# Flip this back on, we're going to be a larger system
recommends: true
include:
- manifest-tier-0.yaml
- bootable-rpm-ostree.yaml
- podman.yaml
- firmware.yaml
- networking-tools.yaml
- system-configuration.yaml
- coreos-user-experience.yaml
- fwupd.yaml
- persistent-journal.yaml
- initramfs-full.yaml
- generic-growfs.yaml
packages:
# Include and set the default editor
- nano
# And we expect this in general
- vim-minimal
- nfs-utils
# Additional firewall support; we aren't including these in RHCOS or they
# don't exist in RHEL
- iptables-nft iptables-services
- WALinuxAgent-udev
# Allow communication between sudo and SSSD
# for caching sudo rules by SSSD.
# https://github.com/coreos/fedora-coreos-tracker/issues/445
- libsss_sudo
# SSSD; we only ship a subset of the backends
- sssd-client sssd-ad sssd-ipa sssd-krb5 sssd-ldap
# Used by admins interactively
- attr
- openssl
- lsof
# Provides terminal tools like clear, reset, tput, and tset
- ncurses
# i18n
- kbd
# zram-generator (but not zram-generator-defaults) for F33 change
# https://github.com/coreos/fedora-coreos-tracker/issues/509
- zram-generator
# resolved was broken out to its own package in rawhide/f35
- systemd-resolved
# This one is in Python so isn't in FCOS, but we can safely add it here.
- sos
# These are random architecture-specific packages
packages-x86_64:
- irqbalance
packages-ppc64le:
- irqbalance
- librtas
- powerpc-utils-core
- ppc64-diag-rtas
packages-aarch64:
- irqbalance
postprocess:
# Undo RPM scripts enabling units; we want the presets to be canonical
# https://github.com/projectatomic/rpm-ostree/issues/1803
- |
#!/usr/bin/env bash
set -xeuo pipefail
rm -rf /etc/systemd/system/*
systemctl preset-all
rm -rf /etc/systemd/user/*
systemctl --user --global preset-all
# Default to iptables-nft. Otherwise, legacy wins. We can drop this once/if we
# remove iptables-legacy. This is needed because alternatives don't work
# https://github.com/coreos/fedora-coreos-tracker/issues/677
# https://github.com/coreos/fedora-coreos-tracker/issues/676
- |
#!/usr/bin/env bash
set -xeuo pipefail
ln -sf /usr/sbin/ip6tables-nft /etc/alternatives/ip6tables
ln -sf /usr/sbin/ip6tables-nft-restore /etc/alternatives/ip6tables-restore
ln -sf /usr/sbin/ip6tables-nft-save /etc/alternatives/ip6tables-save
ln -sf /usr/sbin/iptables-nft /etc/alternatives/iptables
ln -sf /usr/sbin/iptables-nft-restore /etc/alternatives/iptables-restore
ln -sf /usr/sbin/iptables-nft-save /etc/alternatives/iptables-save
# See: https://github.com/coreos/fedora-coreos-tracker/issues/1253
# https://bugzilla.redhat.com/show_bug.cgi?id=2112857
# https://github.com/coreos/rpm-ostree/issues/3918
# Temporary workaround to remove the SetGID binary from liblockfile that is
# pulled by the s390utils but not needed for /usr/sbin/zipl.
- |
#!/usr/bin/env bash
set -xeuo pipefail
rm -f /usr/bin/dotlockfile
# Things we don't expect to ship on the host. We currently
# have recommends: false so these could only come in via
# hard requirement, in which case the build will fail.
exclude-packages:
- perl
- perl-interpreter
- nodejs
- grubby
- cowsay # Just in case
# Let's make sure initscripts doesn't get pulled back in
# https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254
- initscripts
# For (datacenter/cloud oriented) servers, we want to see the details by default.
# https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/
- plymouth
# Do not use legacy ifcfg config format in NetworkManager
# See https://github.com/coreos/fedora-coreos-config/pull/1991
- NetworkManager-initscripts-ifcfg-rh