From c14de7e80c994b1f8416c03ecb27587a4b89e729 Mon Sep 17 00:00:00 2001
From: jbtrystram <jbtrystram@redhat.com>
Date: Wed, 2 Oct 2024 18:17:09 +0200
Subject: [PATCH] [COS-2959] Add rhel-9.6 and ocp-rhel-9.6 variants

Right now these are pure centOS Stream 9 builds with a spoofed
`os-release` file.

For the ocp variant, pull the packages from the 9.4-4.18 repos.
https://issues.redhat.com/browse/COS-2959

[rhel-9.6] denylist expected failing testsas it's a fake rhel-9.6
This 9.6 rhel version is faked from centOS stream 9 so those tests are
expected to fail.
See https://github.com/openshift/os/issues/1635

denylist: exclude secureboot tests for rhel 9.6

secureboot does not work on c9s for now, so as this rhel 9.6 is
just c9s, it won't either.
denylist those tests until beta.
This is the same as https://github.com/openshift/os/commit/c95eedc70f963dd554519cc18afa44536cff715b
---
 README.md                    |   2 +
 ci/prow-entrypoint.sh        |   6 ++
 common.yaml                  |   4 ++
 extensions-ocp-rhel-9.6.yaml |   1 +
 extensions-rhel-9.6.yaml     |  94 +++++++++++++++++++++++++++++
 image-ocp-rhel-9.6.yaml      |   1 +
 image-rhel-9.6.yaml          |   1 +
 kola-denylist.yaml           |  16 +++++
 manifest-ocp-rhel-9.6.yaml   | 111 +++++++++++++++++++++++++++++++++++
 manifest-rhel-9.6.yaml       |  78 ++++++++++++++++++++++++
 10 files changed, 314 insertions(+)
 create mode 120000 extensions-ocp-rhel-9.6.yaml
 create mode 100644 extensions-rhel-9.6.yaml
 create mode 120000 image-ocp-rhel-9.6.yaml
 create mode 120000 image-rhel-9.6.yaml
 create mode 100644 manifest-ocp-rhel-9.6.yaml
 create mode 100644 manifest-rhel-9.6.yaml

diff --git a/README.md b/README.md
index e978b729..a37ab454 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,8 @@ supported:
 
 - `rhel-9.4`: RHEL 9.4-based CoreOS; without OpenShift components.
 - `ocp-rhel-9.4`: RHEL 9.4-based CoreOS; including OpenShift components.
+- `rhel-9.6`: RHEL 9.6-based CoreOS; without OpenShift components.
+- `ocp-rhel-9.6`: RHEL 9.6-based CoreOS; including OpenShift components.
 - `c9s`: CentOS Stream-based CoreOS, without OKD components.
 - `okd-c9s`: CentOS Stream-based CoreOS, including OpenShift components. This
   currently includes some packages from RHEL because not all packages required
diff --git a/ci/prow-entrypoint.sh b/ci/prow-entrypoint.sh
index 293ede1a..b8861c4f 100755
--- a/ci/prow-entrypoint.sh
+++ b/ci/prow-entrypoint.sh
@@ -73,6 +73,12 @@ prepare_repos() {
     # Figure out which version we're building
     rhelver=$(rpm-ostree compose tree --print-only "${manifest}" | jq -r '.["automatic-version-prefix"]' | cut -f2 -d.)
 
+    # XXX change to rhel 9.6 when beta is GA
+    # use 9.4 repos for 9.6
+    if [[ "${rhelver}" == "96" ]]; then
+        rhelver="94"
+    fi
+
     # Temporary workaround until we publish builds in the default path
     if [[ "${rhelver}" == "94" ]]; then
         prev_build_url="${REDIRECTOR_URL}/${ocpver}-9.4/builds/"
diff --git a/common.yaml b/common.yaml
index d0bc6749..d9c9c3fa 100644
--- a/common.yaml
+++ b/common.yaml
@@ -38,11 +38,15 @@ conditional-include:
     include: zram-no-defaults.yaml
   - if: osversion == "rhel-9.4"
     include: zram-no-defaults.yaml
+  - if: osversion == "rhel-9.6"
+    include: zram-no-defaults.yaml
   # Packages specific to el9
   - if: osversion == "c9s"
     include: fedora-coreos-config/manifests/shared-el9.yaml
   - if: osversion == "rhel-9.4"
     include: fedora-coreos-config/manifests/shared-el9.yaml
+  - if: osversion == "rhel-9.6"
+    include: fedora-coreos-config/manifests/shared-el9.yaml
 
