├── .bumpversion.cfg
├── .editorconfig
├── .gitattributes
├── .github
    ├── PULL_REQUEST_TEMPLATE.md
    ├── dependabot.yml
    ├── issue_template.md
    └── workflows
    │   ├── lint.yml
    │   └── release.yml
├── .gitignore
├── .gitlab-ci.yml
├── .mergify.yml
├── .terraform-docs.yml
├── CHANGELOG.md
├── CONTRIBUTORS.md
├── Dockerfile
├── LICENSE
├── Makefile
├── Makefile.spel
├── README.md
├── build
    ├── build.sh
    ├── install.sh
    ├── post_build.sh
    ├── pre_build.sh
    └── vagrant
    │   ├── Makefile
    │   ├── README.md
    │   ├── build-spel-vagrant.pkr.hcl
    │   ├── build-spel-vagrant.sh
    │   └── buildspec-vagrant.yml
├── buildspec.yml
├── docs
    ├── BuildingEFIenabledEL8bootstrapAMIs.md
    ├── CONTRIBUTING.md
    ├── FAQ.md
    ├── LargerThanDefaultRootEBS_EL6.md
    ├── LargerThanDefaultRootEBS_EL7.md
    ├── OpenSSHandFIPS_EL8.md
    ├── Xdistro-CO8.md
    ├── Xdistro-OL8.md
    ├── buildIt-co8.txt
    └── buildIt-ol8.txt
├── manifests
    ├── spel-minimal-centos-9stream-hvm.amazon-ebssurrogate.manifest.txt
    ├── spel-minimal-ol-8-hvm.amazon-ebssurrogate.manifest.txt
    ├── spel-minimal-ol-9-hvm.amazon-ebssurrogate.manifest.txt
    ├── spel-minimal-rhel-8-hvm.amazon-ebssurrogate.manifest.txt
    └── spel-minimal-rhel-9-hvm.amazon-ebssurrogate.manifest.txt
├── spel
    ├── README.md
    ├── kickstarts
    │   └── ks.centos9stream.minimal.cfg
    ├── minimal-linux.pkr.hcl
    ├── scripts
    │   ├── amigen8-build.sh
    │   ├── amigen9-build.sh
    │   ├── base.sh
    │   ├── builder-prep-9.sh
    │   ├── cleanup.sh
    │   ├── dep.sh
    │   ├── free-root.sh
    │   ├── pivot-root.sh
    │   ├── retry.sh
    │   ├── vagrant.sh
    │   ├── virtualbox.sh
    │   ├── vmware.sh
    │   └── zerodisk.sh
    └── userdata
    │   └── userdata.cloud
└── tests
    ├── conftest.py
    ├── minimal-linux.pkr.hcl
    ├── requirements.txt
    ├── scripts
        └── grow_check.sh
    ├── test_ami.py
    └── userdata
        └── validation.cloud


/.bumpversion.cfg:
--------------------------------------------------------------------------------
 1 | [bumpversion]
 2 | current_version = 2025.05.1
 3 | commit = True
 4 | tag = False
 5 | tag_name = {new_version}
 6 | 
 7 | [bumpversion:part:minor]
 8 | values = 
 9 | 	01
10 | 	02
11 | 	03
12 | 	04
13 | 	05
14 | 	06
15 | 	07
16 | 	08
17 | 	09
18 | 	10
19 | 	11
20 | 	12
21 | 
22 | [bumpversion:part:release]
23 | values = 
24 | 	dev
25 | 
26 | [bumpversion:part:patch]
27 | first_value = 1
28 | 
29 | [bumpversion:file:README.md]
30 | 


--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
 1 | # see http://editorconfig.org
 2 | root = true
 3 | 
 4 | [*]
 5 | end_of_line = lf
 6 | trim_trailing_whitespace = true
 7 | insert_final_newline = true
 8 | indent_style = space
 9 | indent_size = 2
10 | charset = utf-8
11 | 
12 | [*.md]
13 | trim_trailing_whitespace = false
14 | 
15 | [*.py]
16 | indent_size = 4
17 | 
18 | [Makefile]
19 | indent_style = tab
20 | indent_size = 1
21 | 
22 | [Makefile.*]
23 | indent_style = tab
24 | indent_size = 1
25 | 
26 | [*.go]
27 | indent_style = tab
28 | indent_size = 1
29 | 
30 | [LICENSE]
31 | indent_size = none
32 | 
33 | [.bumpversion.cfg]
34 | trim_trailing_whitespace = false
35 | indent_style = tab
36 | indent_size = 1
37 | 


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
 1 | # Auto detect text files and perform LF normalization
 2 | * text eol=lf
 3 | 
 4 | # Custom for Visual Studio
 5 | *.cs     diff=csharp
 6 | *.sln    merge=union
 7 | *.csproj merge=union
 8 | *.vbproj merge=union
 9 | *.fsproj merge=union
10 | *.dbproj merge=union
11 | 
12 | # Standard to msysgit
13 | *.doc	 diff=astextplain
14 | *.DOC	 diff=astextplain
15 | *.docx diff=astextplain
16 | *.DOCX diff=astextplain
17 | *.dot  diff=astextplain
18 | *.DOT  diff=astextplain
19 | *.pdf  diff=astextplain
20 | *.PDF	 diff=astextplain
21 | *.rtf	 diff=astextplain
22 | *.RTF	 diff=astextplain
23 | 
24 | #===============
25 | #Personal git ignore settings
26 | #===============
27 | 


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Fixes # .
2 | 
3 | Changes offered/proposed in this pull request:
4 | - 
5 | - 
6 | - 
7 | 
8 | * New PR Alert to: @plus3it/spel
9 | 


--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
 1 | version: 2
 2 | updates:
 3 |   # Maintain dependencies for GitHub Actions
 4 |   - package-ecosystem: github-actions
 5 |     directory: /
 6 |     schedule:
 7 |       interval: weekly
 8 |     ignore:
 9 |       - dependency-name: "actions/checkout"
10 |         update-types: ["version-update:semver-major"]
11 |   # Maintain dependencies for dockerfiles
12 |   - package-ecosystem: docker
13 |     directory: /
14 |     schedule:
15 |       interval: weekly
16 |   - package-ecosystem: pip
17 |     directory: "/tests"
18 |     schedule:
19 |       interval: weekly
20 |     open-pull-requests-limit: 10
21 |     groups:
22 |       python:
23 |         patterns:
24 |           - "*"
25 | 


--------------------------------------------------------------------------------
/.github/issue_template.md:
--------------------------------------------------------------------------------
 1 | ### Expected behavior
 2 | 
 3 | 
 4 | 
 5 | 
 6 | ### Actual behavior
 7 | 
 8 | 
 9 | 
10 | 
11 | ### Steps to reproduce behavior
12 | 
13 | 
14 | 
15 | 
16 | ### Context/Specifications
17 | 
18 | Things like:
19 | - Template name
20 | - AWS Component
21 | - OS/AMI information
22 | 
23 | ### Suggestions for fix
24 | 
25 | 
26 | 
27 | 
28 | ### Relevant references
29 | - links to "best practices" or other guide(s)
30 | - ...
31 | - ...
32 | 


--------------------------------------------------------------------------------
/.github/workflows/lint.yml:
--------------------------------------------------------------------------------
 1 | name: Run lint and static analyis checks
 2 | on:
 3 |   pull_request:
 4 | 
 5 | concurrency:
 6 |   group: lint-${{ github.head_ref || github.ref }}
 7 |   cancel-in-progress: true
 8 | 
 9 | jobs:
10 |   lint:
11 |     uses: plus3it/actions-workflows/.github/workflows/lint.yml@78caa4f6a2b5426af0ade68fb706176ee58fda84
12 |     with:
13 |       tardigradelint-target: install/pip_requirements/tests/requirements.txt lint
14 | 


--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
 1 | name: Create GitHub Release
 2 | 
 3 | on:
 4 |   # Run on demand
 5 |   workflow_dispatch:
 6 | 
 7 |   # Run on push to main when .bumpversion.cfg version is updated
 8 |   push:
 9 |     branches:
10 |       - main
11 |       - master
12 |     paths:
13 |       - .bumpversion.cfg
14 | 
15 | jobs:
16 |   release:
17 |     uses: plus3it/actions-workflows/.github/workflows/release.yml@78caa4f6a2b5426af0ade68fb706176ee58fda84
18 |     secrets:
19 |       release-token: ${{ secrets.GH_RELEASES_TOKEN }}
20 |     with:
21 |       mockstacktest-enable: false
22 |       tardigradelint-target: install/pip_requirements/tests/requirements.txt lint
23 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Windows image file caches
 2 | Thumbs.db
 3 | ehthumbs.db
 4 | 
 5 | # Folder config file
 6 | Desktop.ini
 7 | 
 8 | # Recycle Bin used on file shares
 9 | $RECYCLE.BIN/
10 | 
11 | # Windows Installer files
12 | *.cab
13 | *.msi
14 | *.msm
15 | *.msp
16 | 
17 | # Windows shortcuts
18 | *.lnk
19 | 
20 | # =========================
21 | # Operating System Files
22 | # =========================
23 | 
24 | # OSX
25 | # =========================
26 | 
27 | .DS_Store
28 | .AppleDouble
29 | .LSOverride
30 | 
31 | # Thumbnails
32 | ._*
33 | 
34 | # Files that might appear on external disk
35 | .Spotlight-V100
36 | .Trashes
37 | 
38 | # Directories potentially created on remote AFP share
39 | .AppleDB
40 | .AppleDesktop
41 | Network Trash Folder
42 | Temporary Items
43 | .apdisk
44 | 
45 | 
46 | # =========================
47 | # My local exclusions
48 | # =========================
49 | 
50 | *.bundle
51 | packer_cache
52 | .vagrant
53 | .spel
54 | !.spel/.gitkeep
55 | *.zip
56 | *.exe
57 | /packer
58 | __pycache__
59 | *vendor/
60 | *.terraform/
61 | .idea
62 | .terraform.lock.hcl
63 | *.log
64 | terraform.tfstate*
65 | go.*
66 | tardigrade-ci
67 | .tardigrade-ci
68 | *.pem
69 | 


