From 750e020ce1a406398b3d3dc33915ca6be06e96fd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Sep 2023 06:05:34 +0000
Subject: [PATCH 1/3] build(deps): bump nix from 0.26.2 to 0.27.1

Bumps [nix](https://github.com/nix-rust/nix) from 0.26.2 to 0.27.1.
- [Changelog](https://github.com/nix-rust/nix/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nix-rust/nix/compare/v0.26.2...v0.27.1)

---
updated-dependencies:
- dependency-name: nix
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Cargo.lock | 17 +++--------------
 Cargo.toml |  2 +-
 2 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 4f1ff1f67..255fcdbf4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -844,15 +844,6 @@ version = "2.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f232d6ef707e1956a43342693d2a31e72989554d58299d7a88738cc95b0d35c"
 
-[[package]]
-name = "memoffset"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4"
-dependencies = [
- "autocfg",
-]
-
 [[package]]
 name = "mime"
 version = "0.3.17"
@@ -899,15 +890,13 @@ dependencies = [
 
 [[package]]
 name = "nix"
-version = "0.26.4"
+version = "0.27.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "598beaf3cc6fdd9a5dfb1630c2800c7acd31df7aaf0f565796fba2b53ca1af1b"
+checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053"
 dependencies = [
- "bitflags 1.3.2",
+ "bitflags 2.4.0",
  "cfg-if",
  "libc",
- "memoffset",
- "pin-utils",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 166518b0c..fe279525a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -63,7 +63,7 @@ hex = "^0.4"
 ignition-config = ">= 0.3, < 0.4"
 lazy_static = "^1.4"
 libc = "^0.2"
-nix = ">= 0.24, < 0.27"
+nix = ">= 0.24, < 0.28"
 nmstate = { version = ">= 2.2.3, < 3", default-features = false, features = ["gen_conf"] }
 openssl = "^0.10"
 pipe = ">= 0.3, < 0.5"

From e20b4c4f5aec0153e528c8cccd3bd6ef77e7ded6 Mon Sep 17 00:00:00 2001
From: Steven Presti <spresti@redhat.com>
Date: Fri, 8 Sep 2023 15:55:32 -0400
Subject: [PATCH 2/3] cargo: specify required features for Nix dependency

Nix 0.27 introduced a breaking change. To continue using Nix
specify the features required by coreos-installer.

See: https://github.com/nix-rust/nix/blob/master/CHANGELOG.md#0270---2023-08-28
---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index fe279525a..4275d54e9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -63,7 +63,7 @@ hex = "^0.4"
 ignition-config = ">= 0.3, < 0.4"
 lazy_static = "^1.4"
 libc = "^0.2"
-nix = ">= 0.24, < 0.28"
+nix = { version = ">= 0.24, < 0.28", "default_features" = false, "features" = [ "dir", "ioctl", "mount", "process", "sched", "signal", "user"] }
 nmstate = { version = ">= 2.2.3, < 3", default-features = false, features = ["gen_conf"] }
 openssl = "^0.10"
 pipe = ">= 0.3, < 0.5"

From 2247ffe1f8f64317da570a8d230bfc1ff782164b Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Mon, 11 Sep 2023 15:31:05 -0400
Subject: [PATCH 3/3] ci: run cosa unprivileged temporarily for virtiofs bug

As a temporary workaround for a virtiofs bug:
https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/197

xref: https://github.com/coreos/coreos-assembler/pull/3428
---
 .cci.jenkinsfile | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile
index 70a3b17ea..f774d7777 100644
--- a/.cci.jenkinsfile
+++ b/.cci.jenkinsfile
@@ -19,18 +19,31 @@ cosaPod(buildroot: true, runAsUser: 0) {
     // Make sure cosa is using the binary we just built.
     shwrap("rsync -rlv install/usr/ /usr/")
 
-    cosaBuild(skipKola: true, overlays: ["install"])
+    // XXX: temporarily build FCOS manually until virtiofs can work with uid 0
+    // https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/197
+    //cosaBuild(skipKola: true, overlays: ["install"])
+    shwrap("""
+        if [ "\$(id -u)" = 0 ]; then
+            exec runuser -u builder -- bash "\$0" "\$@"
+        fi
+        mkdir -p /srv/coreos && cd /srv/coreos
+        cosa init https://github.com/coreos/fedora-coreos-config
+        rsync -av ${env.WORKSPACE}/install/ /srv/coreos/overrides/rootfs
+        cosa fetch --strict
+        cosa build --strict --force
+    """)
+
     // Skipping kdump.crash due to CI failure in coreos-installer repo
     // https://github.com/coreos/fedora-coreos-tracker/issues/1075
     kola(extraArgs: "--denylist-test ext.config.kdump.crash")
 
     stage("Build metal+live") {
-        shwrap("cd /srv/coreos && cosa buildextend-metal")
-        shwrap("cd /srv/coreos && cosa buildextend-metal4k")
-        shwrap("cd /srv/coreos && cosa buildextend-live --fast")
+        shwrap("cd /srv/coreos && runuser -u builder -- cosa buildextend-metal")
+        shwrap("cd /srv/coreos && runuser -u builder -- cosa buildextend-metal4k")
+        shwrap("cd /srv/coreos && runuser -u builder -- cosa buildextend-live --fast")
         // Test metal with an uncompressed image and metal4k with a
         // compressed one
-        shwrap("cd /srv/coreos && cosa compress --fast --artifact=metal4k")
+        shwrap("cd /srv/coreos && runuser -u builder -- cosa compress --fast --artifact=metal4k")
     }
     stage("Test ISO") {
         // No need to run the iso-live-login/iso-as-disk scenarios