b769e6dae40157549544aa8db989166eb59a92454abb1f46a62f4eddf4b1
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:50d7d0f10630ab9be1fb2b21d3a13269cbc2bb4f8415a45ae86aa7bff96b5785
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:112dfba5723614741cf6b0a6a631d2d3b0948f2cdc9ebf3673dd52d129ee1871
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:a35770dbfe51d19ae936641e62c4145337a92575d0167f8c9ba2320b2da04b7e
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:2ea66b289d6304e59654b9244138f8920dea809d7ba8ca1fa5bf66adc28e13b0
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:56dda937b9c81ba265f5f7e5f9a3a8e7212024b949ebdbc5cd95612d3f3554b1
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:2ad9c5ad1178de77c57534d24f21337551f54f563ad55d5f9c9c67673b03d488
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:b20f966cd8588dd42f94e13dd28e636e51859a9a93d92b7adad21bdf8c02433e
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:778484223fd878b87faa2c3647977e06521f2c61fc616be8c72d6d166d24b169
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:abbff43fcf075f0099bc106d3cf7b651207cea041ca1f1722c5a71e56d4c8fcb
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:feb2b075a06b1616e50b22489462f9f6d2dcd8b04ff818e443002ba5db29dc45
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:cbc6bb813b500f055cfa815eb8aa53010f112925caf073f0a03058f40a5ac5e5
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:2c26116509e233504c4d86af1639ff43fb3ce68a1893884efe338bdb69209c21
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:c686bafea26cb0f72db29f817c9196d5e9a91fffa8e0c1168b0ef21ac96b3470
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:724789c163736aa86fd0243c0252b5dce1eb1b7386d8fe7228b0090aea5a36ef
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:856147274a0c1c07edc2178334263f9d39f1a8d969f43e63829903e924b692ec
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:cb397995265fe0962f057b3290efb551755477bca620be9272b2dae4fb179209
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:100193d149de721aa41f27e3632aceb9d4952d818c97469ecce9de40ef6e3f64
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:0f2b29cda75b43b647ea3ee5aefc234b1372ea68703ea58e28b3293c4668fa25
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:3e50cffe254c455214d5d24590c19c3272a6e479b5621e1d2c9e475c1cc979c9
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:614c3a384bea11e3c34fbe9ce6d6700e68f42df72d170381df91eb6cc6eca4f5
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:872740fec956f67506a6e1ba33a968d24cd924a80a10122f2ae7dbb24b237ede
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:2187fdc81842dc9f1009de093df1f19923fb775820bad5203d444d2b1a0e9bfb
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:3f5910b797819c4779148171e0e06a0b66a8ac4611fedd512c1025168bec3a71
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:d9e95ef1132353c48b66725a263c8836d0bd6eed01284a146c9d672f0c810ce8
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:9625cf9eb5156f060d22ee1feb2113676a4871bd47d4e773d9f3c73278441af6
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:ad312c5c40ccd18a3c639cc139211f3c4284e568b69b2e748027cee057986fe0
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:bd9ddc54bea929a22b334e73e026d4136e5b73f5cc29942896c72e4ece69b13d
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:649a24114fc93d581934e57d2981ad9e8ad681bc3a6b73daee2238be12815d26
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:70d6b2462a1a554ade17ee34e352094efab5c73daf524368cdc9dd239b5462fa
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:ff33e8002e15a5a5b08346f043ba3cb19da48c0fe604e7aa9a6d8114e86a9523
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:8842c8e6fb7ea1933d8d5e6a27aa76c7b94e71d58aed32789b0c4bb4303a9dd8
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:68996e87b284eb8172fbd90f99fb53e542ad6dc365cda4bee03be4307aeaca51
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:50b1a1367bc58c32ddb644393ab04de007a83f790f990928b1f7a583130b6118
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:de537bbf0ab4a35a386b14270616f157ce55ac43b240f7c0c4ddbbbfc64719eb
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:27ec056548cc7659e3509902711327b3a383a91a41b53e125cbc72fab331097e
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:19d9e75518268f52583d67dc0444807d731f39f680996ade1fca6b1c8d9bc5eb
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying blob sha256:7152bceda1f0dbc5ebd5abd84b26e0ece08423139161df1c794e18a219973f88
source/org.osbuild.skopeo (org.osbuild.skopeo): Copying config sha256:9fa546c58071dc1b50676f35e271285bae0eb6b62fe292d0dca48a33170b7de0
source/org.osbuild.skopeo (org.osbuild.skopeo): Writing manifest to image destination
Pipeline build: 9f406ced233e4468682ffd343fa8c601ef06537d2a2fb8407d18b7c40c6dc2a6
Build
  root: <host>
  runner: org.osbuild.fedora38 (org.osbuild.fedora38)
org.osbuild.container-deploy: 62fd57299066cdf54acb2173f4377650c3b092b542b24226df5487f1e85b4f9c {
  "exclude": [
    "/sysroot"
  ]
}
time="2024-02-01T09:47:15Z" level=info msg="Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled"
Getting image source signatures
Copying blob sha256:4b5f90120f1143456a058761e410c4e9794467002852c6c04b2ba85b37a60808
Copying blob sha256:4a5f4a6603cd1623dc680d66502b3d96e70b36ae8dabea53b8532f0d8bfa965a
Copying blob sha256:2e4960a02a6368e170f228b4fa106e3c710985860fb5c1801686ae96c94e2e38
Copying blob sha256:e9696bd3499f2463d9ac659c076b49f77939d5d8880b19cdb68a7058af4c9e44
Copying blob sha256:1be6be164bbd6705807fb07de5310646da50330bb137e6b3a5f231a33312af58
Copying blob sha256:2ad0a0fc42196a143f32c3f12c2c6069f4d17bfe15da6cd9a8d6f218b3070ca3
Copying blob sha256:cc8749a253d9477f9303b71fc21c0289ae290ffe7dc718271627bf14005fc9b4
Copying blob sha256:c0d1fdaaa1d72f146d6824297b5821a39d5387be345561705c7caa25ca47cf88
Copying blob sha256:5071d287f7c7db296d5c28f34097e0647f7e77e57c084a24427b8b67bf9268b2
Copying blob sha256:f7c3e4981127ccc5832c54f2f7b3704402c0d3fc0e5290f704d259351aa55c88
Copying blob sha256:6c2e22d7b9b19b57645b401b2561e54d8ce8ef9872828a701095d2eed278428c
Copying blob sha256:5956b8f11f80d013a46bac783e9d1b57b20226fa071d416428b43b5696375c91
Copying blob sha256:c8bef76f2c94d4cc7a420f245a5d39a7593aa68df578a3ba11f27b7c54fb4d04
Copying blob sha256:d71aab47db7a5596be1e320bab2c08fba924ad635f31bbaa1002344114992039
Copying blob sha256:d3ae93dae5d97c785eba84c0a7972ad3e642e3f5214643bf61bc1f6512fdd708
Copying blob sha256:4726293aa2a33ff85b98c4a71bd4fb21e6e3df24812cb409c412192c5a939115
Copying blob sha256:ff42e03d47a841053f7a186bd824718d42ff1d406ae47e07c37e752cdf563c14
Copying blob sha256:94b5821e307145939e33f2df175c317315cf88df7466933dee5b757d1f227508
Copying blob sha256:999f9af559e4a46b19cee18c6ac132b59a1056a8974e7a799acd186d0f8a0108
Copying blob sha256:0614e40d506f2160fbb8c4904f512953b6fe8cc7f1f2c099eb7ef04b49d370f4
Copying blob sha256:21b080004e82d1fcf3047e8151994cead0c4f3a1532c3deff7e9bfa7aa7af663
Copying blob sha256:83abaf6d6857c6205a75e1ef1674015f5da94c88d535421752e761457c30e9f5
Copying blob sha256:ac8e626392a1f9dc56c2619d13fe20dbeb7d35264f0f79def88b504a2c645733
Copying blob sha256:a3a568395ae2c83d8c26a745345ba996214cf347b502dd487afa5daa4d7a34ad
Copying blob sha256:379fef1872ce19fffc8a6f0d54cba46618ee7232270c5669869ed6de71aca569
Copying blob sha256:2d19a128033e0a53ea4fd9306b3d3a4d8008effbe6906bea0ede2dbada2ffb5c
Copying blob sha256:99e0a5d400870763e44fbc09991caa64fb573071b2fce8c36a3eb2448b7bc08e
Copying blob sha256:0270fde0d4d373bfc00391c5eab11c93114016eef4aa74bb13e798fd74963457
Copying blob sha256:ddb083605a303814a02bff4f93286e7ee2c8436959f5c9c7a629feb500d014dc
Copying blob sha256:27bcd423590746df7d4c62994fb8b7bd57a9ec66d590f0890c08498c0d1c145b
Copying blob sha256:9128594d5c6ead9ad197f976698827477d618a94a96cacfbcbc915f70d1e1407
Copying blob sha256:3ee5b3a43c74526384cf82c102646bf59c97d4526ddcac452d8fdb0ee33945fb
Copying blob sha256:6ecf34d6acab0e18b92ba33e99787cf95db08e0bfca15856242c26de47e588a4
Copying blob sha256:cc08b56138c7f253f58e79d63b2f70b2eeb57be4c8b6ac93cf2cc765859872a0
Copying blob sha256:ecec55d49774543868959ac7b3dcf2cc23f4f67baa7a9053587155f9865978db
Copying blob sha256:2310bd66d182ce8cb8d550419364f5967aa0d95f7d81c1e11b15ae08467be7c6
Copying blob sha256:38206305e735ab0de33d2281dd1e1e22b100e7292494dd47a72ee0cfe139f74d
Copying blob sha256:2699daace685d35d6ba3421ec41b104f4e0e131db4f661bc6fd3dbccdeb544a7
Copying blob sha256:58f1b769e6dae40157549544aa8db989166eb59a92454abb1f46a62f4eddf4b1
Copying blob sha256:50d7d0f10630ab9be1fb2b21d3a13269cbc2bb4f8415a45ae86aa7bff96b5785
Copying blob sha256:112dfba5723614741cf6b0a6a631d2d3b0948f2cdc9ebf3673dd52d129ee1871
Copying blob sha256:a35770dbfe51d19ae936641e62c4145337a92575d0167f8c9ba2320b2da04b7e
Copying blob sha256:2ea66b289d6304e59654b9244138f8920dea809d7ba8ca1fa5bf66adc28e13b0
Copying blob sha256:56dda937b9c81ba265f5f7e5f9a3a8e7212024b949ebdbc5cd95612d3f3554b1
Copying blob sha256:2ad9c5ad1178de77c57534d24f21337551f54f563ad55d5f9c9c67673b03d488
Copying blob sha256:b20f966cd8588dd42f94e13dd28e636e51859a9a93d92b7adad21bdf8c02433e
Copying blob sha256:778484223fd878b87faa2c3647977e06521f2c61fc616be8c72d6d166d24b169
Copying blob sha256:abbff43fcf075f0099bc106d3cf7b651207cea041ca1f1722c5a71e56d4c8fcb
Copying blob sha256:feb2b075a06b1616e50b22489462f9f6d2dcd8b04ff818e443002ba5db29dc45
Copying blob sha256:cbc6bb813b500f055cfa815eb8aa53010f112925caf073f0a03058f40a5ac5e5
Copying blob sha256:2c26116509e233504c4d86af1639ff43fb3ce68a1893884efe338bdb69209c21
Copying blob sha256:c686bafea26cb0f72db29f817c9196d5e9a91fffa8e0c1168b0ef21ac96b3470
Copying blob sha256:724789c163736aa86fd0243c0252b5dce1eb1b7386d8fe7228b0090aea5a36ef
Copying blob sha256:856147274a0c1c07edc2178334263f9d39f1a8d969f43e63829903e924b692ec
Copying blob sha256:cb397995265fe0962f057b3290efb551755477bca620be9272b2dae4fb179209
Copying blob sha256:100193d149de721aa41f27e3632aceb9d4952d818c97469ecce9de40ef6e3f64
Copying blob sha256:0f2b29cda75b43b647ea3ee5aefc234b1372ea68703ea58e28b3293c4668fa25
Copying blob sha256:3e50cffe254c455214d5d24590c19c3272a6e479b5621e1d2c9e475c1cc979c9
Copying blob sha256:614c3a384bea11e3c34fbe9ce6d6700e68f42df72d170381df91eb6cc6eca4f5
Copying blob sha256:872740fec956f67506a6e1ba33a968d24cd924a80a10122f2ae7dbb24b237ede
Copying blob sha256:2187fdc81842dc9f1009de093df1f19923fb775820bad5203d444d2b1a0e9bfb
Copying blob sha256:3f5910b797819c4779148171e0e06a0b66a8ac4611fedd512c1025168bec3a71
Copying blob sha256:d9e95ef1132353c48b66725a263c8836d0bd6eed01284a146c9d672f0c810ce8
Copying blob sha256:9625cf9eb5156f060d22ee1feb2113676a4871bd47d4e773d9f3c73278441af6
Copying blob sha256:ad312c5c40ccd18a3c639cc139211f3c4284e568b69b2e748027cee057986fe0
Copying blob sha256:bd9ddc54bea929a22b334e73e026d4136e5b73f5cc29942896c72e4ece69b13d
Copying blob sha256:649a24114fc93d581934e57d2981ad9e8ad681bc3a6b73daee2238be12815d26
Copying blob sha256:70d6b2462a1a554ade17ee34e352094efab5c73daf524368cdc9dd239b5462fa
Copying blob sha256:ff33e8002e15a5a5b08346f043ba3cb19da48c0fe604e7aa9a6d8114e86a9523
Copying blob sha256:8842c8e6fb7ea1933d8d5e6a27aa76c7b94e71d58aed32789b0c4bb4303a9dd8
Copying blob sha256:68996e87b284eb8172fbd90f99fb53e542ad6dc365cda4bee03be4307aeaca51
Copying blob sha256:50b1a1367bc58c32ddb644393ab04de007a83f790f990928b1f7a583130b6118
Copying blob sha256:de537bbf0ab4a35a386b14270616f157ce55ac43b240f7c0c4ddbbbfc64719eb
Copying blob sha256:27ec056548cc7659e3509902711327b3a383a91a41b53e125cbc72fab331097e
Copying blob sha256:19d9e75518268f52583d67dc0444807d731f39f680996ade1fca6b1c8d9bc5eb
Copying blob sha256:7152bceda1f0dbc5ebd5abd84b26e0ece08423139161df1c794e18a219973f88
Copying config sha256:9fa546c58071dc1b50676f35e271285bae0eb6b62fe292d0dca48a33170b7de0
Writing manifest to image destination
9fa546c58071dc1b50676f35e271285bae0eb6b62fe292d0dca48a33170b7de0
Untagged: docker.io/library/tmp-container-deploy-97994287862764:latest
Deleted: 9fa546c58071dc1b50676f35e271285bae0eb6b62fe292d0dca48a33170b7de0