--------------------------------------------------------------------------------
/.gitlab-ci.yml:
--------------------------------------------------------------------------------
 1 | before_script:
 2 |   - touch .variables
 3 |   - apt-get update
 4 |   - apt-get -y install python-pip python-dev build-essential
 5 |   - pip install awscli --upgrade
 6 |   - test $SPEL_CI == "true" && echo "export SPEL_VERSION=$(date +%Y.%m.dev%s)" >> .variables || true
 7 | 
 8 | commercial_build_job:
 9 |   variables:
10 |     AWS_REGION: "us-east-1"
11 |     SOURCE_AMI_CENTOS7_HVM: "ami-090b9dabe1c9f40b3"
12 |     SOURCE_AMI_RHEL7_HVM: "ami-0394fe9914b475c53"
13 |   script:
14 |     - source .variables
15 |     - make
16 | 
17 | govcloud_build_job:
18 |   variables:
19 |     AWS_REGION: "us-gov-west-1"
20 |     SOURCE_AMI_CENTOS7_HVM: "ami-faae349b"
21 |     SOURCE_AMI_RHEL7_HVM: "ami-91d649f0"
22 |     SPEL_SSM_ACCESS_KEY: "/spel/govcloud/access-key"
23 |     SPEL_SSM_SECRET_KEY: "/spel/govcloud/secret-key"
24 |   script:
25 |     - source .variables
26 |     - make
27 | 
28 | after_script:
29 |   - source .variables
30 |   - make post_build
31 | 


--------------------------------------------------------------------------------
/.mergify.yml:
--------------------------------------------------------------------------------
 1 | pull_request_rules:
 2 |   - name: approve dependabot pull requests
 3 |     conditions:
 4 |       - author=dependabot[bot]
 5 |     actions:
 6 |       review:
 7 |         type: APPROVE
 8 | 
 9 |   - name: comment to start codebuild jobs
10 |     conditions:
11 |       - author=dependabot[bot]
12 |       - "#approved-reviews-by>=1"
13 |     actions:
14 |       comment:
15 |         message: go codebuild go
16 | 
17 |   # - name: comment to start vagrant job
18 |   #   conditions:
19 |   #     - author=dependabot[bot]
20 |   #     - "#approved-reviews-by>=1"
21 |   #   actions:
22 |   #     comment:
23 |   #       message: go vagrant go
24 | 
25 |   - name: merge dependabot pull requests
26 |     conditions:
27 |       - author=dependabot[bot]
28 |       - "#approved-reviews-by>=1"
29 |       # Must pass codebuild jobs before merge
30 |       - status-success=codebuild/p3-spel-commercial-ci/pr
31 |       - status-success=codebuild/p3-spel-govcloud-ci/pr
32 |       # - status-success=codebuild/p3-spel-vagrant-ci/pr
33 |     actions:
34 |       merge:
35 |         method: merge
36 | 


--------------------------------------------------------------------------------
/.terraform-docs.yml:
--------------------------------------------------------------------------------
 1 | formatter: markdown table  # required
 2 | 
 3 | sections:
 4 |   hide:
 5 |     - data-sources
 6 |     - modules
 7 |     - outputs
 8 |     - providers
 9 |     - resources
10 |     - requirements
11 | 
12 | settings:
13 |   indent: 3
14 | 
15 | sort:
16 |   by: required
17 | 
18 | output:
19 |   template: |-
20 |     <!-- BEGIN TFDOCS -->
21 |     {{ .Content }}
22 | 
23 |     <!-- END TFDOCS -->
24 | 


--------------------------------------------------------------------------------
/CONTRIBUTORS.md:
--------------------------------------------------------------------------------
1 | # Contributors:
2 | 
3 | * Maintainers of plus3it/spel (Plus3 IT Systems)
4 | * Gregory M. Dulin (Striveworks Inc.) (g.dulin@striveworks.us)
5 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM plus3it/tardigrade-ci:0.27.0
2 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 |    Copyright 2016 Maintainers of stig-part-minimal-linux
 2 | 
 3 |    Licensed under the Apache License, Version 2.0 (the "License");
 4 |    you may not use this project except in compliance with the License.
 5 |    You may obtain a copy of the License at
 6 | 
 7 |        http://www.apache.org/licenses/LICENSE-2.0
 8 | 
 9 |    Unless required by applicable law or agreed to in writing, software
10 |    distributed under the License is distributed on an "AS IS" BASIS,
11 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 |    See the License for the specific language governing permissions and
13 |    limitations under the License.
14 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | TFDOCS_PATH = spel
2 | 
3 | include $(shell test -f .tardigrade-ci || curl -sSL -o .tardigrade-ci "https://raw.githubusercontent.com/plus3it/tardigrade-ci/master/bootstrap/Makefile.bootstrap"; echo .tardigrade-ci)
4 | 


--------------------------------------------------------------------------------
/Makefile.spel:
--------------------------------------------------------------------------------
 1 | SHELL := /bin/bash
 2 | 
 3 | PACKER_ZIP ?= https://releases.hashicorp.com/packer/$(PACKER_VERSION)/packer_$(PACKER_VERSION)_linux_amd64.zip
 4 | PACKER_LOG ?= '1'
 5 | PACKER_LOG_PATH = .spel/$(SPEL_VERSION)/packer.log
 6 | CHECKPOINT_DISABLE ?= '1'
 7 | SPEL_CI ?= false
 8 | SPEL_BUILDERS ?= amazon-ebssurrogate.minimal-rhel-8-hvm,amazon-ebssurrogate.minimal-centos-8stream-hvm,amazon-ebssurrogate.minimal-ol-8-hvm
 9 | BUILDER_REGION = $(or $(PKR_VAR_aws_region),$(AWS_REGION))
10 | export PATH := $(HOME)/bin:$(PATH)
11 | 
12 | export PKR_VAR_spel_deprecation_lifetime ?= 8760h
13 | 
14 | # The `pre_build`, `build`, and `post_build` targets all use packer in a way that
15 | # supports both Commercial and GovCloud partitions. For GovCloud, the `install`
16 | # target is used to setup an aws profile with credentials retrieved from SSM. For
17 | # the Commercial partition, the profile is created but the credentials are sourced
18 | # from the execution environment (meaning your workstation or CodeBuild).
19 | 
20 | # Due to the use of an aws profile, when running interactively, it is required
21 | # to export AWS_PROFILE with a valid profile. For CodeBuild CI, it is set to $SPEL_IDENTIFIER,
22 | # and `make install` will create it.
23 | 
24 | .PHONY: all install pre_build build post_build docs
25 | .EXPORT_ALL_VARIABLES:
26 | 
27 | $(info SPEL_IDENTIFIER=$(SPEL_IDENTIFIER))
28 | $(info SPEL_VERSION=$(SPEL_VERSION))
29 | 
30 | ifndef SPEL_IDENTIFIER
31 | $(error SPEL_IDENTIFIER is not set)
32 | endif
33 | 
34 | ifndef SPEL_VERSION
35 | $(error SPEL_VERSION is not set)
36 | else
37 | $(shell mkdir -p ".spel/$(SPEL_VERSION)")
38 | endif
39 | 
40 | ifeq ($(SPEL_CI),true)
41 | export PKR_VAR_aws_ami_groups = []
42 | export PKR_VAR_aws_ami_regions = ["$(BUILDER_REGION)"]
43 | endif
44 | 
45 | all: build
46 | 
47 | docs/lint:
48 | 	$(MAKE) -f Makefile docs/lint
49 | 
50 | docs/generate:
51 | 	$(MAKE) -f Makefile docs/generate
52 | 
53 | install:
54 | 	$(MAKE) -f Makefile packer/install
55 | 	bash -eo pipefail ./build/install.sh
56 | 
57 | # The profile and region envs are used only by the `pre_build`, `build`, and `post_build`
58 | # targets. For the region targets, do not use "?=" because we *always* want to
59 | # override this in codebuild. We cannot set these in the buildspec because that
60 | # breaks codebuild when building for GovCloud.
61 | pre_build build post_build: export AWS_PROFILE ?= $(SPEL_IDENTIFIER)
62 | pre_build build post_build: export AWS_DEFAULT_REGION := $(BUILDER_REGION)
63 | pre_build build post_build: export AWS_REGION := $(BUILDER_REGION)
64 | 
65 | # Set the source security group cidr
66 | pre_build build post_build: export PKR_VAR_aws_temporary_security_group_source_cidrs = ["$(shell curl -sSL https://checkip.amazonaws.com)/32"]
67 | 
68 | pre_build:
69 | 	bash ./build/pre_build.sh
70 | 
71 | build: pre_build
72 | 	bash ./build/build.sh
73 | 
74 | post_build:
75 | 	bash ./build/post_build.sh
76 | 


