# Modern defaults we want boot-location: modules tmp-is-dir: true # https://github.com/CentOS/centos-bootc/issues/167 machineid-compat: true # Be minimal recommends: false ignore-removed-users: - root ignore-removed-groups: - root etc-group-members: - wheel - sudo - systemd-journal - adm # Default to `bash` in our container, the same as other containers we ship. container-cmd: - /sbin/init # Note that the default for c9s+ is sqlite; we can't rely on rpm being # in the target (it isn't in tier-0!) so turn this to host here. This # does break the "hermetic build" aspect a bit. Maybe eventually # what we should do is special case this and actually install RPM temporarily # and then remove it... rpmdb: host check-passwd: type: "file" filename: "passwd" check-groups: type: "file" filename: "group" automatic-version-prefix: "${releasever}." mutate-os-release: "${releasever}" remove-from-packages: # Generally we expect other tools to do this (e.g. Ignition or cloud-init) - [systemd, /usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service] # We don't want auto-generated mount units. See also # https://github.com/systemd/systemd/issues/13099 - [systemd-udev, /usr/lib/systemd/system-generators/systemd-gpt-auto-generator] # Drop some buggy sysusers fragments which do not match static IDs allocation: # https://bugzilla.redhat.com/show_bug.cgi?id=2105177 - [dbus-common, /usr/lib/sysusers.d/dbus.conf] include: - bootc.yaml - bootupd.yaml - ostree.yaml - initramfs.yaml - basic-fixes.yaml - iot.yaml packages: # needed for building derived container images - dnf5 # Even in tier-0, we have this. If you don't want SELinux today, you'll need # to build a custom image. - selinux-policy-targeted # And we want container-selinux because trying to layer it on later currently causes issues. - container-selinux # Needed for tpm2 bound luks - tpm2-tools