Add support for openSUSE distribution #123
Conversation
val4oss
commented
Nov 17, 2025
val4oss
commented
- Add new sub-image "initrd" to control the initrd content.
- Un-blacklist the erofs for openSUSE image.
- openSUSE obs profile
- configurations for basic openSUSE Tumbleweed image.
| # by default erofs is blacklisted in openSUSE and UKIs use erofs for the usrfs | ||
| # we need to remove the blacklist to be able to mount erofs usrfs | ||
| RemoveFiles= | ||
| /usr/lib/modprobe.d/60-blacklist_fs-erofs.conf |
There was a problem hiding this comment.
Instead of removing files in /usr, link /etc/modprobe.d/60-blacklist_fs-erofs.conf to /dev/null.
Or is it possible to use something other than erofs?
There was a problem hiding this comment.
Thank you for your feed-back 👍
With mkosi config, we cannot directly put a link. However, I can try to add in an extraTree a link that will override /etc/modprobe.d/60-blacklist_fs-erofs.conf
I would also prefer to use another file-system that we do not blacklist, but for my understanding, particleos depends on a filesystem architecture under erofs. Indeed, UKI expects to find the /usr, /usr-verity, and /usr-verity-sign partitions, which, it seems to me, are dependent on erofs. Also it is from the prerequisite of the particleos to have a read-only filesystem.
If we want to best adapt our openSUSE distribution for particleOS, without adding too much complexity to the openSUSE image, I think it's preferable to adapt to erofs?
Unless you have an idea for using btrfs or another non-blacklisted filesystem, I would be happy to try implementing it. 😉
There was a problem hiding this comment.
With mkosi config, we cannot directly put a link.
Prepare scripts may work, or just an empty file instead of a link to /dev/null?
Unless you have an idea for using btrfs or another non-blacklisted filesystem, I would be happy to try implementing it. 😉
squashfs maybe?
I think we might have to dig up why erofs got blacklisted in the first place to find a way forward here.
There was a problem hiding this comment.
Prepare scripts may work, or just an empty file instead of a link to /dev/null?
Good point, now that the initrd can be customizable we would be able to integrate scripts like the prepare, or better, the postinst or finalize one.
I will apply this changes to have a link to dev/null instead.
Thanks for the idea
squashfs maybe?
It make a lot of sense to use at instead. But with mkosi conf, can we easily override the mkosi.repart config to have one dedicated for a distribution ?
I think we might have to dig up why erofs got blacklisted in the first place to find a way forward here.
I fully agree to dig up. After a quick search, erofs appears to be blacklisted because it's not supported due to low usage. We can refer to this documentation explaining how to unblacklist this filesystem: https://en.opensuse.org/SDB:FilesystemBlacklisting#Unblacklisting_a_File_System_Module
Nevertheless, I will investigate further.
There was a problem hiding this comment.
With the last changes, the blacklist file is list to /dev/null. For now, I a m unable to override the mkosi.repart/12-usr.conf to force having a usr partition in squashfs for opensuse distribution. I don't know yet if it is possible to do that.
There was a problem hiding this comment.
...
I think we might have to dig up why erofs got blacklisted in the first place to find a way forward here.
I fully agree to dig up. After a quick search,
erofsappears to be blacklisted because it's not supported due to low usage. We can refer to this documentation explaining how to unblacklist this filesystem: https://en.opensuse.org/SDB:FilesystemBlacklisting#Unblacklisting_a_File_System_ModuleNevertheless, I will investigate further.
I'd say that is just (biased) suse policy (I'm not sure how I can change this), for RHEL, there is
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html-single/considerations_in_adopting_rhel_10/index#:~:text=The%20squashfs%20package%20has%20been%20deprecated
There was a problem hiding this comment.
Thanks @hsiangkao for the link, I was not aware that squashfs has been deprecated from RHEL 10, it is good to know 👍
From openSUSE status: there is actually an internal discussion about the idea to unblacklist the erofs (No decision has been taken, it is just discussion at the moment).
Nevertheless, as the topic of this request is to add the openSUSE image to the particleOS, with the unblacklist workaround from the initrd, it works. FMHO, We can continue with this, and whatever decisions are made, if erofs is no longer blacklisted in the future, I will remove this workaround. And if the particleOS project is given the ability to change the filesystem of the /usr partition depending on the distribution, then I will do what is necessary to install squashfs for openSUSE. 😃
val4oss
force-pushed
the
opensuse
branch
2 times, most recently
from
51fcea4 to
e9a59eb
Compare
mkosi.conf.d/opensuse/mkosi.conf
Outdated
|
|
||
| [Distribution] | ||
| Release=tumbleweed | ||
| Repositories=non-oss |
There was a problem hiding this comment.