--------------------------------------------------------------------------------
/build/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Do not use `set -e`, as we handle the errexit in the script
 3 | set -u -o pipefail
 4 | 
 5 | echo "==========STARTING BUILD=========="
 6 | echo "Building packer template, spel/minimal-linux.pkr.hcl"
 7 | 
 8 | packer build \
 9 |     -only "${SPEL_BUILDERS:?}" \
10 |     -var "spel_identifier=${SPEL_IDENTIFIER:?}" \
11 |     -var "spel_version=${SPEL_VERSION:?}" \
12 |     spel/minimal-linux.pkr.hcl
13 | 
14 | BUILDEXIT=$?
15 | 
16 | FAILED_BUILDS=()
17 | SUCCESS_BUILDS=()
18 | 
19 | for BUILDER in ${SPEL_BUILDERS//,/ }; do
20 |     BUILD_NAME="${BUILDER//*./}"
21 |     AMI_NAME="${SPEL_IDENTIFIER}-${BUILD_NAME}-${SPEL_VERSION}.x86_64-gp3"
22 |     BUILDER_ENV="${BUILDER//[.-]/_}"
23 |     BUILDER_AMI=$(aws ec2 describe-images --filters Name=name,Values="$AMI_NAME" --query 'Images[0].ImageId' --out text)
24 |     if [[ "$BUILDER_AMI" == "None" ]]
25 |     then
26 |         FAILED_BUILDS+=("$BUILDER")
27 |     else
28 |         SUCCESS_BUILDS+=("$BUILDER")
29 |         export "$BUILDER_ENV"="$BUILDER_AMI"
30 |     fi
31 | done
32 | 
33 | if [[ -n "${SUCCESS_BUILDS:-}" ]]
34 | then
35 |     SUCCESS_BUILDERS=$(IFS=, ; echo "${SUCCESS_BUILDS[*]}")
36 |     echo "Successful builds being tested: ${SUCCESS_BUILDERS}"
37 |     packer build \
38 |         -only "${SUCCESS_BUILDERS//amazon-ebssurrogate./amazon-ebs.}" \
39 |         -var "spel_identifier=${SPEL_IDENTIFIER:?}" \
40 |         -var "spel_version=${SPEL_VERSION:?}" \
41 |         tests/minimal-linux.pkr.hcl
42 | fi
43 | 
44 | TESTEXIT=$?
45 | 
46 | if [[ $BUILDEXIT -ne 0 ]]; then
47 |     FAILED_BUILDERS=$(IFS=, ; echo "${FAILED_BUILDS[*]}")
48 |     echo "ERROR: Failed builds: ${FAILED_BUILDERS}"
49 |     echo "ERROR: Build failed. Scroll up past the test to see the packer error and review the build logs."
50 |     exit $BUILDEXIT
51 | fi
52 | 
53 | if [[ $TESTEXIT -ne 0 ]]; then
54 |     echo "ERROR: Test failed. Review the test logs for the error."
55 |     exit $TESTEXIT
56 | fi
57 | 


--------------------------------------------------------------------------------
/build/install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -eu -o pipefail
 3 | 
 4 | echo "==========STARTING INSTALL========="
 5 | 
 6 | # Check if $SPEL_SSM_ACCESS_KEY is not empty
 7 | if [[ -n "${SPEL_SSM_ACCESS_KEY:-}" ]]; then
 8 |     SSM_ACCESS_KEY=$(aws ssm get-parameters --name "$SPEL_SSM_ACCESS_KEY" --with-decryption --query 'Parameters[0].Value' --out text)
 9 |     if [[ "$SSM_ACCESS_KEY" == "None" ]]; then
10 |         echo "SSM_ACCESS_KEY is undefined"; exit 1
11 |     else
12 |         aws configure set aws_access_key_id "$SSM_ACCESS_KEY" --profile "$SPEL_IDENTIFIER"
13 |     fi
14 | 
15 |     SSM_SECRET_KEY=$(aws ssm get-parameters --name "$SPEL_SSM_SECRET_KEY" --with-decryption --query 'Parameters[0].Value' --out text)
16 |     if [[ "$SSM_SECRET_KEY" == "None" ]]; then
17 |         echo "SSM_SECRET_KEY is undefined"; exit 1
18 |     else
19 |         aws configure set aws_secret_access_key "$SSM_SECRET_KEY" --profile "$SPEL_IDENTIFIER"
20 |     fi
21 | elif [[ -n "${AWS_ACCESS_KEY_ID:-}" ]]; then
22 |     aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID" --profile "$SPEL_IDENTIFIER"
23 |     aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY" --profile "$SPEL_IDENTIFIER"
24 | fi
25 | 
26 | # Setup the profile region
27 | aws configure set region "${PKR_VAR_aws_region:?}" --profile "$SPEL_IDENTIFIER"
28 | 


--------------------------------------------------------------------------------
/build/post_build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -eu -o pipefail
 3 | 
 4 | echo "==========STARTING POST_BUILD=========="
 5 | 
 6 | if [[ "${SPEL_CI:?}" = "true" ]]; then
 7 |     for BUILDER in ${SPEL_BUILDERS//,/ }; do
 8 |         BUILD_NAME="${BUILDER//*./}"
 9 |         AMI_NAME="${SPEL_IDENTIFIER}-${BUILD_NAME}-${SPEL_VERSION}.x86_64-gp3"
10 |         AMI_ID=$(aws ec2 describe-images --owners self --filters Name=name,Values="$AMI_NAME" --query 'Images[0].ImageId' --out text)
11 | 
12 |         if [[ "$AMI_ID" != "None" ]]; then
13 |             SNAPSHOT_ID=$(aws ec2 describe-images --image-id "$AMI_ID" --query Images[0].BlockDeviceMappings[0].Ebs.SnapshotId --out text)
14 |             echo "Trying to deregister AMI: ${AMI_NAME}:${AMI_ID} in ${AWS_REGION}"
15 |             aws ec2 deregister-image --image-id "$AMI_ID"
16 |             echo "Trying to delete SNAPSHOT: ${SNAPSHOT_ID} in ${AWS_REGION}"
17 |             aws ec2 delete-snapshot --snapshot-id "$SNAPSHOT_ID"
18 |         fi
19 |     done
20 | fi
21 | 
22 | echo "Packer build completed on $(date)"
23 | 


--------------------------------------------------------------------------------
/build/pre_build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -eu -o pipefail
 3 | 
 4 | echo "==========STARTING PRE_BUILD=========="
 5 | echo "Installing required plugins in packer template, spel/minimal-linux.pkr.hcl"
 6 | 
 7 | packer init spel/minimal-linux.pkr.hcl
 8 | 
 9 | echo "Validating packer template, spel/minimal-linux.pkr.hcl"
10 | 
11 | packer validate \
12 |     -only "${SPEL_BUILDERS:?}" \
13 |     -var "spel_identifier=${SPEL_IDENTIFIER:?}" \
14 |     -var "spel_version=${SPEL_VERSION:?}" \
15 |     spel/minimal-linux.pkr.hcl
16 | 


--------------------------------------------------------------------------------
/build/vagrant/Makefile:
--------------------------------------------------------------------------------
 1 | SHELL := /bin/bash
 2 | 
 3 | ISO_URL_CENTOS9STREAM_BASE ?= http://mirror.facebook.net/centos-stream/9-stream/BaseOS/x86_64/iso
 4 | ISO_URL_CENTOS9STREAM_FILTER ?= grep -Po '(?<=href=")CentOS-Stream-9-latest-x86_64-boot.iso(?=")' | sort -r | head -1
 5 | 
 6 | CODEBUILD_SOURCE_REPO_URL ?= https://github.com/plus3it/spel.git
 7 | CODEBUILD_SOURCE_VERSION  ?= dependabot/docker/plus3it/master
 8 | 
 9 | SPEL_CI ?= false
10 | SPEL_IDENTIFIER ?= spel
11 | 
12 | export PATH := $(HOME)/bin:$(PATH)
13 | 
14 | .PHONY: all install pre_build build post_build
15 | .EXPORT_ALL_VARIABLES:
16 | 
17 | # Set SPEL_VERSION if SPEL_CI is "true"
18 | ifeq ($(SPEL_CI),true)
19 | SPEL_VERSION := $(or $(SPEL_VERSION),$(shell date +%Y.%m.dev%s))
20 | endif
21 | 
22 | # Exit with error if SPEL_VERSION is not set
23 | ifndef SPEL_VERSION
24 | $(error [make]: Must set one of SPEL_VERSION, or SPEL_CI=true!)
25 | endif
26 | 
27 | $(info SPEL_IDENTIFIER=$(SPEL_IDENTIFIER))
28 | $(info SPEL_VERSION=$(SPEL_VERSION))
29 | 
30 | all: build
31 | 
32 | install:
33 | 	$(MAKE) -f ../../Makefile packer/install
34 | 
35 | build: export PACKER_LOG = 1
36 | build: export PACKER_LOG_PATH = .spel/$(SPEL_VERSION)/packer.build-spel-vagrant.log
37 | build: export PACKER_LOG_DIR = $(dir $(PACKER_LOG_PATH))
38 | build: export PKR_VAR_aws_temporary_security_group_source_cidrs = ["$(shell curl -sSL https://checkip.amazonaws.com)/32"]
39 | build: export PKR_VAR_virtualbox_iso_url_centos9stream ?= $(ISO_URL_CENTOS9STREAM_BASE)/$(shell curl -sSL $(ISO_URL_CENTOS9STREAM_BASE) | $(ISO_URL_CENTOS9STREAM_FILTER))
40 | 
41 | build:
42 | 	mkdir -p "$(PACKER_LOG_DIR)"
43 | 	packer init build-spel-vagrant.pkr.hcl
44 | 	packer build \
45 | 		-var spel_ci=$(SPEL_CI) \
46 | 		-var spel_identifier=$(SPEL_IDENTIFIER) \
47 | 		-var spel_repo_url=$(CODEBUILD_SOURCE_REPO_URL) \
48 | 		-var spel_repo_commit=$(CODEBUILD_SOURCE_VERSION) \
49 | 		-var spel_version=$(SPEL_VERSION) \
50 | 		-var packer_version=$(PACKER_VERSION) \
51 | 		build-spel-vagrant.pkr.hcl
52 | 	@if [[ "$(SPEL_CI)" = "true" ]]; then \
53 | 		echo "Moving "$(PACKER_LOG_DIR)" to .spel/ci" ;\
54 | 		mkdir -p .spel/ci ;\
55 | 		rm -rf .spel/ci/$(SPEL_VERSION); \
56 | 		mv "$(PACKER_LOG_DIR)" .spel/ci ;\
57 | 	fi
58 | 