⏱  Duration: 42s
org.osbuild.selinux: 9f406ced233e4468682ffd343fa8c601ef06537d2a2fb8407d18b7c40c6dc2a6 {
  "file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
  "labels": {
    "/usr/bin/mount": "system_u:object_r:install_exec_t:s0",
    "/usr/bin/ostree": "system_u:object_r:install_exec_t:s0",
    "/usr/bin/umount": "system_u:object_r:install_exec_t:s0"
  }
}
setfiles: Regex version mismatch, expected: 10.42 2022-12-11 actual: 10.40 2022-04-14
setfiles: Regex version mismatch, expected: 10.42 2022-12-11 actual: 10.40 2022-04-14

⏱  Duration: 10s
Pipeline ostree-deployment: 033dd409cb4cd702596676d94321a1dd5f23a90a4f163557aec276603d20b5e3
Build
  root: 9f406ced233e4468682ffd343fa8c601ef06537d2a2fb8407d18b7c40c6dc2a6
  runner: org.osbuild.linux (org.osbuild.linux)
org.osbuild.ostree.init-fs: 5d6f0bc236838d4f87bc10478b799d7aaca33ff4c549f9d95d67bf84d2d40894 {}
ostree admin init-fs --modern /run/osbuild/tree --sysroot=/run/osbuild/tree

(ostree admin init-fs:4): GLib-WARNING **: 09:48:08.180: getpwuid_r(): failed due to unknown user id (0)

(ostree admin init-fs:4): GLib-WARNING **: 09:48:08.180: Could not find home directory: $HOME is not set, and user database could not be read.

