konflux: enable hermetic builds#3723
Merged
joelcapitao merged 2 commits intocoreos:testing-develfrom Jan 20, 2026
Merged
Conversation
jbtrystram
changed the title
jbtrystram
force-pushed
the
hermetic_builds
branch
3 times, most recently
from
ef7b013 to
c1a33f6
Compare
joelcapitao
reviewed
Sep 16, 2025
joelcapitao
reviewed
Sep 16, 2025
jbtrystram
force-pushed
the
hermetic_builds
branch
6 times, most recently
from
a6fd835 to
5514868
Compare
Member
Author
|
/retest |
14 tasks
jbtrystram
force-pushed
the
hermetic_builds
branch
from
bc74fdb to
c226e34
Compare
Member
|
/test fedora-coreos-testing-devel-on-pull-request |
joelcapitao
reviewed
Sep 30, 2025
jbtrystram
force-pushed
the
hermetic_builds
branch
6 times, most recently
from
b2f34fd to
af8d40c
Compare
jbtrystram
changed the title
jbtrystram
force-pushed
the
hermetic_builds
branch
4 times, most recently
from
3105692 to
ca82cec
Compare
Member
Author
|
requires coreos/fedora-coreos-pipeline#1245 |
15 tasks
joelcapitao
added
jira
joelcapitao
force-pushed
the
hermetic_builds
branch
from
41de3e3 to
7698e16
Compare
Member
|
See c0abc9c#r171804321 the glib2 URL in coreos/coreos-assembler#4381 should fix the issue we are hitting |
joelcapitao
force-pushed
the
hermetic_builds
branch
from
7698e16 to
2f2bc40
Compare
Member
|
/retest |
joelcapitao
force-pushed
the
hermetic_builds
branch
2 times, most recently
from
ffe764a to
0b210f8
Compare
joelcapitao
added a commit
to joelcapitao/fedora-coreos-config
that referenced
this pull request
Dec 4, 2025
This commit should be removed as we'll rebase this PR on top of coreos#3723
Member
|
/retest |
1 similar comment
Member
|
/retest |
joelcapitao
force-pushed
the
hermetic_builds
branch
from
b2ec755 to
154b5fc
Compare
Member
|
/retest |
joelcapitao
force-pushed
the
hermetic_builds
branch
4 times, most recently
from
0a69b36 to
694c80f
Compare
Member
|
/retest |
1 similar comment
Member
|
/retest |
joelcapitao
force-pushed
the
hermetic_builds
branch
2 times, most recently
from
5771d25 to
8a475ae
Compare
jbtrystram
commented
Jan 6, 2026
In hermetic builds there is no access to the network. Detect this by looking for the `cachi2.repo` that is injected by konflux during the build. In this case we make sure to not use any of our own repo and rely on the repo created by hermeto.
joelcapitao
force-pushed
the
hermetic_builds
branch
from
8a475ae to
09d754c
Compare
dustymabe
reviewed
Jan 20, 2026
Comment on lines
+11
to
+15
| # cachi2 is the repo Konflux injects when hermetic build is enabled and | ||
| # is self-sufficient to pull all the required RPMs. | ||
| if [ ! -f "/etc/yum.repos.d/cachi2.repo" ]; then | ||
| cp /src/fedora-coreos-continuous.repo /etc/yum.repos.d | ||
| fi |
Member
There was a problem hiding this comment.
not copying the fedora-coreos-continuous repo here means the step below with --repo fedora-coreos-continuous will fail.
I wonder if the buildroot-prep stuff is just never going to work with hermetic?
OR - better, let's just fold calling buildroot-prep into build-rootfs as a another function that gets called (which shells out to the script). This means it can run after we call inject_yumrepos() and can use the hermeto repo to pull the RPM from if we want.
Member
There was a problem hiding this comment.
Good point, let's give a try.
But note that the line -repo fedora-coreos-continuous is not run at all since a while now. Actually, the whole script is noop at the moment. But we still need to support what you proposed for future need.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Using coreos/coreos-assembler#4298