--------------------------------------------------------------------------------
/build/vagrant/README.md:
--------------------------------------------------------------------------------
 1 | # spel-vagrant
 2 | 
 3 | Project that allows for a vagrant box to be created using the SPEL AMI. Specifically, this project creates a 'metal' box within AWS, installs the virtualization tools, and creates a vagrant box.
 4 | 
 5 | # environment variables
 6 | 
 7 | There are a number of environment variables that are needed within the CodeBuild job for it to execute successfully
 8 | 
 9 | * AWS_REGION
10 | * SPEL_IDENTIFIER - namespace for the image
11 | * SPEL_VERSION - version for the image
12 | * VAGRANT_CLOUD_TOKEN - token with write permission to the vagrant cloud account
13 | 


--------------------------------------------------------------------------------
/build/vagrant/build-spel-vagrant.pkr.hcl:
--------------------------------------------------------------------------------
  1 | packer {
  2 |   required_plugins {
  3 |     amazon = {
  4 |       source  = "github.com/hashicorp/amazon"
  5 |       version = "~> 1"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | variable "aws_instance_type" {
 11 |   type    = string
 12 |   default = "c5n.metal"
 13 | }
 14 | 
 15 | variable "aws_temporary_security_group_source_cidrs" {
 16 |   type    = list(string)
 17 |   default = ["0.0.0.0/0"]
 18 | }
 19 | 
 20 | variable "packer_version" {
 21 |   type    = string
 22 |   default = ""
 23 | }
 24 | 
 25 | variable "spel_ci" {
 26 |   type    = bool
 27 |   default = false
 28 | }
 29 | 
 30 | variable "spel_identifier" {
 31 |   type = string
 32 | }
 33 | 
 34 | variable "spel_repo_commit" {
 35 |   type    = string
 36 |   default = "master"
 37 | }
 38 | 
 39 | variable "spel_repo_url" {
 40 |   type    = string
 41 |   default = "https://github.com/plus3it/spel.git"
 42 | }
 43 | 
 44 | variable "spel_version" {
 45 |   type = string
 46 | }
 47 | 
 48 | variable "vagrant_cloud_token" {
 49 |   type    = string
 50 |   default = env("VAGRANT_CLOUD_TOKEN")
 51 | }
 52 | 
 53 | variable "vagrant_cloud_user" {
 54 |   type    = string
 55 |   default = "plus3it"
 56 | }
 57 | 
 58 | variable "virtualbox_iso_url_centos9stream" {
 59 |   type = string
 60 | }
 61 | 
 62 | source "amazon-ebs" "ubuntu" {
 63 |   ami_name                    = "builder-${var.spel_identifier}-vagrant-${var.spel_version}.x86_64-gp3"
 64 |   associate_public_ip_address = true
 65 |   communicator                = "ssh"
 66 |   force_deregister            = true
 67 |   instance_type               = var.aws_instance_type
 68 |   launch_block_device_mappings {
 69 |     delete_on_termination = true
 70 |     device_name           = "/dev/sda1"
 71 |     volume_size           = 16
 72 |     volume_type           = "gp3"
 73 |   }
 74 |   max_retries            = 20
 75 |   skip_create_ami        = true
 76 |   skip_save_build_region = true
 77 |   source_ami_filter {
 78 |     filters = {
 79 |       architecture        = "x86_64"
 80 |       name                = "ubuntu/images/hvm-ssd/ubuntu-*-22.04-amd64-server-*"
 81 |       root-device-type    = "ebs"
 82 |       virtualization-type = "hvm"
 83 |     }
 84 |     owners      = ["099720109477"]
 85 |     most_recent = true
 86 |   }
 87 |   ssh_port                              = 22
 88 |   ssh_pty                               = true
 89 |   ssh_username                          = "ubuntu"
 90 |   temporary_security_group_source_cidrs = var.aws_temporary_security_group_source_cidrs
 91 | }
 92 | 
 93 | build {
 94 |   sources = ["amazon-ebs.ubuntu"]
 95 | 
 96 |   provisioner "shell" {
 97 |     environment_vars = [
 98 |       "PACKER_NO_COLOR=1",
 99 |       "PACKER_VERSION=${var.packer_version}",
100 |       "SPEL_CI=${var.spel_ci}",
101 |       "SPEL_IDENTIFIER=${var.spel_identifier}",
102 |       "SPEL_REPO_COMMIT=${var.spel_repo_commit}",
103 |       "SPEL_REPO_URL=${var.spel_repo_url}",
104 |       "SPEL_VERSION=${var.spel_version}",
105 |       "VAGRANT_CLOUD_TOKEN=${var.vagrant_cloud_token}",
106 |       "VAGRANT_CLOUD_USER=${var.vagrant_cloud_user}",
107 |       "VIRTUALBOX_ISO_URL_CENTOS9STREAM=${var.virtualbox_iso_url_centos9stream}",
108 |     ]
109 |     execute_command = "{{ .Vars }} sudo -E /bin/bash '{{ .Path }}'"
110 |     scripts = [
111 |       "${path.root}/build-spel-vagrant.sh",
112 |     ]
113 |   }
114 | 
115 |   provisioner "file" {
116 |     destination = ".spel/"
117 |     direction   = "download"
118 |     source      = "/tmp/spel/.spel/${var.spel_version}/"
119 |   }
120 | }
121 | 


--------------------------------------------------------------------------------
/build/vagrant/build-spel-vagrant.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -eu -o pipefail
 3 | 
 4 | # internal vars
 5 | CLONE_DIR=/tmp/spel
 6 | 
 7 | if [[ "${SPEL_CI:?}" = "true" ]]
 8 | then
 9 |     # CI build will skip vagrant-cloud post-provisioner
10 |     EXCEPT_STEP="vagrant-cloud"
11 |     export EXCEPT_STEP
12 | fi
13 | 
14 | if [[ -z "${PACKER_VERSION:-}" ]]
15 | then
16 |     unset PACKER_VERSION
17 | fi
18 | 
19 | # update PATH
20 | export PATH="${HOME}/bin:${PATH}"
21 | 
22 | # update machine
23 | /usr/bin/cloud-init status --wait
24 | sudo apt-get update && sudo apt-get install -y \
25 |     jq \
26 |     vagrant \
27 |     virtualbox \
28 |     virtualbox-guest-additions-iso
29 | 
30 | # download spel
31 | git clone "${SPEL_REPO_URL:?}" "$CLONE_DIR"
32 | cd "$CLONE_DIR"
33 | 
34 | if [[ -n "${SPEL_REPO_COMMIT:-}" ]] ; then
35 |     # decide whether to switch to pull request or a branch
36 |     echo "SOURCE_COMMIT = ${SPEL_REPO_COMMIT}"
37 |     if [[ "$SPEL_REPO_COMMIT" =~ ^pr/[0-9]+$ ]]; then
38 |         git fetch origin "pull/${SPEL_REPO_COMMIT#pr/}/head:${SPEL_REPO_COMMIT}"
39 |     fi
40 |     git checkout "$SPEL_REPO_COMMIT"
41 | fi
42 | 
43 | # install packer
44 | make packer/install
45 | 
46 | # build vagrant box
47 | mkdir -p "${CLONE_DIR}/.spel/${SPEL_VERSION:?}/"
48 | export PACKER_LOG=1
49 | export PACKER_LOG_PATH="${CLONE_DIR}/.spel/${SPEL_VERSION:?}/packer.log"
50 | 
51 | packer init spel/minimal-linux.pkr.hcl
52 | 
53 | packer build \
54 |     -var "virtualbox_iso_url_centos9stream=${VIRTUALBOX_ISO_URL_CENTOS9STREAM:?}" \
55 |     -var "virtualbox_vagrantcloud_username=${VAGRANT_CLOUD_USER:?}" \
56 |     -var "spel_identifier=${SPEL_IDENTIFIER:?}" \
57 |     -var "spel_version=${SPEL_VERSION:?}" \
58 |     -only "virtualbox-iso.minimal-centos-9stream" \
59 |     -except "${EXCEPT_STEP:-}" \
60 |     spel/minimal-linux.pkr.hcl
61 | 
62 | # remove subdirectories from the artifact location
63 | find "${CLONE_DIR}/.spel/${SPEL_VERSION:?}/" -maxdepth 1 -mindepth 1 -type d -print0 | xargs -0 rm -rf
64 | 
65 | # remove .ova and .box files from artifact location
66 | find "${CLONE_DIR}/.spel/${SPEL_VERSION:?}/" -type f \( -name '*.box' -o -name '*.ova' \) -print0 | xargs -0 rm -f
67 | 