 
 documentation: false
diff --git a/extensions-ocp-rhel-9.6.yaml b/extensions-ocp-rhel-9.6.yaml
new file mode 120000
index 00000000..62e20bee
--- /dev/null
+++ b/extensions-ocp-rhel-9.6.yaml
@@ -0,0 +1 @@
+extensions-rhel-9.6.yaml
\ No newline at end of file
diff --git a/extensions-rhel-9.6.yaml b/extensions-rhel-9.6.yaml
new file mode 100644
index 00000000..5b9e3807
--- /dev/null
+++ b/extensions-rhel-9.6.yaml
@@ -0,0 +1,94 @@
+# RPMs as operating system extensions, distinct from the base ostree commit/image
+# https://github.com/openshift/enhancements/blob/master/enhancements/rhcos/extensions.md
+# and https://github.com/coreos/fedora-coreos-tracker/issues/401
+
+extensions:
+  # https://issues.redhat.com/browse/RFE-4177
+  wasm:
+    architectures:
+      - x86_64
+      - aarch64
+    repos:
+      # XXX todo: swap to rhel 9.6 repos when beta is GA
+      # Ideally we would use content from c9s as it's the same as rhel 9.6 for now
+      # but this particular package does not exist there
+      - rhel-9.4-server-ose-4.18
+    packages:
+      - crun-wasm
+  # https://github.com/coreos/fedora-coreos-tracker/issues/1504
+  ipsec:
+    packages:
+      - libreswan
+      - NetworkManager-libreswan
+  # https://github.com/coreos/fedora-coreos-tracker/issues/326
+  usbguard:
+    packages:
+      - usbguard
+  kerberos:
+    packages:
+      - krb5-workstation
+      - libkadm5
+  # https://github.com/kmods-via-containers/kmods-via-containers/issues/3
+  # https://gitlab.cee.redhat.com/coreos/redhat-coreos/merge_requests/866
+  # These are currently overlaid onto the host so that they can be bind-mounted
+  # into build containers... in the future they should be a `development`
+  # extension: https://github.com/openshift/machine-config-operator/pull/2143.
+  kernel-devel:
+    packages:
+      - kernel-devel
+      - kernel-headers
+    match-base-evr: kernel
+  # These are already in the base, so they're not OS extensions, but they're
+  # useful to have in RPM form to install in kmod build containers.
+  kernel:
+    kind: development
+    packages:
+      - kernel
+      - kernel-core
+      - kernel-modules
+      - kernel-modules-extra
+    match-base-evr: kernel
+  # GRPA-2822
+  # https://github.com/openshift/machine-config-operator/pull/1330
+  # https://github.com/openshift/enhancements/blob/master/enhancements/support-for-realtime-kernel.md
+  kernel-rt:
+    architectures:
+      - x86_64
+    repos:
+      # XXX todo: swap to rhel 9.6 repos when beta is GA
+      - c9s-nfv
+    packages:
+      - kernel-rt-core
+      - kernel-rt-kvm
+      - kernel-rt-modules
+      - kernel-rt-modules-extra
+      - kernel-rt-devel
+    match-base-evr: kernel
+  # https://github.com/openshift/machine-config-operator/pull/2456
+  # https://github.com/openshift/enhancements/blob/master/enhancements/sandboxed-containers/sandboxed-containers-tech-preview.md
+  # GRPA-3123
+  # - kata-containers
+  sandboxed-containers:
+    architectures:
+      - x86_64
+      - s390x
+    repos:
+      # XXX ideally we would pull that from c9s as it's identical to rhel 9.6 for now
+      # but c9s does not build this for s390x so we have to pull it from rhel 9.4
+      # todo: swap to rhel 9.6 repos when beta is GA
+      - rhel-9.4-server-ose-4.18
+    packages:
+      - kata-containers
+  # https://issues.redhat.com/browse/COS-2402
+  kernel-64k:
+    architectures:
+      - aarch64
+    packages:
+      - kernel-64k-core
+      - kernel-64k-modules
+      - kernel-64k-modules-core
+      - kernel-64k-modules-extra
+  # https://issues.redhat.com/browse/COS-2940
+  sysstat:
+    packages:
+      - sysstat
diff --git a/image-ocp-rhel-9.6.yaml b/image-ocp-rhel-9.6.yaml
new file mode 120000
index 00000000..14763a25
--- /dev/null
+++ b/image-ocp-rhel-9.6.yaml
@@ -0,0 +1 @@
+image-rhel-9.6.yaml
\ No newline at end of file
diff --git a/image-rhel-9.6.yaml b/image-rhel-9.6.yaml
new file mode 120000
index 00000000..3abbf78c
--- /dev/null
+++ b/image-rhel-9.6.yaml
@@ -0,0 +1 @@
+image-rhel-9.4.yaml
\ No newline at end of file
diff --git a/kola-denylist.yaml b/kola-denylist.yaml
index e453eced..dd5d31b0 100644
--- a/kola-denylist.yaml
+++ b/kola-denylist.yaml
@@ -7,21 +7,25 @@
   tracker: https://github.com/openshift/os/issues/1237
   osversion:
     - c9s
+    - rhel-9.6
 
