Add osbuild patch for org.osbuild.dmverity stage fix

This carries osbuild/osbuild#1845 until it gets
to Fedora so that we can unbreak secex builds.

Author: jlebon

Dockerfile

@@ -23,6 +23,7 @@ COPY ./ /root/containerbuild/
 RUN ./build.sh write_archive_info
 RUN ./build.sh make_and_makeinstall
 RUN ./build.sh configure_user
+RUN ./build.sh patch_osbuild
 
 # clean up scripts (it will get cached in layers, but oh well)
 WORKDIR /srv/

build.sh

@@ -22,6 +22,7 @@ if [ $# -gt 1 ]; then
   echo "    configure_yum_repos"
   echo "    install_rpms"
   echo "    make_and_makeinstall"
+  echo "    patch_osbuild"
   exit 1
 fi
 
@@ -160,6 +161,27 @@ write_archive_info() {
     prepare_git_artifacts "${srcdir}" /cosa/coreos-assembler-git.json /cosa/coreos-assembler-git.tar.gz
 }
 
+patch_osbuild() {
+    # Add a few patches that either haven't made it into a release or
+    # that will be obsoleted with other work that will be done soon.
+
+    # To make it easier to apply patches we'll move around the osbuild
+    # code on the system first:
+    rmdir /usr/lib/osbuild/osbuild
+    mv /usr/lib/python3.12/site-packages/osbuild /usr/lib/osbuild/
+    mkdir /usr/lib/osbuild/tools
+    mv /usr/bin/osbuild-mpp /usr/lib/osbuild/tools/
+
+    # Now all the software is under the /usr/lib/osbuild dir and we can patch
+    patch -d /usr/lib/osbuild -p1 < /usr/lib/coreos-assembler/0001-stages-dmverity-make-device-objects-more-generic.patch
+
+    # And then move the files back; supermin appliance creation will need it back
+    # in the places delivered by the RPM.
+    mv /usr/lib/osbuild/tools/osbuild-mpp /usr/bin/osbuild-mpp
+    mv /usr/lib/osbuild/osbuild /usr/lib/python3.12/site-packages/osbuild
+    mkdir /usr/lib/osbuild/osbuild
+}
+
 if [ $# -ne 0 ]; then
   # Run the function specified by the calling script
   ${1}
@@ -174,4 +196,5 @@ else
   install_ocp_tools
   trust_redhat_gpg_keys
   configure_user
+  patch_osbuild
 fi

src/0001-stages-dmverity-make-device-objects-more-generic.patch

@@ -0,0 +1,58 @@
+From 5ccbe720ace34866931e2af7f248d5e5c632f9da Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <[email protected]>
+Date: Wed, 14 Aug 2024 10:56:11 -0400
+Subject: [PATCH] stages/dmverity: make device objects more generic
+
+We need to pass loopback devices for these properties, but the schema
+says that there will be a `path` property, so osbuild complains.
+
+osbuild is right of course, but this definitely *did* work in an earlier
+version, so something changed. Ideally, we'd narrow down here what
+happened exactly, but at the same time this approach of just making the
+property more generic matches what's done in e.g. the `zipl.inst` stage
+where we also use a loopback device.
+
+For reference, this is where we use this stage:
+
+https://github.com/coreos/coreos-assembler/blob/ba45b296ec11734bafcae7728915016f17137a3d/src/osbuild-manifests/platform.qemu.ipp.yaml#L100-L119
+---
+ stages/org.osbuild.dmverity.meta.json | 20 ++------------------
+ 1 file changed, 2 insertions(+), 18 deletions(-)
+
+diff --git a/stages/org.osbuild.dmverity.meta.json b/stages/org.osbuild.dmverity.meta.json
+index 213b5855..4c470838 100644
+--- a/stages/org.osbuild.dmverity.meta.json
++++ b/stages/org.osbuild.dmverity.meta.json
+@@ -30,27 +30,11 @@
+       "properties": {
+         "data_device": {
+           "type": "object",
+-          "additionalProperties": false,
+-          "required": [
+-            "path"
+-          ],
+-          "properties": {
+-            "path": {
+-              "type": "string"
+-            }
+-          }
++          "additionalProperties": true
+         },
+         "hash_device": {
+           "type": "object",
+-          "additionalProperties": false,
+-          "required": [
+-            "path"
+-          ],
+-          "properties": {
+-            "path": {
+-              "type": "string"
+-            }
+-          }
++          "additionalProperties": true
+         }
+       }
+     }
+-- 
+2.46.0
+