⏱  Duration: 0s
org.osbuild.ostree.os-init: 3fecef446fcdf37d9f97949fa7930581feb0e220345c2867d768aeea89ecb900 {
  "osname": "default"
}
ostree admin os-init default --sysroot=/run/osbuild/tree

(ostree admin os-init:4): GLib-WARNING **: 09:48:08.294: getpwuid_r(): failed due to unknown user id (0)

(ostree admin os-init:4): GLib-WARNING **: 09:48:08.294: Could not find home directory: $HOME is not set, and user database could not be read.

⏱  Duration: 0s
org.osbuild.mkdir: efb56b39820f0b0df98b0c7da5198f6e1c20dc9ba247eb5ec37e0fc0a17bb65d {
  "paths": [
    {
      "path": "/boot/efi",
      "mode": 448
    }
  ]
}

⏱  Duration: 0s
org.osbuild.ostree.deploy.container: 68567db3acf5318146158a93ddff010b5c66bbfe68a0217437d68d78d08a129e {
  "osname": "default",
  "kernel_opts": [
    "rw",
    "console=tty0",
    "console=ttyS0"
  ],
  "target_imgref": "ostree-unverified-registry:quay.io/runcom/kiosk-base:latest",
  "rootfs": {
    "label": "root"
  },
  "mounts": [
    "/boot",
    "/boot/efi"
  ]
}
ostree container image deploy --imgref=ostree-unverified-image:dir:/tmp/tmpnokn_2ye/image --stateroot=default --target-imgref=ostree-unverified-registry:quay.io/runcom/kiosk-base:latest --karg=rw --karg=console=tty0 --karg=console=ttyS0 --karg=root=LABEL=root --sysroot=/run/osbuild/tree

(process:12): GLib-WARNING **: 09:48:08.621: getpwuid_r(): failed due to unknown user id (0)

(process:12): GLib-WARNING **: 09:48:08.621: Could not find home directory: $HOME is not set, and user database could not be read.
Image contains non-ostree compatible file paths: run: 4

⏱  Duration: 32s
org.osbuild.ostree.config: 14eaa75d621af081e049de2e73f032f1f4f192b18fe8b98d88f7b75eafddc69b {
  "repo": "/ostree/repo",
  "config": {
    "sysroot": {
      "readonly": true,
      "bootloader": "none"
    }
  }
}
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): Deployment root at 'ostree/deploy/default/deploy/ffb26361e890932d3569539780fe76215d5c169b196468e8178804740231dcaf.0'
ostree config set sysroot.bootloader none --repo=/run/osbuild/tree/ostree/repo

(ostree config:4): GLib-WARNING **: 09:48:40.815: getpwuid_r(): failed due to unknown user id (0)

(ostree config:4): GLib-WARNING **: 09:48:40.815: Could not find home directory: $HOME is not set, and user database could not be read.
ostree config set sysroot.readonly true --repo=/run/osbuild/tree/ostree/repo

(ostree config:5): GLib-WARNING **: 09:48:40.820: getpwuid_r(): failed due to unknown user id (0)

(ostree config:5): GLib-WARNING **: 09:48:40.820: Could not find home directory: $HOME is not set, and user database could not be read.
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): mounting /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/ostree/deploy/default/deploy/ffb26361e890932d3569539780fe76215d5c169b196468e8178804740231dcaf.0 -> /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/sysroot unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/var unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/boot unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): extra unmount /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree unmounted

⏱  Duration: 0s
org.osbuild.fstab: 502b50a7c548bab5e353569dbf4a01aefa55b31212e768130c77fe56f35eccaa {
  "filesystems": [
    {
      "uuid": "d04173d6-fb05-46d1-9628-d8ee4bdf225a",
      "vfs_type": "ext4",
      "path": "/",
      "options": "defaults",
      "freq": 1,
      "passno": 1
    },
    {
      "uuid": "1b5cf9f3-4683-4ae1-9bfb-ab8412eb38cf",
      "vfs_type": "ext4",
      "path": "/boot",
      "options": "defaults",
      "freq": 1,
      "passno": 2
    },
    {
      "uuid": "7B77-95E7",
      "vfs_type": "vfat",
      "path": "/boot/efi",
      "options": "umask=0077,shortname=winnt",
      "passno": 2
    }
  ]
}
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): Deployment root at 'ostree/deploy/default/deploy/ffb26361e890932d3569539780fe76215d5c169b196468e8178804740231dcaf.0'
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): mounting /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/ostree/deploy/default/deploy/ffb26361e890932d3569539780fe76215d5c169b196468e8178804740231dcaf.0 -> /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/sysroot unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/var unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/boot unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): extra unmount /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree unmounted

⏱  Duration: 0s
org.osbuild.users: 059eb28c02ea7370283440a6efa4e546655d681c52121ebeb24472949b55efd3 {
  "users": {
    "runcom": {
      "groups": [
        "wheel"
      ],
      "password": "$6$Y9Khp1szKOFoWlZI$fst.T0dxD/gXKGiS/55WniouXeDY4dss1bjBbI2ryoO.ntRvqsc7Po/X5BM38jh7FraMBRM2w15RceUC.fX8n.",
      "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7xFq1HtZKZiaD8MfkhNtn37m8GSc1W168NoSaT9RSf cardno:000F_C36A3FC0"
    }
  }
}
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): Deployment root at 'ostree/deploy/default/deploy/ffb26361e890932d3569539780fe76215d5c169b196468e8178804740231dcaf.0'
[sss_cache] [confdb_init] (0x0010): Unable to open config database [/var/lib/sss/db/config.ldb]
Could not open available domains
[sss_cache] [confdb_init] (0x0010): Unable to open config database [/var/lib/sss/db/config.ldb]
Could not open available domains
Creating mailbox file: No such file or directory
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): mounting /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/ostree/deploy/default/deploy/ffb26361e890932d3569539780fe76215d5c169b196468e8178804740231dcaf.0 -> /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/sysroot unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/var unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree/boot unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree unmounted
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): extra unmount /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree
mount/ostree-ostree/1/1/0 (org.osbuild.ostree.deployment): umount: /store/stage/uuid-cdc5c39a3d93459ea9716e005c52d696/data/tree unmounted

⏱  Duration: 0s
org.osbuild.ostree.selinux: 033dd409cb4cd702596676d94321a1dd5f23a90a4f163557aec276603d20b5e3 {
  "deployment": {
    "osname": "default",
    "ref": "ostree/1/1/0"
  }
}
Traceback (most recent call last):
  File "/run/osbuild/bin/org.osbuild.ostree.selinux", line 95, in <module>
    r = main(stage_args["tree"],
  File "/run/osbuild/bin/org.osbuild.ostree.selinux", line 80, in main
    raise ValueError("Could not find SELinux policy")
ValueError: Could not find SELinux policy

⏱  Duration: 0s

Failed
Error: running osbuild failed: exit status 1
2024/02/01 09:48:43 error: running osbuild failed: exit status 1
cgwalters commented 9 months ago

I think we need to try to minimize whatever is happening in your container build here that's breaking this.

We definitely work with derived images - in fact the -dev images are already derived.

I think it's one of the packages there, my initial suspect was flatpak-selinux but we work with that.

