add proof of concept for building with osbuild

This is proof of concept code with many things hardcoded in the
coreos.osbuild.mpp.yaml that need to become more dynamically defined.
To use this you can set the COSA_USE_OSBUILD env var to have a value.
COSA_USE_OSBUILD=1 should work just fine.

Author: dustymabe

Dockerfile

@@ -23,6 +23,7 @@ COPY ./ /root/containerbuild/
 RUN ./build.sh write_archive_info
 RUN ./build.sh make_and_makeinstall
 RUN ./build.sh configure_user
+RUN ./build.sh patch_osbuild
 
 # clean up scripts (it will get cached in layers, but oh well)
 WORKDIR /srv/

build.sh

@@ -22,6 +22,7 @@ if [ $# -gt 1 ]; then
   echo "    configure_yum_repos"
   echo "    install_rpms"
   echo "    make_and_makeinstall"
+  echo "    patch_osbuild"
   exit 1
 fi
 
@@ -168,6 +169,12 @@ write_archive_info() {
     prepare_git_artifacts "${srcdir}" /cosa/coreos-assembler-git.json /cosa/coreos-assembler-git.tar.gz
 }
 
+patch_osbuild() {
+    # A few patches that either haven't made it into a release or
+    # that will be obsoleted with other work that will be done soon.
+    cat /usr/lib/coreos-assembler/*.patch | patch -p1 -d /usr/lib/python3.11/site-packages/
+}
+
 if [ $# -ne 0 ]; then
   # Run the function specified by the calling script
   ${1}
@@ -182,4 +189,5 @@ else
   install_ocp_tools
   trust_redhat_gpg_keys
   configure_user
+  patch_osbuild
 fi

src/0001-objectstore-also-mount-etc-containers-for-host-build.patch

@@ -0,0 +1,92 @@
+From d4b3e3655deb7d55792e52fe6a11c609fb24e3b8 Mon Sep 17 00:00:00 2001
+From: Dusty Mabe <[email protected]>
+Date: Tue, 24 Oct 2023 14:08:44 -0400
+Subject: [PATCH] objectstore: also mount /etc/containers for "host" buildroot
+
+In the case we are not using a buildroot (i.e. we are using
+the host as the buildroot) let's also mount in /etc/containers
+into the environment. There are sometimes where software running
+from /usr can't operate without configuration in /etc and this
+will allow it to work.
+
+An example of software hitting this problem is skopeo. With a
+simple config like:
+
+```
+version: '2'
+mpp-vars:
+  release: 38
+pipelines:
+  - name: skopeo-tree
+    # build: name:build
+    source-epoch: 1659397331
+    stages:
+      - type: org.osbuild.skopeo
+        inputs:
+          images:
+            type: org.osbuild.containers
+            origin: org.osbuild.source
+            mpp-resolve-images:
+              images:
+                - source: quay.io/fedora/fedora-coreos
+                  tag: stable
+                  name: localhost/fcos
+        options:
+          destination:
+            type: containers-storage
+            storage-path: /usr/share/containers/storage
+```
+
+We end up hitting an error like this:
+
+```
+time="2023-10-24T18:27:14Z" level=fatal msg="Error loading trust policy: open /etc/containers/policy.json: no such file or directory"
+Traceback (most recent call last):
+  File "/run/osbuild/bin/org.osbuild.skopeo", line 90, in <module>
+    r = main(args["inputs"], args["tree"], args["options"])
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/run/osbuild/bin/org.osbuild.skopeo", line 73, in main
+    subprocess.run(["skopeo", "copy", image_source, dest], check=True)
+  File "/usr/lib64/python3.11/subprocess.py", line 571, in run
+    raise CalledProcessError(retcode, process.args,
+subprocess.CalledProcessError: Command '['skopeo', 'copy', 'dir:/tmp/tmp5_qcng99/image', 'containers-storage:[overlay@/run/osbuild/tree/usr/share/containers/storage+/run/containers/storage]localhost/fcos']' returned non-zero exit status 1.
+```
+
+This PR adds in a mount for /etc/containers from the host so that
+/etc/containers/policy.json can be accessed.
+---
+ osbuild/objectstore.py | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/osbuild/objectstore.py b/osbuild/objectstore.py
+index 4a19ce9..922d5ee 100644
+--- a/osbuild/objectstore.py
++++ b/osbuild/objectstore.py
+@@ -283,14 +283,22 @@ class HostTree:
+         self._root = self.store.tempdir(prefix="host")
+ 
+         root = self._root.name
+-        # Create a bare bones root file system
+-        # with just /usr mounted from the host
++        # Create a bare bones root file system. Starting with just
++        # /usr mounted from the host.
+         usr = os.path.join(root, "usr")
+         os.makedirs(usr)
++        # Also add in /etc/containers, which will allow us to access
++        # /etc/containers/policy.json and enable moving containers
++        # (skopeo): https://github.com/osbuild/osbuild/pull/1410
++        # If https://github.com/containers/image/issues/2157 ever gets
++        # fixed we can probably remove this bind mount.
++        etc_containers = os.path.join(root, "etc", "containers")
++        os.makedirs(etc_containers)
+ 
+         # ensure / is read-only
+         mount(root, root)
+         mount("/usr", usr)
++        mount("/etc/containers", etc_containers)
+ 
+     @property
+     def tree(self) -> os.PathLike:
+-- 
+2.41.0
+