What requires that the non-oss repository be enabled? OpenSUSE themselves do not enable non-oss by default, so why should ParticleOS?
I'm just a user and would-be ParticleOS contributor, so I can't speak for the maintainers of ParticleOS and systemd. But IMO non-free software should always be opt-in, unless there are very significant reasons to do otherwise. If you see such a need here, please elaborate on that.
There was a problem hiding this comment.
There is no need for non-oss to be enabled by default. It shouldn't be part of the base profile.
There was a problem hiding this comment.
Thanks for the feed-back
I had based my work on the mkosi configuration files in the systemd-testsuite project, but you are absolutely right, and non-oss should not be there. I'm removing it with the latest modifications.
| xz | ||
| zypper | ||
|
|
||
| VolatilePackages= |
There was a problem hiding this comment.
Relatively small thing, but why are these packages listed out so explicitly, rather than letting the package manager resolve dependencies? Try looking at the corresponding mkosi.conf for the existing distros and working from there. If you need to diverge from what those config files do, please provide rationale in a comment.
There was a problem hiding this comment.
Thanks for this comment. I was initially inspired by the list of packages used to create the minimla tumbleweed image as we can found here: https://build.opensuse.org/projects/openSUSE:Factory:ToTest/packages/opensuse-tumbleweed-image/files/config.kiwi?expand=1
But you're absolutely right, and in the ParticleOS environment, it's better to start with an existing distro. So, with the latest changes, I've adapted the list accordingly, hoping it will be better.
|
|
||
| [Content] | ||
| # Main pcrlock files has been move from experimental to udev package but some | ||
| # needed files are still in systemd-experimental. |
There was a problem hiding this comment.
Which files? Would be good to know when this can be removed.
There was a problem hiding this comment.
I added the list of requires missing files. Unfortunately, these files will remains in systemd-experimental package at the moment, I don't think there are plans to move them.
There was a problem hiding this comment.
Doesn't look like you adjusted VolatilePackages= at all.
There was a problem hiding this comment.
Indeed, thanks, should be better now :)
| name=Base:System Factory Devel Project (openSUSE_Tumbleweed) | ||
| type=rpm-md | ||
| baseurl=https://download.opensuse.org/repositories/system:/systemd/openSUSE_Tumbleweed/ | ||
| gpgcheck=0 |
There was a problem hiding this comment.
Not sure if it is possible to verify the signature of the custom repo to system:systemd with zypper in that stage. There is no script that can auto-import-gpg before the creation of the sandboxtree. I wasn't able to get rid of the Signature veirification with zypper.
There was a problem hiding this comment.
Try looking at the gpgkey setting in the corresponding Fedora file. Maybe the file pointed to by that setting has an equivalent in openSUSE.
There was a problem hiding this comment.
As already discussed in this issue report from zypper: openSUSE/zypper#528 (comment), at the moment there is no option for zypper to fetch local gpg key. The keys need to be trusted from the rpmdb, so it needs to call rpm --import PUBKEY ... at least first.
gpgkey settings int he corresponding Fedora file cannot have an equivalent in openSUSE.
There was a problem hiding this comment.
If I'm understanding correctly then, rpm --import PUBKEY ... or any other needed commands should be called in a script run by mkosi. Maybe someone more knowledgeable can weigh in here, but I assume that mkosi.sync/SyncScripts= would be the appropriate place here:
If mkosi.sync (SyncScripts=) exists, it is executed before the image is built. This script may be used to update various sources that are used to build the image.
There was a problem hiding this comment.
This script also run too late, see https://github.com/systemd/mkosi/blob/main/mkosi/resources/man/mkosi.1.md#execution-flow there aren't any scripts called before the step2: "Sync the package manager repository metadata"
There was a problem hiding this comment.
Maybe that's worth filing an issue or asking about in the Matrix room.
|
Why is |
It is not |
* configurations for basic openSUSE Tumbleweed image. * Add new sub-image "initrd" to control the initrd content. * Un-blacklist the erofs for openSUSE image. * Add systemd-experimental for missing pcrlock files * openSUSE obs profile Signed-off-by: val4oss <val4oss@pm.me>
5 participants