--------------------------------------------------------------------------------
/build/vagrant/buildspec-vagrant.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | version: 0.2
 3 | 
 4 | env:
 5 |   variables:
 6 |     PACKER_NO_COLOR: 1
 7 |   parameter-store:
 8 |     PACKER_GITHUB_API_TOKEN: /spel/codebuild/github-access-token
 9 |     VAGRANT_CLOUD_TOKEN: /spel/vagrantcloud/token
10 |   git-credential-helper: true
11 | 
12 | phases:
13 |   install:
14 |     commands:
15 |       - make -C build/vagrant install
16 |   build:
17 |     commands:
18 |       - make -C build/vagrant build
19 |   post_build:
20 |     commands:
21 |       - find . -type f \( -name '*.box' -o -name '*.ova' \) -print0 | xargs -0 rm -f
22 | 
23 | artifacts:
24 |   files:
25 |     - '**/*'
26 |   base-directory: build/vagrant/.spel
27 | 


--------------------------------------------------------------------------------
/buildspec.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | version: 0.2
 3 | 
 4 | env:
 5 |   parameter-store:
 6 |     PACKER_GITHUB_API_TOKEN: /spel/codebuild/github-access-token
 7 |   variables:
 8 |     PACKER_NO_COLOR: 1
 9 | 
10 | phases:
11 |   install:
12 |     commands:
13 |       - |
14 |         if [ "${SPEL_CI}" = "true" ]
15 |         then
16 |           SPEL_VERSION=$(date +%Y.%m.dev%s)
17 |           export SPEL_VERSION
18 |         fi
19 |       - make -f Makefile.spel install
20 |   build:
21 |     commands:
22 |       - make -f Makefile.spel build
23 |   post_build:
24 |     commands:
25 |       - make -f Makefile.spel post_build
26 |       - find . -type f \( -name '*.box' -o -name '*.ova' \) -print0 | xargs -0 rm -f
27 | 
28 | artifacts:
29 |   files:
30 |     - '**/*'
31 |   base-directory: .spel
32 | 


--------------------------------------------------------------------------------
/docs/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # How to contribute
 2 | 
 3 | This project originated as an engine for driving the [AMIgen6](https://github.com/ferricoxide/AMIgen6.git) and [AMIgen7](https://github.com/ferricoxide/AMIgen7.git) tool-sets. The initial objective was to ease and speed the creation of AWS AMIs so that the task:
 4 | 
 5 | * could be turned over to less-experienced staff
 6 | * increase the velocity of AMI-releases
 7 | * increase the AMI release-proliferations (addition of RHEL to the original CentOS-focused releases)
 8 | * increase the number of AWS regions supported (from just us-east-1 to all of the CONUS regions - including GovCloud)
 9 | 
10 | Since then, the objective has been expanded to include:
11 | 
12 | * generation of VirtualBox images
13 | * generation of VMware templates
14 | * generation of Azure images
15 | * generation of OpenStack images
16 | * publishing of VirtualBox and VMware images to Vagrant Cloud
17 | 
18 | Where all of the above images are notionally-identical but for their respective deployment contexts. "Notionally-identical" also means that produced Red Hat and CentOS images' RPM-manifests and storage-layouts are the same within a given release-cycle.
19 | 
20 | The fruits of this automation-effort are openly provided on an "as-is" basis. Individuals who have stumbled on this project and find deficiencies in it are invited to help us enhance the project for broader usability. This can be done by opening issues against the project or, even better, offering enhancements via Pull Requests:
21 | 
22 | * Please open an issue to identify "missing" deployment contexts
23 | * Please open pull requests - referencing the previously-opened issue - when ready to provide automation for new contexts.
24 | 
25 | 
26 | ## Testing
27 | 
28 | In progress...
29 | 
30 | Currently, this project links to a couple of services. When submitting a PR:
31 | * Basic lints will be performed against any shell script
32 | * Basic lints will be performed against any Packer templates
33 | * Offered content will be tested by a CodeCommit pipeline that ensures that modifications continue to produce functional AMIs
34 | * Documentation will be tested for recency.
35 |     Note: if the associated Travis CI job fails with a message like:
36 |     ~~~
37 |     Error: spel/README.md is out of date
38 |     make: *** [/home/travis/build/plus3it/spel/tardigrade-ci/Makefile:463: docs/lint/spel/README.md] Error 1
39 |     The command "make -f Makefile.tardigrade-ci lint" exited with 2.
40 |     ~~~
41 |     It will be necesary to execute:
42 |     ~~~
43 |     make -f Makefile.tardigrade-ci docs/generate
44 |     ~~~
45 |     In your branch's project-root (and then commit any changes) in order to clear it.
46 | 
47 | 
48 | 
49 | 
50 | ## Submitting Changes
51 | 
52 | Please send a GitHub Pull Request with a clear list of what changes are being offered (read more about [pull requests](http://help.github.com/pull-requests/)).
53 | 
54 | Please ensure that the commits bundled in the PR are performed with clear and concise commit messages. One-line messages are fine for small changes, but bigger changes should look like this:
55 | 
56 |     $ git commit -m "A brief summary of the commit
57 |     > 
58 |     > A paragraph describing what changed and its impact."
59 | 
60 | ## Coding conventions
61 | 
62 | To be written...
63 | 
64 | * Anything not otherwise specified - either explicitly as above or implicitly via pre-existing code - pick an element-style and be consistent with it .
65 | 
66 | 
67 | ## Additonal Notes
68 | 
69 | To be written...
70 | 