 - pattern: iso-live-login.uefi-secure
   tracker: https://github.com/openshift/os/issues/1237
   osversion:
     - c9s
+    - rhel-9.6
 
 - pattern: iso-as-disk.uefi-secure
   tracker: https://github.com/openshift/os/issues/1237
   osversion:
     - c9s
+    - rhel-9.6
 
 - pattern: fips.*
   tracker: https://github.com/openshift/os/issues/1540
   osversion:
     - c9s
+    - rhel-9.6
 
 # we're missing a cri-o rebuild for 4.17, which blocks on buildroot issues
 - pattern: ext.config.version.rhaos-pkgs-match-openshift
@@ -31,3 +35,15 @@
 # but not denylisted here so it can run on the rhcos pipeline
 #- pattern: iso-offline-install-iscsi.ibft.bios
 #  tracker: https://github.com/openshift/os/issues/1492
+
+# as it's a fake rhel build (from c9s) versions won't match
+- pattern: ext.config.version.rhel-major-version
+  tracker: https://github.com/openshift/os/issues/1635
+  snooze: 2025-01-01
+  osversion:
+    - rhel-9.6
+- pattern: ext.config.shared.content-origins
+  tracker: https://github.com/openshift/os/issues/1635
+  snooze: 2025-01-01
+  osversion:
+    - rhel-9.6
diff --git a/manifest-ocp-rhel-9.6.yaml b/manifest-ocp-rhel-9.6.yaml
new file mode 100644
index 00000000..7e7666b9
--- /dev/null
+++ b/manifest-ocp-rhel-9.6.yaml
@@ -0,0 +1,111 @@
+# Manifest for OCP node based on RHEL 9.6
+# Note: this manifest is temporary; in the future, OCP components will be layered instead.
+
+rojig:
+  license: MIT
+  name: rhcos
+  summary: OpenShift 4.18
+
+variables:
+  osversion: "rhel-9.6"
+
+# Include manifests common to all RHEL and CentOS Stream versions and manifest
+# common to RHEL 9 & C9S variants
+include:
+  - manifest-rhel-9.6.yaml
+  - packages-openshift.yaml
+
+# Additional repos we need for OCP components
+# right now we use rhel-9.4 OCP repos as RHEL 9.6 is not available yet
+repos:
+  - rhel-9.4-fast-datapath
+  - rhel-9.4-server-ose-4.18
+  - rhel-9.4-appstream
+  - c9s-extras-common
+  - c9s-sig-nfv
+  - c9s-nfv
+
+packages:
+ # RPM GPG keys for CentOS SIG repos
+  - centos-release-cloud-common
+  - centos-release-nfv-common
+  - centos-release-virt-common
+
+# We include hours/minutes to avoid version number reuse
+automatic-version-prefix: "418.96.<date:%Y%m%d%H%M>"
+# This ensures we're semver-compatible which OpenShift wants
+automatic-version-suffix: "-"
+# Keep this is sync with the version in postprocess
+mutate-os-release: "4.18"
+
+postprocess:
+  - |
+     #!/usr/bin/env bash
+     set -xeo pipefail
+
+     # Tweak /usr/lib/os-release
+     grep -v -e "OSTREE_VERSION" -e "OPENSHIFT_VERSION" /etc/os-release > /usr/lib/os-release.rhel
+     (
+     . /etc/os-release
+     cat > /usr/lib/os-release <<EOF
+     NAME="${NAME}"
+     ID="rhcos"
+     ID_LIKE="rhel fedora"
+     VERSION="${OSTREE_VERSION}"
+     VERSION_ID="${OPENSHIFT_VERSION}"
+     VARIANT="${VARIANT}"
+     VARIANT_ID=${VARIANT_ID}
+     PLATFORM_ID="${PLATFORM_ID}"
+     PRETTY_NAME="${NAME} ${OSTREE_VERSION}"
+     ANSI_COLOR="${ANSI_COLOR}"
+     CPE_NAME="${CPE_NAME}::coreos"
+     HOME_URL="${HOME_URL}"
+     DOCUMENTATION_URL="https://docs.okd.io/latest/welcome/index.html"
+     BUG_REPORT_URL="https://access.redhat.com/labs/rhir/"
+     REDHAT_BUGZILLA_PRODUCT="OpenShift Container Platform"
+     REDHAT_BUGZILLA_PRODUCT_VERSION="${OPENSHIFT_VERSION}"
+     REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform"
+     REDHAT_SUPPORT_PRODUCT_VERSION="${OPENSHIFT_VERSION}"
+     OPENSHIFT_VERSION="${OPENSHIFT_VERSION}"
+     RHEL_VERSION=9.6
+     OSTREE_VERSION="${OSTREE_VERSION}"
+     EOF
+     )
+     rm -f /etc/os-release
+     ln -s ../usr/lib/os-release /etc/os-release