(Man, testing this is just super annoying with having to push images to a remote registry for each iteration; cc https://github.com/osbuild/bootc-image-builder/issues/90 )

runcom commented 9 months ago

@cgwalters alrighty, I'll try to narrow it down and provide more info (and yeah, super annoying to test and iterate for a bug like this)

runcom commented 9 months ago

I think it's one of the packages there

so, the specific error thrown, if we look at the osbuild stage source, points to the fact that there's no selinux policy at all on the system, despite being there under /etc/selinux for instance. How can you tell it's a package?

ok, it's gnome-kiosk-script-session that causes the selinux error in osbuild, otherwise, it builds just fine it seems

runcom commented 9 months ago

the transaction on the -dev container is this one and flatpak-selinux is there

bash-5.1# rpm-ostree install gnome-kiosk-script-session
Enabled rpm-md repositories: copr-coreos-continuous copr-rhcontainerbot-bootc extras-common baseos appstream
Updating metadata for 'copr-coreos-continuous'... done
Updating metadata for 'copr-rhcontainerbot-bootc'... done
Updating metadata for 'extras-common'... done
Updating metadata for 'baseos'... done
Updating metadata for 'appstream'... done
Importing rpm-md... done
rpm-md repo 'copr-coreos-continuous'; generated: 2024-02-01T15:12:05Z solvables: 188
rpm-md repo 'copr-rhcontainerbot-bootc'; generated: 2024-02-01T13:20:05Z solvables: 79
rpm-md repo 'extras-common'; generated: 2023-10-24T11:42:57Z solvables: 72
rpm-md repo 'baseos'; generated: 2024-01-30T10:19:19Z solvables: 3480
rpm-md repo 'appstream'; generated: 2024-01-30T10:21:59Z solvables: 12689
Resolving dependencies... done
Will download: 206 packages (134.8?MB)
Downloading from 'baseos'... done
Downloading from 'appstream'... done
Installing 206 packages:
  ModemManager-glib-1.20.2-1.el9.aarch64 (baseos)
  abattis-cantarell-fonts-0.301-4.el9.noarch (appstream)
  adobe-source-code-pro-fonts-2.030.1.050-12.el9.1.noarch (baseos)
  adwaita-cursor-theme-40.1.1-3.el9.noarch (appstream)
  adwaita-icon-theme-40.1.1-3.el9.noarch (appstream)
  alsa-lib-1.2.10-2.el9.aarch64 (appstream)
  at-spi2-atk-2.38.0-4.el9.aarch64 (appstream)
  at-spi2-core-2.40.3-1.el9.aarch64 (appstream)
  atk-2.36.0-5.el9.aarch64 (appstream)
  avahi-glib-0.8-20.el9.aarch64 (appstream)
  bluez-libs-5.56-6.el9.aarch64 (baseos)
  cairo-1.17.4-7.el9.aarch64 (appstream)
  cairo-gobject-1.17.4-7.el9.aarch64 (appstream)
  centos-backgrounds-90.4-1.el9.noarch (appstream)
  centos-logos-90.4-1.el9.aarch64 (appstream)
  checkpolicy-3.6-1.el9.aarch64 (appstream)
  color-filesystem-1-28.el9.noarch (appstream)
  colord-1.4.5-4.el9.aarch64 (appstream)
  colord-libs-1.4.5-4.el9.aarch64 (appstream)
  cups-libs-1:2.3.3op2-22.el9.aarch64 (baseos)
  dconf-0.40.0-6.el9.aarch64 (appstream)
  dejavu-sans-fonts-2.37-18.el9.noarch (baseos)
  desktop-file-utils-0.26-6.el9.aarch64 (appstream)
  emacs-filesystem-1:27.2-9.el9.noarch (appstream)
  enchant2-2.2.15-6.el9.aarch64 (appstream)
  exempi-2.6.0-0.2.20211007gite23c213.el9.aarch64 (appstream)
  exiv2-0.27.5-2.el9.aarch64 (appstream)
  exiv2-libs-0.27.5-2.el9.aarch64 (appstream)
  fdk-aac-free-2.0.0-8.el9.aarch64 (appstream)
  flac-libs-1.3.3-12.el9.aarch64 (appstream)
  flatpak-1.12.8-1.el9.aarch64 (appstream)
  flatpak-selinux-1.12.8-1.el9.noarch (appstream)
  flatpak-session-helper-1.12.8-1.el9.aarch64 (appstream)
  fontconfig-2.14.0-2.el9.aarch64 (appstream)
  fonts-filesystem-1:2.0.5-7.el9.1.noarch (baseos)
  freetype-2.10.4-9.el9.aarch64 (baseos)
  fribidi-1.0.10-6.el9.2.aarch64 (appstream)
  gcr-base-3.40.0-3.el9.aarch64 (appstream)
  gdk-pixbuf2-2.42.6-3.el9.aarch64 (appstream)
  gdk-pixbuf2-modules-2.42.6-3.el9.aarch64 (appstream)
  gedit-2:40.0-6.el9.aarch64 (appstream)
  geoclue2-2.6.0-7.el9.aarch64 (appstream)
  geoclue2-libs-2.6.0-7.el9.aarch64 (appstream)
  geocode-glib-3.26.2-5.el9.aarch64 (appstream)
  giflib-5.2.1-9.el9.aarch64 (appstream)
  glib-networking-2.68.3-3.el9.aarch64 (baseos)
  gnome-control-center-filesystem-40.0-30.el9.noarch (appstream)
  gnome-desktop3-40.4-1.el9.aarch64 (appstream)
  gnome-kiosk-40.0-5.el9.aarch64 (appstream)
  gnome-kiosk-script-session-40.0-5.el9.noarch (appstream)
  gnome-session-40.1.1-9.el9.aarch64 (appstream)
  gnome-settings-daemon-40.0.1-16.el9.aarch64 (appstream)
  graphene-1.10.6-2.el9.aarch64 (appstream)
  graphite2-1.3.14-9.el9.aarch64 (baseos)
  gsettings-desktop-schemas-40.0-6.el9.aarch64 (baseos)
  gsm-1.0.19-6.el9.aarch64 (appstream)
  gspell-1.9.1-3.el9.aarch64 (appstream)
  gstreamer1-1.22.1-2.el9.aarch64 (appstream)
  gstreamer1-plugins-base-1.22.1-2.el9.aarch64 (appstream)
  gtk-update-icon-cache-3.24.31-2.el9.aarch64 (appstream)
  gtk3-3.24.31-2.el9.aarch64 (appstream)
  gtksourceview4-4.8.1-5.el9.aarch64 (appstream)
  gvfs-1.48.1-4.el9.aarch64 (appstream)
  gvfs-client-1.48.1-4.el9.aarch64 (appstream)
  harfbuzz-2.7.4-10.el9.aarch64 (baseos)
  hicolor-icon-theme-0.17-13.el9.noarch (appstream)
  hunspell-1.7.0-11.el9.aarch64 (appstream)
  hunspell-en-US-0.20140811.1-20.el9.noarch (appstream)
  hunspell-filesystem-1.7.0-11.el9.aarch64 (appstream)
  hwdata-0.348-9.12.el9.noarch (baseos)
  ibus-libs-1.5.25-5.el9.aarch64 (appstream)
  iio-sensor-proxy-3.3-1.el9.aarch64 (appstream)
  iso-codes-4.6.0-3.el9.noarch (appstream)
  jbigkit-libs-2.1-23.el9.aarch64 (appstream)
  langpacks-core-font-en-3.0-16.el9.noarch (appstream)
  lcms2-2.12-3.el9.aarch64 (appstream)
  libICE-1.0.10-8.el9.aarch64 (appstream)
  libSM-1.2.3-10.el9.aarch64 (appstream)
  libX11-1.7.0-9.el9.aarch64 (appstream)
  libX11-common-1.7.0-9.el9.noarch (appstream)
  libX11-xcb-1.7.0-9.el9.aarch64 (appstream)
  libXau-1.0.9-8.el9.aarch64 (appstream)
  libXcomposite-0.4.5-7.el9.aarch64 (appstream)
  libXcursor-1.2.0-7.el9.aarch64 (appstream)
