build-sys: Enable CentOS Stream compose repos to avoid version skew

Dockerfile

@@ -47,6 +47,11 @@ RUN --mount=type=tmpfs,target=/run /src/contrib/packaging/configure-systemdboot
 #       local sources. We'll override it later.
 # NOTE: All your base belong to me.
 FROM $base as target-base
+# Handle version skew between base image and mirrors for CentOS Stream
+# xref https://gitlab.com/redhat/centos-stream/containers/bootc/-/issues/1174
+RUN --mount=type=tmpfs,target=/run \
+    --mount=type=bind,from=packaging,src=/,target=/run/packaging \
+    /run/packaging/enable-compose-repos
 RUN --mount=type=tmpfs,target=/run /usr/libexec/bootc-base-imagectl build-rootfs --manifest=standard /target-rootfs
 
 FROM scratch as base

contrib/packaging/enable-compose-repos

@@ -0,0 +1,44 @@
+#!/bin/bash
+# Enable compose repos to avoid version skew between base image and mirrors
+# xref https://gitlab.com/redhat/centos-stream/containers/bootc/-/issues/1174
+set -euo pipefail
+
+. /usr/lib/os-release
+
+case "${ID}" in
+  centos)
+    # The base image may have been built from a compose that has newer packages
+    # than what's available on the public mirrors. Enable the compose repos
+    # with higher priority to ensure we get matching versions.
+
+    # Extract the gpgkey from the existing centos.repo - c9s uses
+    # RPM-GPG-KEY-centosofficial while c10s uses RPM-GPG-KEY-centosofficial-SHA256
+    gpgkey=$(grep -m1 '^gpgkey=' /etc/yum.repos.d/centos.repo | cut -d= -f2)
+    if [[ -z "${gpgkey}" ]]; then
+      echo "Error: Could not find gpgkey in /etc/yum.repos.d/centos.repo" >&2
+      exit 1
+    fi
+
+    cat > /etc/yum.repos.d/centos-compose.repo << EOF
+[compose-baseos]
+name=CentOS Stream \$releasever Compose BaseOS
+baseurl=https://composes.stream.centos.org/stream-\$releasever/production/latest-CentOS-Stream/compose/BaseOS/\$basearch/os/
+gpgcheck=1
+enabled=1
+priority=1
+gpgkey=${gpgkey}
+
+[compose-appstream]
+name=CentOS Stream \$releasever Compose AppStream
+baseurl=https://composes.stream.centos.org/stream-\$releasever/production/latest-CentOS-Stream/compose/AppStream/\$basearch/os/
+gpgcheck=1
+enabled=1
+priority=1
+gpgkey=${gpgkey}
+EOF
+    echo "Enabled CentOS Stream compose repos (gpgkey: ${gpgkey})"
+    ;;
+  *)
+    # No compose repo needed for other distros
+    ;;
+esac

tmt/tests/booted/test-install-outside-container.nu

@@ -6,11 +6,12 @@
 use std assert
 use tap.nu
 
-# In this test we install a generic image mainly because it keeps
-# this test in theory independent of starting from a bootc host,
-# but also because it's useful to test "skew" between the bootc binary
-# doing the install and the target image.
-let target_image = "docker://quay.io/centos-bootc/centos-bootc:stream10"
+# FIXME: Revert to use generic images once https://github.com/bootc-dev/bootc/pull/1816 lands
+# Currently using the booted image to avoid version skew between bootupd in
+# the running system and the target image (e.g., different EFI file layouts).
+# let target_image = "docker://quay.io/centos-bootc/centos-bootc:stream10"
+bootc image copy-to-storage
+let target_image = "containers-storage:localhost/bootc"
 
 # setup filesystem
 mkdir /var/mnt

tmt/tests/booted/test-install-to-filesystem-var-mount.sh

@@ -16,28 +16,20 @@
 
 set -xeuo pipefail
 
-# Use a generic target image to test skew between the bootc binary doing
-# the install and the target image
-TARGET_IMAGE="docker://quay.io/centos-bootc/centos-bootc:stream10"
+# Build a derived image with LBIs removed for installation
+TARGET_IMAGE="localhost/bootc-install"
 
 echo "Testing bootc install to-filesystem with separate /var mount"
 
-# Disable SELinux enforcement for the install
-setenforce 0
+# Copy the currently booted image to container storage for podman to use
+bootc image copy-to-storage
 
-# Enable usr-overlay to allow modifications
-bootc usr-overlay
-
-# Install required packages (bootc images are immutable, so we need to install
-# after usr-overlay is enabled)
-dnf install -y parted lvm2 dosfstools e2fsprogs
-
-# Mask off conflicting ostree state
-if test -d /sysroot/ostree; then
-    mount --bind /usr/share/empty /sysroot/ostree
-fi
-rm -vrf /usr/lib/bootupd/updates
-rm -vrf /usr/lib/bootc/bound-images.d
+# Build a derived image that removes LBIs
+cat > /tmp/Containerfile.drop-lbis <<'EOF'
+FROM localhost/bootc
+RUN rm -rf /usr/lib/bootc/bound-images.d/*
+EOF
+podman build -t "$TARGET_IMAGE" -f /tmp/Containerfile.drop-lbis
 
 # Create a 12GB sparse disk image in /var/tmp (not /tmp which may be tmpfs)
 DISK_IMG=/var/tmp/disk-var-mount-test.img
@@ -91,7 +83,7 @@ vgcreate BL "$LVM_PART"
 
 # Create logical volumes
 lvcreate -L 4G -n var02 BL
-lvcreate -L 5G -n root02 BL
+lvcreate -l 100%FREE -n root02 BL
 
 # Create filesystems on logical volumes
 mkfs.ext4 -F /dev/BL/var02
@@ -122,8 +114,7 @@ echo "Filesystem layout:"
 mount | grep /var/mnt/target || true
 df -h /var/mnt/target /var/mnt/target/boot /var/mnt/target/boot/efi /var/mnt/target/var
 
-# Run bootc install to-filesystem
-# This should succeed and handle the separate /var mount correctly
+# Run bootc install to-filesystem from within the container image under test
 podman run \
     --rm --privileged \
     -v /var/mnt/target:/target \

tmt/tests/booted/test-install-unified-flag.nu

@@ -11,9 +11,12 @@
 use std assert
 use tap.nu
 
-# Use a generic target image to test skew between the bootc binary doing
-# the install and the target image
-let target_image = "docker://quay.io/centos-bootc/centos-bootc:stream10"
+# FIXME: Revert to use generic images once https://github.com/bootc-dev/bootc/pull/1816 lands
+# Currently using the booted image to avoid version skew between bootupd in
+# the running system and the target image (e.g., different EFI file layouts).
+# let target_image = "docker://quay.io/centos-bootc/centos-bootc:stream10"
+bootc image copy-to-storage
+let target_image = "containers-storage:localhost/bootc"
 
 def main [] {
     tap begin "install with experimental unified storage flag"