Answers inline below:
From: Dev [mailto:email@example.com] On Behalf Of Michal
Sent: Thursday, February 15, 2018 9:53 PM
Subject: [Clr-dev] Custom packages and clear Linux
After reading through all of the documentation and experimenting a bit, it's
still not clear if I can add custom packages to my Clearlinux installation.
The mixer tool, all powerful, can build entire custom distribution for me.
That's great, but I don't want to keep track of security updates manually,
rebuild everything every couple of days and have my servers source packages
and updates from me and only from me.
Let's say I use the iso that mixer produced:
- where will swupd point to for bundles? My server?
Yes, if you use mixer to create your own image, you become the OSV at that point. You
would have to add the bundles you want to your mixer image to be able to install them.
- where will the security updates come from? Upstream or from me?
Anything you do not provide - rpm wise - will be pulled from the upstream version you are
building against. So let's say you created a bundle called mybundle, and inside added
vim, git, and openssh, if you do not provide those rpms locally the mixer tool will pull
them from the official release you're building against. Getting any updates and
changes to your clients however, requires you to create a mix so the clients can update to
them. Again, this is because with a full mix you have become the OSV and are responsible
for providing updates to your client systems. (They would not be able to update to
upstream anyway due to not having the correct certificate to verify the updates from
- say I want to install a new bundle, that wasn't around when I
from my custom ISO. Do I have to rebuild entire server, with a new iso?
You have to build a new mix, but after the chroots are created, only things that have
change will have update content created for them, so it will be a bit faster to build the
next update. You don't have to create an entirely new ISO, you can simply update to
the new mix you created from your client image.
There are some other tools, but mana pages for those are minimalistic,
at least, and documentation links lead to nowhere.
What I'm trying to achieve is to use an upstream version of Clearlinux, add
some packages and manage configuration files with Ansible. Is it even a
supported use case?
Please ignore the swupd_* binaries, as they're actually not intended to be run
What you're looking for is most appropriately enabled by mixer-integration using
swupd-add-pkg. A more verbose documentation page is going up in the very near future. This
essentially lets your ansible RPMs (ideally created to be compatible with Clear Linux) to
be automatically added to a very minimal local mix, which your official image can then
install regularly from with swupd bundle-add. If you ONLY want to add some packages that
already are provided by Clear,
The workflow would be something along the lines of:
$ mkdir -p /usr/share/mix
$ swupd-add-pkg <PKG you want> mybundle ( i.e swupd-add-pkg ansible mybundle)
$ swupd update --migrate
$ swupd bundle-add mybundle
*now you have your package installed*
It will show you're on the current upstream VER * 1000, and it will automatically
create a new update for you when upstream moves forward. If something breaks or you simply
want to get back to official, "clean" state, you can do
$ swupd verify --fix --force -m 20830 -C /usr/share/clear/update-ca/Swupd_Root.pem
$ rm -rf /usr/share/mix && rm /usr/share/defaults/swupd/mixed
-> this is assuming you were on version 20830 for example.
This is a WIP so any and all feedback is appreciated!
Dev mailing list