  libXdamage-1.1.5-7.el9.aarch64 (appstream)
  libXext-1.3.4-8.el9.aarch64 (appstream)
  libXfixes-5.0.3-16.el9.aarch64 (appstream)
  libXft-2.3.3-8.el9.aarch64 (appstream)
  libXi-1.7.10-8.el9.aarch64 (appstream)
  libXinerama-1.1.4-10.el9.aarch64 (appstream)
  libXrandr-1.5.2-8.el9.aarch64 (appstream)
  libXrender-0.9.10-16.el9.aarch64 (appstream)
  libXtst-1.2.3-16.el9.aarch64 (appstream)
  libXv-1.0.11-16.el9.aarch64 (appstream)
  libXxf86vm-1.1.4-18.el9.aarch64 (appstream)
  libappstream-glib-0.7.18-4.el9.aarch64 (appstream)
  libasyncns-0.8-22.el9.aarch64 (appstream)
  libcanberra-0.30-27.el9.aarch64 (appstream)
  libcanberra-gtk3-0.30-27.el9.aarch64 (appstream)
  libcdio-2.1.0-6.el9.aarch64 (appstream)
  libcdio-paranoia-10.2+2.0.1-6.el9.aarch64 (appstream)
  libdatrie-0.2.13-4.el9.aarch64 (appstream)
  libdrm-2.4.117-1.el9.aarch64 (appstream)
  libepoxy-1.5.5-4.el9.aarch64 (appstream)
  libevdev-1.11.0-3.el9.aarch64 (appstream)
  libexif-0.6.22-6.el9.aarch64 (appstream)
  libgexiv2-0.12.3-1.el9.aarch64 (appstream)
  libglvnd-1:1.3.4-1.el9.aarch64 (appstream)
  libglvnd-egl-1:1.3.4-1.el9.aarch64 (appstream)
  libglvnd-gles-1:1.3.4-1.el9.aarch64 (appstream)
  libglvnd-glx-1:1.3.4-1.el9.aarch64 (appstream)
  libgsf-1.14.47-5.el9.aarch64 (appstream)
  libgweather-40.0-3.el9.aarch64 (appstream)
  libgxps-0.3.2-3.el9.aarch64 (appstream)
  libinput-1.19.3-4.el9.aarch64 (appstream)
  libiptcdata-1.0.5-9.el9.aarch64 (appstream)
  libjpeg-turbo-2.0.90-7.el9.aarch64 (appstream)
  libldac-2.0.2.3-10.el9.aarch64 (appstream)
  libnotify-0.7.9-8.el9.aarch64 (appstream)
  libogg-2:1.3.4-6.el9.aarch64 (appstream)
  libosinfo-1.10.0-1.el9.aarch64 (appstream)
  libpeas-1.30.0-4.el9.aarch64 (baseos)
  libpeas-gtk-1.30.0-4.el9.aarch64 (appstream)
  libpeas-loader-python3-1.30.0-4.el9.aarch64 (appstream)
  libpng-2:1.6.37-12.el9.aarch64 (baseos)
  libproxy-0.4.15-35.el9.aarch64 (baseos)
  libproxy-webkitgtk4-0.4.15-35.el9.aarch64 (appstream)
  librsvg2-2.50.7-3.el9.aarch64 (appstream)
  libsbc-1.4-9.el9.aarch64 (appstream)
  libsecret-0.20.4-4.el9.aarch64 (appstream)
  libsndfile-1.0.31-8.el9.aarch64 (appstream)
  libsoup-2.72.0-8.el9.aarch64 (appstream)
  libstemmer-0-18.585svn.el9.aarch64 (appstream)
  libthai-0.1.28-8.el9.aarch64 (appstream)
  libtheora-1:1.1.1-31.el9.aarch64 (appstream)
  libtiff-4.4.0-12.el9.aarch64 (appstream)
  libtool-ltdl-2.4.6-45.el9.aarch64 (appstream)
  libtracker-sparql-3.1.2-3.el9.aarch64 (appstream)
  libvisual-1:0.4.0-34.el9.aarch64 (appstream)
  libvorbis-1:1.3.7-5.el9.aarch64 (appstream)
  libwacom-1.12.1-2.el9.aarch64 (appstream)
  libwacom-data-1.12.1-2.el9.noarch (appstream)
  libwayland-client-1.21.0-1.el9.aarch64 (appstream)
  libwayland-cursor-1.21.0-1.el9.aarch64 (appstream)
  libwayland-egl-1.21.0-1.el9.aarch64 (appstream)
  libwayland-server-1.21.0-1.el9.aarch64 (appstream)
  libwebp-1.2.0-8.el9.aarch64 (appstream)
  libxcb-1.13.1-9.el9.aarch64 (appstream)
  libxkbcommon-1.0.3-4.el9.aarch64 (appstream)
  libxkbcommon-x11-1.0.3-4.el9.aarch64 (appstream)
  libxkbfile-1.1.0-8.el9.aarch64 (appstream)
  libxshmfence-1.3-10.el9.aarch64 (appstream)
  libxslt-1.1.34-9.el9.aarch64 (appstream)
  low-memory-monitor-2.1-4.el9.aarch64 (appstream)
  mesa-libEGL-23.3.0-1.el9.aarch64 (appstream)
  mesa-libGL-23.3.0-1.el9.aarch64 (appstream)
  mesa-libgbm-23.3.0-1.el9.aarch64 (appstream)
  mesa-libglapi-23.3.0-1.el9.aarch64 (appstream)
  mtdev-1.1.5-22.el9.aarch64 (appstream)
  mutter-40.9-15.el9.aarch64 (appstream)
  openjpeg2-2.4.0-7.el9.aarch64 (appstream)
  opus-1.3.1-10.el9.aarch64 (appstream)
  orc-0.4.31-6.el9.aarch64 (appstream)
  osinfo-db-20231215-1.el9.noarch (appstream)
  osinfo-db-tools-1.10.0-1.el9.aarch64 (appstream)
  p11-kit-server-0.25.3-2.el9.aarch64 (appstream)
  pango-1.48.7-3.el9.aarch64 (appstream)
  pipewire-1.0.1-1.el9.aarch64 (appstream)
  pipewire-alsa-1.0.1-1.el9.aarch64 (appstream)
  pipewire-jack-audio-connection-kit-1.0.1-1.el9.aarch64 (appstream)
  pipewire-jack-audio-connection-kit-libs-1.0.1-1.el9.aarch64 (appstream)
  pipewire-libs-1.0.1-1.el9.aarch64 (appstream)
  pipewire-pulseaudio-1.0.1-1.el9.aarch64 (appstream)
  pixman-0.40.0-6.el9.aarch64 (appstream)
  policycoreutils-python-utils-3.6-1.el9.noarch (appstream)
  poppler-21.01.0-19.el9.aarch64 (appstream)
  poppler-data-0.4.9-9.el9.noarch (appstream)
  poppler-glib-21.01.0-19.el9.aarch64 (appstream)
  pulseaudio-libs-15.0-2.el9.aarch64 (appstream)
  pulseaudio-libs-glib2-15.0-2.el9.aarch64 (appstream)
  python3-audit-3.1.2-2.el9.aarch64 (appstream)
  python3-cairo-1.20.1-1.el9.aarch64 (appstream)
  python3-distro-1.5.0-7.el9.noarch (baseos)
  python3-gobject-3.40.1-6.el9.aarch64 (appstream)
  python3-libselinux-3.6-1.el9.aarch64 (appstream)
  python3-libsemanage-3.6-1.el9.aarch64 (appstream)
  python3-policycoreutils-3.6-1.el9.noarch (appstream)
  python3-setools-4.4.4-1.el9.aarch64 (baseos)
  rtkit-0.11-28.el9.aarch64 (appstream)
  sound-theme-freedesktop-0.8-17.el9.noarch (appstream)
  startup-notification-0.12-23.el9.aarch64 (appstream)
  totem-pl-parser-3.26.6-2.el9.aarch64 (appstream)
  tracker-3.1.2-3.el9.aarch64 (appstream)
  tracker-miners-3.1.2-4.el9.aarch64 (appstream)
  upower-0.99.11-11.el9.aarch64 (appstream)
  webkit2gtk3-jsc-2.42.4-1.el9.aarch64 (appstream)
  webrtc-audio-processing-0.3.1-8.el9.aarch64 (appstream)
  wireplumber-0.4.14-1.el9.aarch64 (appstream)
  wireplumber-libs-0.4.14-1.el9.aarch64 (appstream)
  xcb-util-0.4.0-19.el9.aarch64 (appstream)
  xdg-dbus-proxy-0.1.3-1.el9.aarch64 (appstream)
  xdg-desktop-portal-1.12.6-1.el9.aarch64 (appstream)
  xdg-desktop-portal-gtk-1.12.0-3.el9.aarch64 (appstream)
  xkeyboard-config-2.33-2.el9.noarch (appstream)
  xml-common-0.6.3-58.el9.noarch (appstream)
  zenity-3.32.0-8.el9.aarch64 (appstream)
warning: Signature not supported. Hash algorithm SHA1 not available.