--------------------------------------------------------------------------------
/docs/FAQ.md:
--------------------------------------------------------------------------------
  1 | ### Q: What OSes are currently supported?
  2 | 
  3 | A: The following OSes are supported via spel:
  4 | 
  5 | - RHEL 7
  6 | - CentOS 7
  7 | - RHEL 8
  8 | - CentOS 8-Stream
  9 | - Oracle Linux 8
 10 | 
 11 | Other ELx derivatives may work but have not been specifically tested.
 12 | 
 13 | ### Q: Is RHEL or CentOS 8 Supported
 14 | 
 15 | A: Currently, three EL8 distros are explicitly supported
 16 | 
 17 | - Red Hat Enterpise Linux (RHEL) 8
 18 | - CentOSS 8 _Stream_
 19 | - Oracle Linux (OL) 8
 20 | 
 21 | The spel AMIs have a couple of design-dependencies:
 22 | 
 23 | - Our primary development-platform is CentOS, not RHEL. Automation is written for CentOS, first. It is then ported and verified to work on RHEL. Finally (with the EL8+ release), it is ported and verified to work on OL.
 24 | - We try to make the Red Hat, CentOS and Oracle Linux images we publish as close to identical as their respective package repositories allow them to be. Until we have both the Red Hat _and_ CentOS.Org (and, now, Oracle Linux) flavors of a given release available, we don't update or extend our automation
 25 | - Because we try to provide a similar degree of AWS functionality to spel AMIs as is found in Amazon Linux AMIs, the spel AMIs require the ability to port the AWS utilities to RHEL and CentOS. Historically, the ability to so port has been contingent on EPEL-hosted packages.
 26 | 
 27 | Resultant of the above, we will not attempt support for EL8 until CentOS.Org has published a "final" AMI and until Fedora has made ("final") EPEL 8 repositories available. Status for both projects may be tracked at:
 28 | 
 29 | - CentOS 8 [build-status](https://wiki.centos.org/About/Building_8)
 30 | - EPEL 8 [support-status](https://fedoraproject.org/wiki/EPEL#What_packages_and_versions_are_available_in_EPEL.3F)
 31 | 
 32 | Notes:
 33 | 1. EPEL dependency is AWS-only
 34 | 2. EPEL dependency may be removed in later ELx versions as baked-in packages' dependencies permit
 35 | 
 36 | Note: Initial functionality for any given ELx build orchestrated by spel starts with an AMIgen project. Functionality for EL8 will be trackable within the [AMIgen8 project](/plus3it/AMIgen8).
 37 | 
 38 | ### Q: What happened to support for EL6?
 39 | 
 40 | A: Red Hat Enterprise Linux 6 is in the last stages of the standard support-lifecycle's de-support phase. This support-lifecycle reaches its conclusion on November 30, 2020. Down-stream projects' &mdash; such as CentOS 6 &mdash; will conclude _their_ support-lifecycle in a similar time-frame. Further, our primary customer-base had begun the process of moving their solution-stacks to later ELx releases in October of 2018. Therefore, due to the pending demise of both EL6 and our primary customers' need for updated EL6 AMIs, we chose to cease publishing new EL6 images or testing spel functionality against el6 with the October 16<sup>th</sup>, 2018 AMI.
 41 | 
 42 | While it's possible that this automation can continue to be used to create new EL6 AMIs, we will not be continuing to test that functionality or publishing new EL6 AMIs
 43 | 
 44 | ### Q: Are the images STIG-hardened?
 45 | 
 46 | A: No. The only STIG-related hardening is:
 47 | 
 48 | -   The images' root device is pre-partitioned to allow the various
 49 |     "`${DIRECTORY}` must be on its own filesystem" scan-tests to pass
 50 | -   Red Hat and CentOS 7.x images are FIPS-enabled
 51 | 
 52 | ### Q: Why aren't the images STIG-hardened?
 53 | 
 54 | A. As of the writing of this FAQ answer:
 55 | 
 56 | -   Images are published in the following repositories
 57 |     -   Amazon Machine Image in AWS commercial region us-east-1
 58 |     -   Amazon Machine Image in AWS commercial region us-east-2
 59 |     -   Amazon Machine Image in AWS commercial region us-west-1
 60 |     -   Amazon Machine Image in AWS commercial region us-west-2
 61 |     -   Amazon Machine Image in AWS GovCloud region us-gov-west-1
 62 |     -   VirtualBox image in [Vagrant Cloud](https://vagrantcloud.com/)
 63 |     -   VMware image in Vagrant Cloud<sup>1</sup>
 64 | -   Proliferations for each of the above repositories exist for
 65 |     -   Red Hat 7<sup>2</sup>
 66 |     -   CentOS 7<sup>2</sup>
 67 | -   Images are produced monthly. This means maintaining 28 images per month for
 68 |     a minimum time-span of six to twelve months.
 69 | 
 70 | Additionally, the STIG contents contain multiple scanning/hardening profiles.
 71 | To support each profile would require a unique, pre-hardened image for each
 72 | "off the shelf" profile. This does not account for custom scanning/hardening
 73 | profiles. Supporting _all_ of the "off the shelf" profiles via pre-hardened
 74 | images would require generating 100+ images per month. Not practical on a
 75 | monthly basis; even less practical when extended across the six- to twelve-month
 76 | lifespan of images in multiple deployment domains (i.e., AWS, Vagrant Cloud...
 77 | and eventually Azure and possibly others).
 78 | 
 79 | Because of the above, we opted to keep AMIs as minimally-hardened as possible -
 80 | instead choosing to apply hardenings at launch-time using other frameworks.
 81 | 
 82 | ### Q: So... Why would I use these images, then?
 83 | 
 84 | In general, once an image is launched as a VM, it requires considerable
 85 | gymnastics to re-layout the storage to meet STIG requirements. Those gymnastics
 86 | can vary from simply annoyingly labor-intensive to effectively "not possible".
 87 | This set of images solves that problem.
 88 | 
 89 | Similarly - relevant to EL7 images - attempting to enable FIPS at launch-time
 90 | requires sorting out how to automate launch-time provisioning processes across
 91 | multiple boots. While possible, it introduces gymnastics many would-be-users
 92 | don't want to have to sort out. This set of images avoids that problem.
 93 | 
 94 | ### Q: Alright... Any suggestions for launching a hardened VM?
 95 | 
 96 | A. Many of our images' users leverage in-house build-workflows to handle
 97 | initial provisioning of image-sourced instances. They use things like Chef,
 98 | Puppet, Ansible, etc. Users that have no such in-house build-workflows, we
 99 | typically recommend our launch-driver,
100 | [Watchmaker](https://github.com/plus3it/watchmaker.git).
101 | 
102 | ### Q. Watchmaker looks promising: how do I use it?
103 | 
104 | A. This FAQ is for using spel. That said Watchmaker includes a full
105 | [documentation set](https://watchmaker.readthedocs.io) that should help you
106 | with its use.
107 | 
108 | 
109 | ### Q. My application won't work under FIPS: now what?
110 | 
111 | A. If you're using EL7 or EL8 images, things can become a bit challenging if
112 | the application you wish to host on a spel image is not FIPS-compatible. Our
113 | images are FIPS-enabled because the STIGs say they need to be. As such, our
114 | users ultimately need to figure out how to get their app to work under FIPS or
115 | get an exception from their security team (sorta like firewalld and SELinux -
116 | also baked in to the EL7 images).  These images are meant as a 90% solution. If
117 | you're one of the unlucky 10% whose app won't work under FIPS in EL7, the best
118 | we can suggest is to let your provisioning framework handle the problem for you.
119 | 
120 | ### Q. But I'm following your suggestion to use Watchmaker: can that help me with toggling FIPS mode?
121 | 
122 | A. Yes. See watchmaker's [documentation](https://watchmaker.readthedocs.io/en/stable/faq.html)
123 | for guidance.
124 | 
125 | ### Q. The root volume-group and its partitions seem too small for my use-case: is there any way I can un-handcuff myself from the current partitioning-scheme?
126 | 
127 | A. Yes. The methods for doing so are dependent on EL version and deployment-contexts. As of this writing, we have documented how to deploy a VM using a root device that is larger than the templated default:
128 | 
129 | * [spel for EL7 on AWS](LargerThanDefaultRootEBS_EL7.md)
130 | * spel for EL8 on AWS: see the previously-linked EL7 document &ndash; the methods are the same
131 | 
132 | Procedures for other deployment-contexts are not core to this project. Therefore, they have not been documented. Please feel free to experiment and [contribute](CONTRIBUTING.md)!
133 | 
134 | It is generally expected that if users need to grow an _existing_ instance's root volume group that they reprovision and follow the above linked-to documents. If reprovisioning is not practical, the next best option is to add a secondary drive to the VM and expand the root volume group onto the secondary drive.
135 | 
136 | ### Q. My SSH keys don't work on the EL8 spel-images (but do on the EL7 spel-images)
137 | 
138 | A. The version of OpenSSH server on EL8, combined with associated security-settings, is a bit pickier about SSH keys used for authentication (key-based logins). Previous EL versions only requred the use of RSAv2 keys of at least 2048-bits' length. The EL8 OpenSSH server adds the further requirement that authentication-keys' signatures be some variety of SHA2. See the [OpenSSH and FIPS on EL8](OpenSSHandFIPS_EL8.md) document for more information.
139 | 
140 | 
141 | ##### Footnotes:
142 | ------
143 | 
144 | <sup>1</sup>: The VMware image-maker is currently broken. It's on our task-list
145 | to address. However, [community contributions](CONTRIBUTING.md) are always
146 | welcome! :smile:
147 | 
148 | <sup>2</sup>: Currently (see [issue #87](https://github.com/plus3it/spel/issues/87)),
149 | there are no VirtualBox builders for EL7. However,
150 | [community contributions](../.github/CONTRIBUTING.md) are always welcome! :smile:
151 | 


--------------------------------------------------------------------------------
/docs/LargerThanDefaultRootEBS_EL6.md:
--------------------------------------------------------------------------------
 1 | # Using Larger-Than-Default-Root EBS
 2 | 
 3 | With the release of the June 2016 AMIs, support for launching instances with larger-than-default root EBSes was added. This added the [dracut-modules-growroot](http://dl.fedoraproject.org/pub/epel/6/x86_64/dracut-modules-growroot-0.20-2.el6.noarch.rpm) EPEL RPM to the "Thin" AMI and extended the RPM's functionality to include support for "`/`" hosted on LVM2 volumes. The patched functionality is implemented via [GrowSetup.sh](https://raw.githubusercontent.com/plus3it/AMIgen6/master/GrowSetup.sh) build-script
 4 | 
 5 | > *Note:* a [BugZilla](https://bugzilla.redhat.com/show_bug.cgi?id=1343571) has been opened with the EPEL RPM's maintainer. The patching effected within the build-script will be deprecated if/when the bug is fixed.
 6 | 
 7 | To make use of this functionality:
 8 | 
 9 | 1. Launch an instance from the June 2016 (or newer) "Thin" AMI. On the storage selection screen (if using the Web Console), change the default size value to a more-preferred value.
10 | 1. Run the hardening framework (and any other provisioning-time automation) and allow instance to reboot
11 | 1. Login to the instance and gain root privileges
12 | 1. Run "`pvresize /dev/xvda2`" to ensure that LVM2 "sees" the extra storage in the PV hosting the root volume-group [Note: LVM2 _should_ have properly rescanned the PVs after the reboot. If, however, the "`pvresize`" fails to increase the size of the PV from the default to the expected size, run "`pvscan`" and then re-run the "`pvresize`"]
13 | 1. Iteratively use "`lvresize -r VolGroup00/<volName>`" to resize any of the volumes in the root volume-group to their desired size
14 | 
15 | The final two setps can be placed into an automated-provisionion sequence as a post-reboot task (e.g., place into `/etc/rc.d/rc.local` &mdash; _ensuring to also auto-delete the `rc.local` tasks once executed_)
16 | 
17 | 
18 | ## Note on Expected Usage
19 | 
20 | It should be stressed that the above is primarily intended for use by users that have larger-than normal logging need (i.e., use the extra space to increase the size of `logVol` and/or `auditVol`), want a larger swap partition (i.e., use the extra space to grow `swapVol` ...though better performance would be achieved using instance storage for swapping-activities) or need additional home directory space (i.e., use the extra space to grow `homeVol`). Application binaries and data should still be placed onto EBSes (and associated volume-groups) separate from the OS's root volume-group.
21 | 


