fix: use tar options to enable extraction on F40 based source (#15)

The solution which worked is to use docker buildx instead of buildah and podman push.

Other than swapping a two redhat actions for a single docker action, the main difference is piping our already generated tag list into the docker/metadata action so that the tags are docker/build-and-push friendly.

Side benefit, we can see what tags/registries we expect to push in the log out put for the metadata, even if not pushing.

Fixes: ublue-os/ucore#160

.github/workflows/build.yml

@@ -63,6 +63,15 @@ jobs:
 
           echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
 
+          # in addition to existing tag logic, add docker/metadata friendly tags
+          METADATA_TAGS=$(
+          for TAG in "${alias_tags[@]}"; do
+              echo "${TAG}"
+          done)
+          echo "METADATA_TAGS<<EOF" >> $GITHUB_ENV
+          echo "$METADATA_TAGS" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+
       - name: Retrieve akmods signing key
         run: |
           mkdir -p certs
@@ -83,61 +92,30 @@ jobs:
           echo "VERSION=$version" >> $GITHUB_OUTPUT
           echo "LINUX=$linux" >> $GITHUB_OUTPUT
 
+      # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
+      # https://github.com/macbre/push-to-ghcr/issues/12
+      - name: Lowercase Registry
+        id: registry_case
+        uses: ASzc/change-string-case-action@v5
+        with:
+          string: ${{ env.IMAGE_REGISTRY }}
+
       # Build metadata
       - name: Image Metadata
         uses: docker/metadata-action@v4
         id: meta
         with:
           images: |
-            ${{ env.IMAGE_NAME }}
+            ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}
           labels: |
             org.opencontainers.image.title=${{ env.IMAGE_NAME }}
             org.opencontainers.image.description=A caching layer for pre-built kmod RPMs
             org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }}
             ostree.linux=${{ steps.labels.outputs.LINUX }}
             io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
             io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4
-
-      # Build image using Buildah action
-      - name: Build Image
-        id: build_image
-        uses: redhat-actions/buildah-build@v2
-        with:
-          containerfiles: |
-            ./Containerfile
-          image: ${{ env.IMAGE_NAME }}
           tags: |
-            ${{ steps.generate-tags.outputs.alias_tags }}
-          build-args: |
-            SOURCE_IMAGE=${{ env.SOURCE_IMAGE }}
-            COREOS_VERSION=${{ matrix.coreos_version }}
-          labels: ${{ steps.meta.outputs.labels }}
-          oci: false
-
-      # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
-      # https://github.com/macbre/push-to-ghcr/issues/12
-      - name: Lowercase Registry
-        id: registry_case
-        uses: ASzc/change-string-case-action@v5
-        with:
-          string: ${{ env.IMAGE_REGISTRY }}
-
-      # Push the image to GHCR (Image Registry)
-      - name: Push To GHCR
-        uses: redhat-actions/push-to-registry@v2
-        id: push
-        if: github.event_name != 'pull_request'
-        env:
-          REGISTRY_USER: ${{ github.actor }}
-          REGISTRY_PASSWORD: ${{ github.token }}
-        with:
-          image: ${{ steps.build_image.outputs.image }}
-          tags: ${{ steps.build_image.outputs.tags }}
-          registry: ${{ steps.registry_case.outputs.lowercase }}
-          username: ${{ env.REGISTRY_USER }}
-          password: ${{ env.REGISTRY_PASSWORD }}
-          extra-args: |
-            --disable-content-trust
+            ${{ env.METADATA_TAGS }}
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
@@ -147,6 +125,20 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      # Build/push image using docker buildx action
+      - name: Build and Push Image
+        id: build_image
+        uses: docker/build-push-action@v5
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          context: .
+          file: ./Containerfile
+          build-args: |
+            SOURCE_IMAGE=${{ env.SOURCE_IMAGE }}
+            COREOS_VERSION=${{ matrix.coreos_version }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.meta.outputs.tags }}
+
       # Sign container
       - uses: sigstore/cosign-installer@v3.1.1
         if: github.event_name != 'pull_request'
@@ -156,11 +148,10 @@ jobs:
         run: |
           cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
         env:
-          TAGS: ${{ steps.push.outputs.digest }}
+          TAGS: ${{ steps.build_image.outputs.digest }}
           COSIGN_EXPERIMENTAL: false
           COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
 
       - name: Echo outputs
-        if: github.event_name != 'pull_request'
         run: |
-          echo "${{ toJSON(steps.push.outputs) }}"
+          echo "${{ toJSON(steps.build_image.outputs) }}"

build-kmod-zfs.sh

@@ -25,7 +25,8 @@ rpm-ostree install libtirpc-devel libblkid-devel libuuid-devel libudev-devel ope
 ### BUILD zfs
 echo "getting zfs-${ZFS_VERSION}.tar.gz"
 curl -L -O https://github.com/openzfs/zfs/releases/download/zfs-${ZFS_VERSION}/zfs-${ZFS_VERSION}.tar.gz
-tar xzf zfs-${ZFS_VERSION}.tar.gz
+# no-same-owner/no-same-permissions required for F40 based images building on podman 3.4.4 (ubuntu 22.04)
+tar -z -x --no-same-owner --no-same-permissions -f zfs-${ZFS_VERSION}.tar.gz
 
 # patch the zfs-kmod.spec.in file for older zfs versions
 ZFS_MAJ=$(echo $ZFS_VERSION | cut -f1 -d.)