(rpm-ostree install:3): libdnf-WARNING **: 16:06:32.966: failed to parse public key for /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras
Installing: libpng-2:1.6.37-12.el9.aarch64 (baseos)
Installing: atk-2.36.0-5.el9.aarch64 (appstream)
Installing: libwayland-client-1.21.0-1.el9.aarch64 (appstream)
Installing: libjpeg-turbo-2.0.90-7.el9.aarch64 (appstream)
Installing: gdk-pixbuf2-2.42.6-3.el9.aarch64 (appstream)
Installing: libogg-2:1.3.4-6.el9.aarch64 (appstream)
Installing: libdrm-2.4.117-1.el9.aarch64 (appstream)
Installing: libX11-xcb-1.7.0-9.el9.aarch64 (appstream)
Installing: lcms2-2.12-3.el9.aarch64 (appstream)
Installing: alsa-lib-1.2.10-2.el9.aarch64 (appstream)
Installing: libvorbis-1:1.3.7-5.el9.aarch64 (appstream)
Installing: fribidi-1.0.10-6.el9.2.aarch64 (appstream)
Installing: fonts-filesystem-1:2.0.5-7.el9.1.noarch (baseos)
Installing: colord-libs-1.4.5-4.el9.aarch64 (appstream)
Installing: libnotify-0.7.9-8.el9.aarch64 (appstream)
Installing: opus-1.3.1-10.el9.aarch64 (appstream)
Installing: libwayland-server-1.21.0-1.el9.aarch64 (appstream)
Installing: libstemmer-0-18.585svn.el9.aarch64 (appstream)
Installing: libglvnd-1:1.3.4-1.el9.aarch64 (appstream)
Installing: libXau-1.0.9-8.el9.aarch64 (appstream)
Installing: libxcb-1.13.1-9.el9.aarch64 (appstream)
Installing: mesa-libgbm-23.3.0-1.el9.aarch64 (appstream)
Installing: libICE-1.0.10-8.el9.aarch64 (appstream)
Installing: gstreamer1-1.22.1-2.el9.aarch64 (appstream)
Installing: dconf-0.40.0-6.el9.aarch64 (appstream)
Installing: libpeas-1.30.0-4.el9.aarch64 (baseos)
Installing: libSM-1.2.3-10.el9.aarch64 (appstream)
Installing: dejavu-sans-fonts-2.37-18.el9.noarch (baseos)
Installing: libwayland-cursor-1.21.0-1.el9.aarch64 (appstream)
Installing: xml-common-0.6.3-58.el9.noarch (appstream)
Installing: iso-codes-4.6.0-3.el9.noarch (appstream)
Installing: upower-0.99.11-11.el9.aarch64 (appstream)
Created symlink /etc/systemd/system/graphical.target.wants/upower.service → /usr/lib/systemd/system/upower.service.
Installing: python3-libselinux-3.6-1.el9.aarch64 (appstream)
Installing: pixman-0.40.0-6.el9.aarch64 (appstream)
Installing: mesa-libglapi-23.3.0-1.el9.aarch64 (appstream)
Installing: libxshmfence-1.3-10.el9.aarch64 (appstream)
Installing: libglvnd-egl-1:1.3.4-1.el9.aarch64 (appstream)
Installing: mesa-libEGL-23.3.0-1.el9.aarch64 (appstream)
Installing: libglvnd-gles-1:1.3.4-1.el9.aarch64 (appstream)
Installing: libwayland-egl-1.21.0-1.el9.aarch64 (appstream)
Installing: libtool-ltdl-2.4.6-45.el9.aarch64 (appstream)
Installing: libepoxy-1.5.5-4.el9.aarch64 (appstream)
Installing: libcdio-2.1.0-6.el9.aarch64 (appstream)
Installing: graphene-1.10.6-2.el9.aarch64 (appstream)
Installing: gnome-control-center-filesystem-40.0-30.el9.noarch (appstream)
Installing: gcr-base-3.40.0-3.el9.aarch64 (appstream)
Installing: centos-logos-90.4-1.el9.aarch64 (appstream)
Installing: avahi-glib-0.8-20.el9.aarch64 (appstream)
Installing: libproxy-0.4.15-35.el9.aarch64 (baseos)
Installing: hwdata-0.348-9.12.el9.noarch (baseos)
Installing: cups-libs-1:2.3.3op2-22.el9.aarch64 (baseos)
Installing: ModemManager-glib-1.20.2-1.el9.aarch64 (baseos)
Installing: osinfo-db-20231215-1.el9.noarch (appstream)
Installing: centos-backgrounds-90.4-1.el9.noarch (appstream)
Installing: libcdio-paranoia-10.2+2.0.1-6.el9.aarch64 (appstream)
Installing: python3-libsemanage-3.6-1.el9.aarch64 (appstream)
Installing: langpacks-core-font-en-3.0-16.el9.noarch (appstream)
Installing: xcb-util-0.4.0-19.el9.aarch64 (appstream)
Installing: adobe-source-code-pro-fonts-2.030.1.050-12.el9.1.noarch (baseos)
Installing: abattis-cantarell-fonts-0.301-4.el9.noarch (appstream)
Installing: gsettings-desktop-schemas-40.0-6.el9.aarch64 (baseos)
Installing: flac-libs-1.3.3-12.el9.aarch64 (appstream)
Installing: libtheora-1:1.1.1-31.el9.aarch64 (appstream)
Installing: gtk-update-icon-cache-3.24.31-2.el9.aarch64 (appstream)
Installing: libgsf-1.14.47-5.el9.aarch64 (appstream)
Installing: exiv2-libs-0.27.5-2.el9.aarch64 (appstream)
Installing: exiv2-0.27.5-2.el9.aarch64 (appstream)
Installing: libgexiv2-0.12.3-1.el9.aarch64 (appstream)
Installing: xkeyboard-config-2.33-2.el9.noarch (appstream)
Installing: libxkbcommon-1.0.3-4.el9.aarch64 (appstream)
Installing: libxkbcommon-x11-1.0.3-4.el9.aarch64 (appstream)
Installing: xdg-dbus-proxy-0.1.3-1.el9.aarch64 (appstream)
Installing: webrtc-audio-processing-0.3.1-8.el9.aarch64 (appstream)
Installing: webkit2gtk3-jsc-2.42.4-1.el9.aarch64 (appstream)
Installing: libproxy-webkitgtk4-0.4.15-35.el9.aarch64 (appstream)
Installing: glib-networking-2.68.3-3.el9.aarch64 (baseos)
Installing: libsoup-2.72.0-8.el9.aarch64 (appstream)
Installing: geoclue2-2.6.0-7.el9.aarch64 (appstream)
Installing: geocode-glib-3.26.2-5.el9.aarch64 (appstream)
Installing: geoclue2-libs-2.6.0-7.el9.aarch64 (appstream)
Installing: libappstream-glib-0.7.18-4.el9.aarch64 (appstream)
Installing: osinfo-db-tools-1.10.0-1.el9.aarch64 (appstream)
Installing: totem-pl-parser-3.26.6-2.el9.aarch64 (appstream)
Installing: sound-theme-freedesktop-0.8-17.el9.noarch (appstream)
error: unexpected argument '-l' found

  tip: to pass '-l' as a value, use '-- -l'