src/0002-Mount-boot-from-host-in-host-builder-case.patch

@@ -0,0 +1,45 @@
+From 2e34303f2e9ef1d48b965703976ef1029d7309f1 Mon Sep 17 00:00:00 2001
+From: Dusty Mabe <[email protected]>
+Date: Fri, 1 Sep 2023 12:18:25 -0400
+Subject: [PATCH] Mount boot from host in host builder case
+
+---
+ osbuild/buildroot.py   | 2 +-
+ osbuild/objectstore.py | 3 +++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/osbuild/buildroot.py b/osbuild/buildroot.py
+index 5b47d70..a0f654d 100644
+--- a/osbuild/buildroot.py
++++ b/osbuild/buildroot.py
+@@ -196,7 +196,7 @@ class BuildRoot(contextlib.AbstractContextManager):
+ 
+         # Import directories from the caller-provided root.
+         imports = ["usr"]
+-        if self.mount_boot:
++        if True:
+             imports.insert(0, "boot")
+ 
+         for p in imports:
+diff --git a/osbuild/objectstore.py b/osbuild/objectstore.py
+index 922d5ee..6a3f89a 100644
+--- a/osbuild/objectstore.py
++++ b/osbuild/objectstore.py
+@@ -294,11 +294,14 @@ class HostTree:
+         # fixed we can probably remove this bind mount.
+         etc_containers = os.path.join(root, "etc", "containers")
+         os.makedirs(etc_containers)
++        boot = os.path.join(root, "boot")
++        os.makedirs(boot)
+ 
+         # ensure / is read-only
+         mount(root, root)
+         mount("/usr", usr)
+         mount("/etc/containers", etc_containers)
++        mount("/boot", boot)
+ 
+     @property
+     def tree(self) -> os.PathLike:
+-- 
+2.41.0
+

src/cmd-buildextend-metal

@@ -261,13 +261,21 @@ EOF
 cat "${image_json}" image-dynamic.json | jq -s add > image-for-disk.json
 platforms_json="${workdir}/tmp/platforms.json"
 yaml2json "${configdir}/platforms.yaml" "${platforms_json}"
-runvm "${qemu_args[@]}" -- \
-        /usr/lib/coreos-assembler/create_disk.sh \
-            --config "$(pwd)"/image-for-disk.json \
-            --kargs "${kargs}" \
-            --platform "${ignition_platform_id}" \
-            --platforms-json "${platforms_json}" \
-            "${disk_args[@]}"
+
+if [ "${image_type}" == "qemu" ] && [ "${COSA_USE_OSBUILD:-}" != "" ]; then
+    runvm -- /usr/lib/coreos-assembler/runvm-osbuild              \
+                "${ostree_repo}" "${ref}"                         \
+                /usr/lib/coreos-assembler/coreos.osbuild.mpp.yaml \
+                "${path}.tmp"
+else
+    runvm "${qemu_args[@]}" -- \
+            /usr/lib/coreos-assembler/create_disk.sh \
+                --config "$(pwd)"/image-for-disk.json \
+                --kargs "${kargs}" \
+                --platform "${ignition_platform_id}" \
+                --platforms-json "${platforms_json}" \
+                "${disk_args[@]}"
+fi
 
 if [[ $secure_execution -eq "1" && -z "${hostkey}" ]]; then
     /usr/lib/coreos-assembler/secex-genprotimgvm-scripts/runvm.sh \