ART-19543: Refactor extensions build to use dnf download instead of rpm-ostree compose

[locriandev]

Summary

Refactors the extensions build process to use dnf download directly instead of rpm-ostree compose extensions, improving flexibility and simplifying the build process for RHEL 10.2 and other OS streams.

Changes

Build Script Refactor (extensions/build.sh)

• Replace rpm-ostree: Switched from rpm-ostree compose extensions to direct dnf download commands
• Parameterized repos: Introduced YUM_REPO_NAMES build arg to specify repos at build time
• Direct RPM downloads: Each extension now downloads RPMs directly with --resolve --alldeps
• Architecture-aware: Handles arch-specific extensions (kernel-rt for x86_64, kernel-64k for aarch64)
• Version pinning: Kernel-related packages pinned to installed kernel EVR to ensure compatibility

New Build Configuration Files

• build-args-5.0-9.8.conf: Repo names for RHEL 9.8
• build-args-5.0-10.2.conf: Repo names for RHEL 10.2
• build-args-5.0-c10s.conf: Repo names for CentOS Stream 10

Containerfile Update

• Added ARG YUM_REPO_NAMES=overridden to accept repo names as build argument
• Maintains backward compatibility with secret.repo mount

Removed Files

• Deleted YAML extension definitions (no longer needed with dnf approach):
  • extensions/rhel-9.8.yaml
  • extensions/rhel-10.2.yaml
  • extensions/centos-10.yaml

[openshift-ci-robot]

@locriandev: This pull request references ART-19543 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

Refactors the extensions build process to use dnf download directly instead of rpm-ostree compose extensions, improving flexibility and simplifying the build process for RHEL 10.2 and other OS streams.

Changes

Build Script Refactor (extensions/build.sh)

• Replace rpm-ostree: Switched from rpm-ostree compose extensions to direct dnf download commands
• Parameterized repos: Introduced YUM_REPO_NAMES build arg to specify repos at build time
• Direct RPM downloads: Each extension now downloads RPMs directly with --resolve --alldeps
• Architecture-aware: Handles arch-specific extensions (kernel-rt for x86_64, kernel-64k for aarch64)
• Version pinning: Kernel-related packages pinned to installed kernel EVR to ensure compatibility

New Build Configuration Files

• build-args-5.0-9.8.conf: Repo names for RHEL 9.8
• build-args-5.0-10.2.conf: Repo names for RHEL 10.2
• build-args-5.0-c10s.conf: Repo names for CentOS Stream 10

Containerfile Update

• Added ARG YUM_REPO_NAMES=overridden to accept repo names as build argument
• Maintains backward compatibility with secret.repo mount

Removed Files

• Deleted YAML extension definitions (no longer needed with dnf approach):
• extensions/rhel-9.8.yaml
• extensions/rhel-10.2.yaml
• extensions/centos-10.yaml

Extensions Included

All existing extensions are preserved:

• ipsec: libreswan, NetworkManager-libreswan, openvswitch3.5-ipsec
• usbguard: usbguard package
• kerberos: krb5-workstation, libkadm5
• sysstat: sysstat package
• kernel-devel: kernel-devel, kernel-headers (pinned to base kernel)
• kernel: kernel, kernel-core, kernel-modules, kernel-modules-extra (development extension)
• kernel-rt: Real-time kernel packages (x86_64 only)
• kernel-64k: 64KB page size kernel (aarch64 only)
• two-node-ha: pacemaker, pcs, fence-agents-all (RHEL only)

Benefits

1. Simplified configuration: No need for complex YAML files with repo/package mappings
2. Better flexibility: Easy to add/modify extensions without YAML schema knowledge
3. Transparent process: Clear shell commands show exactly what's being downloaded
4. RHEL 10 ready: Works seamlessly with RHEL 10.2 repos (no rpm-ostree compatibility issues)
5. Explicit repo control: Build-time configuration via .conf files makes repo selection explicit

Related

• Related to openshift-eng/ocp-build-data PR for RHEL 10.2 extensions image config
• Based on "os · os-extensions-dnf-download" conversation

Test plan

• Build extensions image for RHEL 9.8 with build-args-5.0-9.8.conf
• Build extensions image for RHEL 10.2 with build-args-5.0-10.2.conf
• Build extensions image for CentOS Stream 10 with build-args-5.0-c10s.conf
• Verify all RPMs are downloaded to /usr/share/rpm-ostree/extensions/
• Verify kernel packages match base image kernel version
• Test on x86_64 (includes kernel-rt)
• Test on aarch64 (includes kernel-64k)

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: locriandev
Once this PR has been reviewed and has the lgtm label, please assign jmarrero for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@locriandev: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/images	12eacf5	link	true	/test images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.