Usage: useradd [OPTIONS] <username>

For more information, try '--help'.
Installing: rtkit-0.11-28.el9.aarch64 (appstream)
Created symlink /etc/systemd/system/graphical.target.wants/rtkit-daemon.service → /usr/lib/systemd/system/rtkit-daemon.service.
Installing: python3-audit-3.1.2-2.el9.aarch64 (appstream)
Installing: poppler-data-0.4.9-9.el9.noarch (appstream)
Installing: p11-kit-server-0.25.3-2.el9.aarch64 (appstream)
Installing: orc-0.4.31-6.el9.aarch64 (appstream)
Installing: openjpeg2-2.4.0-7.el9.aarch64 (appstream)
Installing: mtdev-1.1.5-22.el9.aarch64 (appstream)
Installing: low-memory-monitor-2.1-4.el9.aarch64 (appstream)
Created symlink /etc/systemd/system/basic.target.wants/low-memory-monitor.service → /usr/lib/systemd/system/low-memory-monitor.service.
Installing: libxslt-1.1.34-9.el9.aarch64 (appstream)
Installing: libosinfo-1.10.0-1.el9.aarch64 (appstream)
Installing: libwebp-1.2.0-8.el9.aarch64 (appstream)
Installing: libwacom-data-1.12.1-2.el9.noarch (appstream)
Installing: libwacom-1.12.1-2.el9.aarch64 (appstream)
Installing: libvisual-1:0.4.0-34.el9.aarch64 (appstream)
Installing: libsecret-0.20.4-4.el9.aarch64 (appstream)
Installing: libsbc-1.4-9.el9.aarch64 (appstream)
Installing: libldac-2.0.2.3-10.el9.aarch64 (appstream)
Installing: libiptcdata-1.0.5-9.el9.aarch64 (appstream)
Installing: libexif-0.6.22-6.el9.aarch64 (appstream)
Installing: libevdev-1.11.0-3.el9.aarch64 (appstream)
Installing: libinput-1.19.3-4.el9.aarch64 (appstream)
Installing: libdatrie-0.2.13-4.el9.aarch64 (appstream)
Installing: libthai-0.1.28-8.el9.aarch64 (appstream)
Installing: libasyncns-0.8-22.el9.aarch64 (appstream)
Installing: libX11-common-1.7.0-9.el9.noarch (appstream)
Installing: libX11-1.7.0-9.el9.aarch64 (appstream)
Installing: libXext-1.3.4-8.el9.aarch64 (appstream)
Installing: libXi-1.7.10-8.el9.aarch64 (appstream)
Installing: libXrender-0.9.10-16.el9.aarch64 (appstream)
Installing: libXfixes-5.0.3-16.el9.aarch64 (appstream)
Installing: libXcomposite-0.4.5-7.el9.aarch64 (appstream)
Installing: libXcursor-1.2.0-7.el9.aarch64 (appstream)
Installing: libXdamage-1.1.5-7.el9.aarch64 (appstream)
Installing: libXrandr-1.5.2-8.el9.aarch64 (appstream)
Installing: libXtst-1.2.3-16.el9.aarch64 (appstream)
Installing: libXinerama-1.1.4-10.el9.aarch64 (appstream)
Installing: at-spi2-core-2.40.3-1.el9.aarch64 (appstream)
Installing: at-spi2-atk-2.38.0-4.el9.aarch64 (appstream)
Installing: libXv-1.0.11-16.el9.aarch64 (appstream)
Installing: libXxf86vm-1.1.4-18.el9.aarch64 (appstream)
Installing: libglvnd-glx-1:1.3.4-1.el9.aarch64 (appstream)
Installing: mesa-libGL-23.3.0-1.el9.aarch64 (appstream)
Installing: libxkbfile-1.1.0-8.el9.aarch64 (appstream)
Installing: startup-notification-0.12-23.el9.aarch64 (appstream)
Installing: jbigkit-libs-2.1-23.el9.aarch64 (appstream)
Installing: libtiff-4.4.0-12.el9.aarch64 (appstream)
Installing: gdk-pixbuf2-modules-2.42.6-3.el9.aarch64 (appstream)
Installing: iio-sensor-proxy-3.3-1.el9.aarch64 (appstream)
Installing: ibus-libs-1.5.25-5.el9.aarch64 (appstream)
Installing: hunspell-filesystem-1.7.0-11.el9.aarch64 (appstream)
Installing: hunspell-en-US-0.20140811.1-20.el9.noarch (appstream)
Installing: hunspell-1.7.0-11.el9.aarch64 (appstream)
Installing: enchant2-2.2.15-6.el9.aarch64 (appstream)
Installing: hicolor-icon-theme-0.17-13.el9.noarch (appstream)
Installing: gvfs-client-1.48.1-4.el9.aarch64 (appstream)
Installing: gsm-1.0.19-6.el9.aarch64 (appstream)
Installing: libsndfile-1.0.31-8.el9.aarch64 (appstream)
Installing: pulseaudio-libs-15.0-2.el9.aarch64 (appstream)
Installing: libcanberra-0.30-27.el9.aarch64 (appstream)
Installing: pulseaudio-libs-glib2-15.0-2.el9.aarch64 (appstream)
Installing: giflib-5.2.1-9.el9.aarch64 (appstream)
Installing: flatpak-session-helper-1.12.8-1.el9.aarch64 (appstream)
Installing: fdk-aac-free-2.0.0-8.el9.aarch64 (appstream)
Installing: exempi-2.6.0-0.2.20211007gite23c213.el9.aarch64 (appstream)
Installing: emacs-filesystem-1:27.2-9.el9.noarch (appstream)
Installing: desktop-file-utils-0.26-6.el9.aarch64 (appstream)
Installing: gvfs-1.48.1-4.el9.aarch64 (appstream)
Installing: color-filesystem-1-28.el9.noarch (appstream)
Installing: colord-1.4.5-4.el9.aarch64 (appstream)
Installing: checkpolicy-3.6-1.el9.aarch64 (appstream)
Installing: adwaita-cursor-theme-40.1.1-3.el9.noarch (appstream)
Installing: adwaita-icon-theme-40.1.1-3.el9.noarch (appstream)
Installing: python3-setools-4.4.4-1.el9.aarch64 (baseos)
Installing: python3-distro-1.5.0-7.el9.noarch (baseos)
Installing: python3-policycoreutils-3.6-1.el9.noarch (appstream)
Installing: policycoreutils-python-utils-3.6-1.el9.noarch (appstream)
Installing: flatpak-selinux-1.12.8-1.el9.noarch (appstream)
Installing: graphite2-1.3.14-9.el9.aarch64 (baseos)
Installing: harfbuzz-2.7.4-10.el9.aarch64 (baseos)
Installing: freetype-2.10.4-9.el9.aarch64 (baseos)
Installing: fontconfig-2.14.0-2.el9.aarch64 (appstream)
Installing: cairo-1.17.4-7.el9.aarch64 (appstream)
Installing: cairo-gobject-1.17.4-7.el9.aarch64 (appstream)
Installing: libgxps-0.3.2-3.el9.aarch64 (appstream)
Installing: python3-cairo-1.20.1-1.el9.aarch64 (appstream)
Installing: python3-gobject-3.40.1-6.el9.aarch64 (appstream)
Installing: libpeas-loader-python3-1.30.0-4.el9.aarch64 (appstream)
Installing: libXft-2.3.3-8.el9.aarch64 (appstream)
Installing: pango-1.48.7-3.el9.aarch64 (appstream)
Installing: gstreamer1-plugins-base-1.22.1-2.el9.aarch64 (appstream)
Installing: librsvg2-2.50.7-3.el9.aarch64 (appstream)
Installing: poppler-21.01.0-19.el9.aarch64 (appstream)
Installing: poppler-glib-21.01.0-19.el9.aarch64 (appstream)
Installing: libtracker-sparql-3.1.2-3.el9.aarch64 (appstream)
Installing: tracker-3.1.2-3.el9.aarch64 (appstream)
Installing: tracker-miners-3.1.2-4.el9.aarch64 (appstream)
Installing: bluez-libs-5.56-6.el9.aarch64 (baseos)
Installing: pipewire-1.0.1-1.el9.aarch64 (appstream)
Created symlink /etc/systemd/user/sockets.target.wants/pipewire.socket → /usr/lib/systemd/user/pipewire.socket.
Installing: pipewire-libs-1.0.1-1.el9.aarch64 (appstream)
Installing: wireplumber-0.4.14-1.el9.aarch64 (appstream)
Installing: wireplumber-libs-0.4.14-1.el9.aarch64 (appstream)
Installing: flatpak-1.12.8-1.el9.aarch64 (appstream)
Installing: xdg-desktop-portal-1.12.6-1.el9.aarch64 (appstream)
Installing: libcanberra-gtk3-0.30-27.el9.aarch64 (appstream)
Installing: gtk3-3.24.31-2.el9.aarch64 (appstream)
Installing: xdg-desktop-portal-gtk-1.12.0-3.el9.aarch64 (appstream)
Installing: gnome-desktop3-40.4-1.el9.aarch64 (appstream)
Installing: zenity-3.32.0-8.el9.aarch64 (appstream)
Installing: gnome-session-40.1.1-9.el9.aarch64 (appstream)
Installing: gspell-1.9.1-3.el9.aarch64 (appstream)
Installing: gtksourceview4-4.8.1-5.el9.aarch64 (appstream)
Installing: libgweather-40.0-3.el9.aarch64 (appstream)
Installing: gnome-settings-daemon-40.0.1-16.el9.aarch64 (appstream)
Installing: mutter-40.9-15.el9.aarch64 (appstream)
Installing: gnome-kiosk-40.0-5.el9.aarch64 (appstream)
Installing: libpeas-gtk-1.30.0-4.el9.aarch64 (appstream)
Installing: gedit-2:40.0-6.el9.aarch64 (appstream)
Installing: pipewire-jack-audio-connection-kit-libs-1.0.1-1.el9.aarch64 (appstream)
Installing: pipewire-jack-audio-connection-kit-1.0.1-1.el9.aarch64 (appstream)
Installing: gnome-kiosk-script-session-40.0-5.el9.noarch (appstream)
Installing: pipewire-alsa-1.0.1-1.el9.aarch64 (appstream)
Installing: pipewire-pulseaudio-1.0.1-1.el9.aarch64 (appstream)
Created symlink /etc/systemd/user/sockets.target.wants/pipewire-pulse.socket → /usr/lib/systemd/user/pipewire-pulse.socket.
Created symlink /etc/systemd/user/pipewire-session-manager.service → /usr/lib/systemd/user/wireplumber.service.
Created symlink /etc/systemd/user/pipewire.service.wants/wireplumber.service → /usr/lib/systemd/user/wireplumber.service.
cgwalters commented 9 months ago

