This documentation dives deeper into how a user can configure packages for installation inside the EIB image. Furthermore, it explains the RPM resolution process that EIB goes through so it can ensure that configured packages will be successfully installed even in an air-gapped environment.
EIB's RPM resolution process and package installation has been tested on the following x86_64 systems:
You can configure packages for installation in the following ways:
- Providing a
packageListconfiguration underoperatingSystem.packagesin the EIB image configuration file - Creating a
rpmsdirectory under EIB's configuration directory and provide local RPM files that you want to be installed on the image
To install a package using the packageList configuration, at a minimum you must configure the following under operatingSystem.packages:
- Valid package names under
packageList - Valid RPM repositories under
additionalReposor an SCC registration code undersccRegistrationCode
operatingSystem:
packages:
packageList:
- reiserfs-kmp-default-debuginfo
additionalRepos:
- url: https://download.opensuse.org/repositories/Kernel:/SLE15-SP5/pool
- url: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch
unsigned: trueNOTE: Before adding any repositories under
additionalRepos, make sure that they are signed with a valid GPG key. All non-signed additional repositories will cause EIB to fail unless they are explicitly labeled asunsigned.
operatingSystem:
packages:
packageList:
- wget2
sccRegistrationCode: <your-reg-code>Sometimes you may want to install RPM files that are not hosted in a repository. For this use-case, you should create the following set of directories under EIB's configuration directory:
rpms- Place your RPMs here. All RPMs in this directory will be checked for valid GPG signatures, included in the built image and installed during the combustion phase.NOTE: You must provide an
additionalReposentry or asccRegistrationCodein your EIB definition file if your RPMs are dependent on other packages.rpms/gpg-keys- Place all GPG keys that are used to sign your RPMs here. All GPG keys in this directory will be used when validating the GPG signatures of your RPMs. Trying to install RPMs that are unsigned or have unrecognized GPG keys will result in a failure of the EIB build process.
If you want to install an unsigned RPM, refer to the Installing unsigned packages section of this documentation.
EIB configuration directory tree:
.
├── eib-config-iso.yaml
├── base-images
│ └── SLE-Micro.x86_64-5.5.0-Default-RT-GM.raw
└── rpms
├── gpg-keys
│ └── reiserfs-kpm-default-debuginfo.key
└── reiserfs-kmp-default-debuginfo-5.14.21-150500.205.1.g8725a95.x86_64.rpmEIB config file packages configuration:
operatingSystem:
packages:
additionalRepos:
- url: https://download.opensuse.org/repositories/Kernel:/SLE15-SP5/poolEIB configuration directory tree:
.
├── eib-config-iso.yaml
├── base-images
│ └── SLE-Micro.x86_64-5.5.0-Default-RT-GM.raw
└── rpms
├── gpg-keys
│ └── git.key
└── git-2.35.3-150300.10.33.1.x86_64.rpmEIB config file packages configuration:
operatingSystem:
packages:
sccRegistrationCode: <your-reg-code>By default, EIB does GPG validation for every additional repository and side-loaded RPM.
If you wish to use unsigned additional repositories and/or unsigned RPMs you must add the noGPGCheck: true property to EIB's packages configuration, like so:
operatingSystem:
packages:
noGPGCheck: trueBy providing this configuration, all GPG validation will be disabled, allowing you to use non-signed packages.
NOTE: This property is intended for development purposes only. For production use-cases we encourage users to always use EIB's GPG validation.