+
+     # Tweak /etc/system-release, /etc/system-release-cpe & /etc/redhat-release
+     (
+     . /etc/os-release
+     cat > /usr/lib/system-release-cpe <<EOF
+     ${CPE_NAME}
+     EOF
+     cat > /usr/lib/system-release <<EOF
+     ${NAME} release ${VERSION_ID}
+     EOF
+     rm -f /etc/system-release-cpe /etc/system-release /etc/redhat-release
+     ln -s /usr/lib/system-release-cpe /etc/system-release-cpe
+     ln -s /usr/lib/system-release /etc/system-release
+     ln -s /usr/lib/system-release /etc/redhat-release
+     )
+
+     # Tweak /usr/lib/issue
+     cat > /usr/lib/issue <<EOF
+     \S \S{VERSION_ID}
+     EOF
+     rm -f /etc/issue /etc/issue.net
+     ln -s /usr/lib/issue /etc/issue
+     ln -s /usr/lib/issue /etc/issue.net
+
+# Packages pinned to specific repos in RHCOS 9
+repo-packages:
+  - repo: c9s-appstream
+    packages:
+      - nss-altfiles
+  - repo: rhel-9.4-server-ose-4.18
+    packages:
+      - conmon-rs
+      - cri-o
+      - cri-tools
+      - openshift-clients
+      - openshift-kubelet
diff --git a/manifest-rhel-9.6.yaml b/manifest-rhel-9.6.yaml
new file mode 100644
index 00000000..7f217cbb
--- /dev/null
+++ b/manifest-rhel-9.6.yaml
@@ -0,0 +1,78 @@
+# Manifest for RHCOS based on RHEL 9.6
+
+rojig:
+  license: MIT
+  name: rhcos
+  summary: RHEL CoreOS 9.6
+
+variables:
+  osversion: "rhel-9.6"
+
+# Include manifests common to all RHEL and CentOS Stream versions
+include:
+  - common.yaml
+
+# XXX todo: swap to rhel 9.6 repos when beta is GA
+# CentOS Stream 9 repos for now
+repos:
+  - c9s-baseos
+  - c9s-appstream
+
+# Eventually we should try to build these images as part of the RHEL composes.
+# In that case, the versioning should instead be exactly the same as the pungi
+# compose ID.
+automatic-version-prefix: "9.6.<date:%Y%m%d%H%M>"
+# This ensures we're semver-compatible which OpenShift wants
+automatic-version-suffix: "-"
+
+mutate-os-release: "9.6"
+
+# XXX todo: swap to rhel 9.6 repos when beta is GA
+repo-packages:
+  - repo: c9s-baseos
+    packages:
+     # We include the generic centos release package and fake the red hat os-release
+     # info in a post-process script
+     # XXX todo: swap to redhat-release once 9.6 beta is GA
+     - centos-stream-release
+
+# XXX remove once swapping to rhel 9.6 beta content
+# Fake out RHEL version in the os-release while waiting for RHEL-9.6 release.
+postprocess:
+  - |
+     #!/usr/bin/env bash
+     set -xeo pipefail
+
+     (
+     . /etc/os-release
+     cat > /usr/lib/os-release <<EOF
+     NAME="Red Hat Enterprise Linux CoreOS"
+     VERSION="${OSTREE_VERSION} (Plow)"
+     ID="rhel"
+     ID_LIKE="fedora"
+     VERSION="${OSTREE_VERSION}"
+     VARIANT="CoreOS"
+     VARIANT_ID=coreos
+     VERSION_ID="9.6"
+     PLATFORM_ID="platform:el9"
+     PRETTY_NAME="Red Hat Enterprise Linux CoreOS ${OSTREE_VERSION} (Plow)"
+     ANSI_COLOR="0;31"
+     LOGO="fedora-logo-icon"
+     CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
+     HOME_URL="https://www.redhat.com/"
+     DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
+     BUG_REPORT_URL="https://issues.redhat.com/"
+
+     REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
+     REDHAT_BUGZILLA_PRODUCT_VERSION=9.6
+     REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
+     REDHAT_SUPPORT_PRODUCT_VERSION="9.6"
+     OSTREE_VERSION="${OSTREE_VERSION}"
+     EOF
+     )
+
+
+      rm -f /etc/system-release /etc/os-release /etc/redhat-release
+      ln -s /usr/lib/os-release /etc/os-release
+      ln -s /usr/lib/os-release /etc/system-release
+      ln -s /usr/lib/os-release /etc/redhat-release