One thing I do note here is that bootc's self-install does work for this image:

$ truncate -s 10G ~/build/fedora-bootc.raw; podman run -ti --pull=newer --rm --privileged --pid=host --security-opt label=type:unconfined_t -v /var/lib/containers:/var/lib/containers -v /var/home/walters/build:/output quay.io/cgwalters/ostest bootc install to-disk --via-loopback --skip-fetch-check --generic-image /output/fedora-bootc.raw

Gives me a functioning image.

But I don't yet understand what's going wrong with the osbuild bits here. I looked at the filesystem diff from that top layer and it seemed sane-ish (just a policy recompile).

runcom commented 9 months ago 
$ truncate -s 10G ~/build/fedora-bootc.raw; podman run -ti --pull=newer --rm --privileged --pid=host --security-opt label=type:unconfined_t -v /var/lib/containers:/var/lib/containers -v /var/home/walters/build:/output quay.io/cgwalters/ostest bootc install to-disk --via-loopback --skip-fetch-check --generic-image /output/fedora-bootc.raw

neat, this is a good way to test it out then for now - I can confirm that I can produce a working image from my kiosk demo using this method (although w/o anaconda, the default target I set in the Containerfile doesn't work but eh, at least it boots correctly)

runcom commented 9 months ago

@achilleas-k following https://github.com/osbuild/bootc-image-builder/issues/186 I've narrowed this issue down to just BIB as it just works with bootc self-install as reported above. This is the minimal Containerfile that I've used (the built image is at quay.io/runcom/kiosk-base:selinux-error):

FROM quay.io/centos-bootc/centos-bootc-dev:stream9
RUN rpm-ostree install gnome-kiosk-script-session && ostree container commit

Now, if I self install with bootc I get a working raw image and I'm able to boot it (converting to qcow2 first):

$ truncate -s 10G kiosk-base.raw; podman run -ti --pull=newer --rm --privileged --pid=host --security-opt label=type:unconfined_t -v /var/lib/containers:/var/lib/containers -v $PWD:/output quay.io/runcom/kiosk-base:selinux-error bootc install to-disk --via-loopback --skip-fetch-check --generic-image /output/kiosk-base.raw
...
$ qemu-img convert -f raw -O qcow2 kiosk-base.raw kiosk-base.qcow2
$ qemu-system-aarch64 \
    -M accel=hvf -device virtio-gpu-pci \
    -cpu host \
    -smp 2 \
    -m 4096 \
    -bios /opt/homebrew/Cellar/qemu/8.2.1/share/qemu/edk2-aarch64-code.fd \
    -machine virt \
    -snapshot kiosk-base.qcow2

If I instead use BIB, I get the selinux error:

$ cat config.json
{
  "blueprint": {
    "customizations": {
      "user": [
        {
          "name": "runcom",
          "password": "runcom",
          "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7xFq1HtZKZiaD8MfkhNtn37m8GSc1W168NoSaT9RSf cardno:000F_C36A3FC0",
          "groups": [
            "wheel"
          ]
        }
      ]
    }
  }
}
$ podman run \
    --rm \
    -it \
    --privileged \
    --pull=newer \
    --security-opt label=type:unconfined_t \
    -v $(pwd)/config.json:/config.json \
    -v $(pwd)/output:/output \
    quay.io/centos-bootc/bootc-image-builder:latest \
    --type qcow2 \
    --config /config.json \
    quay.io/runcom/kiosk-base:selinux-error
...
⏱  Duration: 0s
org.osbuild.ostree.selinux: 28117cb9d06dbd7fe533c7c0bd00b4489b5a67e3d1b06afbde5b1f4531592252 {
  "deployment": {
    "osname": "default",
    "ref": "ostree/1/1/0"
  }
}
Traceback (most recent call last):
  File "/run/osbuild/bin/org.osbuild.ostree.selinux", line 117, in <module>
    r = main(stage_args["tree"],
  File "/run/osbuild/bin/org.osbuild.ostree.selinux", line 102, in main
    raise ValueError("Could not find SELinux policy")
ValueError: Could not find SELinux policy

⏱  Duration: 0s

Failed
Error: running osbuild failed: exit status 1
2024/02/15 08:19:21 error: running osbuild failed: exit status 1
achilleas-k commented 9 months ago

I can definitely reproduce this but I'm still not entirely sure what's going on. The ostree.selinux stage should be trying to read /etc/selinux/config or failing that /usr/etc/selinux/config in the ostree commit to find the name of the policy. Looking at the actual stuff in the container, it looks like it should work but I'll see if I can reproduce step by step by hand (outside osbuild).