--------------------------------------------------------------------------------
/docs/LargerThanDefaultRootEBS_EL7.md:
--------------------------------------------------------------------------------
 1 | # Using Larger-Than-Default-Root EBS
 2 | 
 3 | The kernel used for EL 7 natively supports growing partitions hosted on the root disk at any time. This functionality requires that the AMI include the `cloud-utils-growpart` RPM. If the "`/`" filesystem is on either an unpartitioned disk or on a MBR- or GPT-style partition, the partition hosting the "`/`" will automatically be grown at first boot. However, this will _not_ occur if the "`/`" filesystem is hosted on an LVM2-managed volume. 
 4 | 
 5 | To create an instance with a root EBS larger than the AMI's default, use the following procedures:
 6 | 
 7 | 1. Select a root EBS size larger than the AMI's default (if using the AWS console, do this under the "`Add Storage`" section of the AMI-launch wizard)
 8 | 1. Launch the AMI
 9 | 1. When the AMI completes its launch, login to the new instance
10 | 1. Escalate privileges to root
11 | 1. Issue the command "`/usr/bin/growpart /dev/xvda 2`"
12 | 1. Issue the command "`pvresize /dev/xvda2`"
13 | 1. Use the "`lvresize`" command to grow the volume(s)/filesystem(s) that need to be enlarged
14 | 
15 | Alternately, steps 5+ can be incorporated into the instance's UserData prior to launch. Something similar to the following should work:
16 | 
17 | ~~~
18 | #cloud-config
19 | runcmd:
20 |   - /usr/bin/growpart /dev/xvda 2
21 |   - pvresize /dev/xvda2
22 |   - lvresize -r -l 100%FREE VolGroup00/logVol
23 | ~~~
24 | 
25 | or
26 | 
27 | ~~~
28 | #cloud-config
29 | 
30 | growpart:
31 |   mode: auto
32 |   devices: [ '/dev/xvda2' ]
33 |   ignore_growroot_disabled: false
34 | ~~~
35 | 
36 | or
37 | 
38 | ~~~
39 | #!/bin/bash
40 | /usr/bin/growpart /dev/xvda 2
41 | pvresize /dev/xvda2
42 | lvresize -r -l 100%FREE VolGroup00/logVol
43 | ~~~
44 | 
45 | Note: _While this has not been extensively-tested to verify proper invocations_, if using a fifth-generation instance-types (`m5`, `c5`, etc.), it will likely be necessary to change occurrences of `xvda` to `nvme0n1`.
46 | 


--------------------------------------------------------------------------------
/docs/OpenSSHandFIPS_EL8.md:
--------------------------------------------------------------------------------
 1 | # OpenSSH and FIPS on EL8
 2 | 
 3 | Red Hat 8 (and derivatives/forks) implement a new version of the OpenSSH service. The new service deprecates support for SSH keys that leverage signing-algorithms less modern than SHA2. As such, when one attempts to login to a freshly-launched, spel-BASED VM, the administator may find that the server rejects their SSH key. In order for a key to be recognized for login purposes:
 4 | 
 5 | * A SHA2 signing-method be used for all RSAv2 keys[^1]
 6 | * RSAv2 keys should be at least 2048-bits long[^2]
 7 | 
 8 | 
 9 | ## Generating Compatible Keys
10 | 
11 | There are a couple ways to ensure a suitable key:
12 | 
13 | * Instead of using `-t rsa`, use `-t rsa-sha2-256` or `-t rsa-sha2-512` when using OpenSSH's `ssh-keygen` to generate the key[^3]
14 | * Use `ssh-keygen` on a FIPS-enabled RHEL 8+ system to generate the key
15 | * Use AWS EC2's `Key Pairs` &raquo; `Create Key Pair` option in AWS commercial regions[^4]
16 | 
17 | ## Symptoms
18 | 
19 | Depending on the SSH client, the key may silently fail to work or it may print an error. If an error is printed, it will usually be something like:
20 | 
21 | ```bash
22 | Load key "/path/to/key-file": error in libcrypto
23 | ```
24 | 
25 | With or without the printing of the error, the key will be disqualified and the server will request the client move on to the next-available authentication-metho (usually password).
26 | 
27 | If one is able to access the system logs, one will usually find errors similar to:
28 | 
29 | ```bash
30 | Feb 09 12:10:50 ip-0a00dc73 sshd[2939]: input_userauth_request: invalid user ec2-user [preauth]
31 | ```
32 | 
33 | Or
34 | 
35 | ```bash
36 | Feb 09 12:10:50 ip-0a00dc73 sshd[2939]: input_userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth]
37 | ```
38 | 
39 | In the `/var/log/secure` logs.
40 | 
41 | **Note:** Keys that are rejected for login-authentication typically will not be rejected for key-forwarding. If one has configured key-forwarding, the rejected key _should_ still show up in the output of `ssh-keygen -l` when executed on the remote system.
42 | 
43 | [^1]: SHA512 preferred for future-proofing)
44 | [^2]: 4096 or even 8192-bits preferred for future-proofing)
45 | [^3]: This works for both the Linux OpenSSH and PowerShell OpenSSH tooling)
46 | [^4]: Other regions _may_ work, but have not been tested
47 | 


--------------------------------------------------------------------------------
/docs/Xdistro-CO8.md:
--------------------------------------------------------------------------------
 1 | To support CentOS Stream 8, it will be necessary to install the `centos-stream-repos`, `centos-stream-release` and `centos-gpg-keys` RPMs. As of the writing of this document, these RPMs may be found at the CentOS Stream 8 [package-mirror](http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/). The following links are correct as of this document's writing, but can update frequently. Each is suitable for creating a CentOS Stream 8 AMI as of the time of this document's writing:
 2 | 
 3 | - [centos-stream-repos](http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/centos-stream-repos-8-6.el8.noarch.rpm)
 4 | - [centos-stream-release](http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/centos-stream-release-8.6-1.el8.noarch.rpm)
 5 | - [centos-gpg-keys](http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/centos-gpg-keys-8-6.el8.noarch.rpm)
 6 | 
 7 | 
 8 | If building in an environment where the public CentOS Stream 8 yum repositories are not available, it will be necessary to locate the correct RPM URLs for your build-needs.
 9 | 
10 | To download/stage these RPMs, execute:
11 | 
12 | ~~~bash
13 | XdistroSetup.sh -d CentOS \
14 |   -k <centos-gpg-keys_RPM_URL> \
15 |   -r <centos-gpg-keys_RPM_URL>,<centos-stream-repos_RPM_URL>,<centos-stream-release_RPM_URL>
16 | ~~~
17 | 
18 | If successful, this should create a `${HOME}/RPM/CentOS` directory with contents similar to the following:
19 | 
20 | ~~~bash
21 | -rw-r--r-- 1 ec2-user ec2-user 14632 Mar 28  2022 centos-gpg-keys-8-6.el8.noarch.rpm
22 | -rw-r--r-- 1 ec2-user ec2-user 22744 Sep 14  2021 centos-stream-release-8.6-1.el8.noarch.rpm
23 | -rw-r--r-- 1 ec2-user ec2-user 20588 Mar 28  2022 centos-stream-repos-8-6.el8.noarch.rpm
24 | ~~~
25 | 
26 | It will then be necessary to install the `centos-gpg-keys` and `centos-stream-repos` to the build-host. Use `dnf` to do so. Once these two RPMs have been installed, it will be necessary to use `yum-config-manager` to disable the repos installed by the `centos-stream-repos` RPM.
27 | 
28 | Note: if installing into networks with no access to internet-hosted repositoris, it will be necessary to have create private-network RPMS equivalent to the above. It will then be necessary to install both the ones published by CentOS.Org and your organization's equivalent RPMs.
29 | 


--------------------------------------------------------------------------------
/docs/Xdistro-OL8.md:
--------------------------------------------------------------------------------
 1 | To support Oracle Linux 8, it will be necessary to install the `oracle-linux-release` and `oracle-linux-release-el8` RPMs. As of the writing of this document, these RPMs may be found at [`https://yum.oracle.com/oracle-linux-8.html`](https://yum.oracle.com/oracle-linux-8.html). The following links are correct as of this document's writing and are suitable for creating an Oracle Linux 8.9 AMI:
 2 | 
 3 | - [oracle-linux-release](https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/getPackage/oraclelinux-release-8.9-1.0.8.el8.x86_64.rpm)
 4 | - [oracle-linux-release-el8](https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/getPackage/oraclelinux-release-el8-1.0-35.el8.x86_64.rpm)
 5 | 
 6 | If building an Oracle Linux 8.10 AMI or building in an environment where the public Oracle yum repositories are not available, it will be necessary to locate the correct RPM URLs for your build-needs.
 7 | 
 8 | To download/stage these RPMs, execute:
 9 | 
10 | ~~~bash
11 | XdistroSetup.sh -d Oracle \
12 |   -k <oraclelinux-release_RPM_URL> \
13 |   -r <oraclelinux-release_RPM_URL>,<oraclelinux-release-el8_RPM_URL> 
14 | ~~~
15 | 
16 | If successful, this should create a `${HOME}/RPM/Oracle` directory with the contents similar to the following:
17 | 
18 | ~~~bash
19 | -rw-r--r-- 1 ec2-user ec2-user 9488772 Nov 17 10:35 oraclelinux-release-8.9-1.0.8.el8.x86_64.rpm
20 | -rw-r--r-- 1 ec2-user ec2-user   21500 Nov 17 14:01 oraclelinux-release-el8-1.0-35.el8.x86_64.rpm
21 | ~~~
22 | 
23 | Once these packages are unpacked, it will be necessary to install the file-contents onto the build-host. The `dnf` utility can be used to install the `oraclelinux-release-el8` RPM. However, because it has a conflict with the Red Hat build-host's own, equivalent package, it will be necessary to use `rpm2cpio` to unpack the `oraclelinux-release` contents and then manually copy key files to the build-host' RPM verification-keys' directory.
24 | 
25 | Note: if installing into networks with no access to internet-hosted repositoris, it will be necessary to have created private-network RPMS equivalent to the above. It will then be necessary to install both the ones published by CentOS.Org and your organization's equivalent RPMs.
26 | 
27 | ## Install `oraclelinux-release-el8` RPM
28 | 
29 | Execute a step similar to the following for whichever `oraclelinux-release-el8` version is correct when following this document's guidance.
30 | 
31 | ~~~bash
32 | dnf install ${HOME}/RPM/Oracle/oraclelinux-release-el8-1.0-35.el8.x86_64.rpm
33 | ~~~
34 | 
35 | ## Install `oraclelinux-release` RPM
36 | 
37 | Unpack the `oraclelinux-release` RPM with the `rpm2cpio` utility. This will look something like the following
38 | 
39 | 1. Create an "unpacking" directory (e.g., `mkdir /tmp/unpack`)
40 | 2. Navigate into the "unpacking" directory (e.g., `cd /tmp/unpack`)
41 | 3. Unpack the RPM (e.g., `rpm2cpio ${HOME}/RPM/Oracle/oraclelinux-release-8.9-1.0.8.el8.x86_64.rpm`)
42 | 
43 | Once it's unpacked copy the unpacked GPG files (e.g., `/tmp/unpack/etc/pki/rpm-gpg/RPM-GPG-KEY` and `/tmp/unpack/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle`) into the host-system's RPM-keys directory (`/etc/pki/rpm-gpg/`)
44 | 
45 | 


--------------------------------------------------------------------------------
/docs/buildIt-co8.txt:
--------------------------------------------------------------------------------
 1 | AMIgen8/Xdistro.sh
 2 | -k http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/centos-gpg-keys-8-6.el8.noarch.rpm)
 3 | -r http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/centos-stream-repos-8-6.el8.noarch.rpm,http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/centos-stream-release-8.6-1.el8.noarch.rpm,http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/centos-gpg-keys-8-6.el8.noarch.rpm
 4 | 
 5 | ( cd ${HOME}/RPM/CentOS && dnf install centos-gpg-keys-8-6.el8.noarch.rpm centos-stream-repos )
 6 | 
 7 | AMIgen8/DiskSetup.sh \
 8 |   -d /dev/xvdx \
 9 |   -f xfs \
10 |   -B 17m \
11 |   -b 512 \
12 |   -l boot_dev \
13 |   -U 64 \
14 |   -L UEFI_DEV \
15 |   -r root_dev \
16 |   -X && \
17 | AMIgen8/MkChrootTree.sh \
18 |   -d /dev/xvdx \
19 |   -f xfs \
20 |   --no-lvm \
21 |   --rootlabel root_dev \
22 |   --with-uefi && \
23 | AMIgen9/OSpackages.sh \
24 |   -X \
25 |   -a baseos,appstream,extras,extras-common \
26 |   -r /root/RPM/CentOS/centos-gpg-keys-8-6.el8.noarch.rpm,/root/RPM/CentOS/centos-stream-release-8.6-1.el8.noarch.rpm,/root/RPM/CentOS/centos-stream-repos-8-6.el8.noarch.rpm \
27 |   -e centos-gpg-keys,centos-stream-release,centos-stream-repos \
28 |   -x subscription-manager && \
29 | AMIgen8/AWSutils.sh \
30 |   -c https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip \
31 |   -n https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz \
32 |   -s https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm \
33 |   -t amazon-ssm-agent && \
34 | AMIgen9/PostBuild.sh \
35 |   -f xfs \
36 |   -X && \
37 | echo SUCCESS
38 | 


--------------------------------------------------------------------------------
/docs/buildIt-ol8.txt:
--------------------------------------------------------------------------------
 1 | AMIgen8/XdistroSetup.sh -d Oracle \
 2 |   -k https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/getPackage/oraclelinux-release-8.9-1.0.8.el8.x86_64.rpm
 3 |   -r https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/getPackage/oraclelinux-release-8.9-1.0.8.el8.x86_64.rpm,https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/getPackage/oraclelinux-release-el8-1.0-35.el8.x86_64.rpm,https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/getPackage/yum-utils-4.0.21-23.0.1.el8.noarch.rpm
 4 | 
 5 | dnf install ${HOME}/RPM/Oracle/oraclelinux-release-el8-1.0-35.el8.x86_64.rpm
 6 | 
 7 | (
 8 |   cd /tmp ;
 9 |   mkdir unpack ;
10 |   cd unpack ;
11 |   rpm2cpio ${HOME}/RPM/Oracle/oraclelinux-release-8.9-1.0.8.el8.x86_64.rpm | \
12 |     cpio -idv
13 |   cp -i etc/pki/rpm-gpg/* /etc/pki/rpm-gpg/
14 | )
15 | 
16 | AMIgen8/DiskSetup.sh \
17 |   -d /dev/xvdx \
18 |   -f xfs \
19 |   -B 17m \
20 |   -b 512 \
21 |   -l boot_dev \
22 |   -U 64 \
23 |   -L UEFI_DEV \
24 |   -r root_dev \
25 |   -X && \
26 | AMIgen8/MkChrootTree.sh \
27 |   -d /dev/xvdx \
28 |   -f xfs \
29 |   --no-lvm \
30 |   --rootlabel root_dev \
31 |   --with-uefi && \
32 | DNF_VAR_ociregion= DNF_VAR_ocidomain=oracle.com DNF_VAR_releasever=8 AMIgen9/OSpackages.sh \
33 |   -X \
34 |   -a ol8_UEKR7,ol8_appstream,ol8_baseos_latest \
35 |   -r /root/RPM/Oracle/oraclelinux-release-8.9-1.0.8.el8.x86_64.rpm,/root/RPM/Oracle/oraclelinux-release-el8-1.0-35.el8.x86_64.rpm,https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/getPackage/yum-utils-4.0.21-23.0.1.el8.noarch.rpm \
36 |   -e oraclelinux-release,oraclelinux-release-el8,yum-utils \
37 |   -x subscription-manager && \
38 | DNF_VAR_ociregion= DNF_VAR_ocidomain=oracle.com DNF_VAR_releasever=8 AMIgen8/AWSutils.sh \
39 |   -c https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip \
40 |   -n https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz \
41 |   -s https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm \
42 |   -t amazon-ssm-agent && \
43 | DNF_VAR_ociregion= DNF_VAR_ocidomain=oracle.com DNF_VAR_releasever=8 AMIgen9/PostBuild.sh \
44 |   -f xfs \
45 |   -X && \
46 | echo SUCCESS
47 | 


--------------------------------------------------------------------------------
/manifests/spel-minimal-centos-9stream-hvm.amazon-ebssurrogate.manifest.txt:
--------------------------------------------------------------------------------
  1 | CentOS Stream 9
  2 | aws-cli/2.27.21 Python/3.13.3 Linux/5.14.0-432.el9.x86_64 exe/x86_64.centos.9
  3 | aws-cfn-bootstrap 2.0
  4 | NetworkManager-1.53.4-1.el9.x86_64
  5 | NetworkManager-libnm-1.53.4-1.el9.x86_64
  6 | NetworkManager-team-1.53.4-1.el9.x86_64
  7 | NetworkManager-tui-1.53.4-1.el9.x86_64
  8 | acl-2.3.1-4.el9.x86_64
  9 | acpid-2.0.32-7.el9.x86_64
 10 | alternatives-1.24-2.el9.x86_64
 11 | amazon-ec2-net-utils-2.5.4-1.el9.0.1.x86_64
 12 | amazon-ssm-agent-3.3.2299.0-1.x86_64
 13 | attr-2.5.1-3.el9.x86_64
 14 | audit-3.1.5-7.el9.x86_64
 15 | audit-libs-3.1.5-7.el9.x86_64
 16 | authselect-1.2.6-3.el9.x86_64
 17 | authselect-libs-1.2.6-3.el9.x86_64
 18 | basesystem-11-13.el9.noarch
 19 | bash-5.1.8-9.el9.x86_64
 20 | binutils-2.35.2-63.el9.x86_64
 21 | binutils-gold-2.35.2-63.el9.x86_64
 22 | bzip2-libs-1.0.8-10.el9.x86_64
 23 | c-ares-1.19.1-2.el9.x86_64
 24 | ca-certificates-2024.2.69_v8.0.303-91.4.el9.noarch
 25 | centos-gpg-keys-9.0-28.el9.noarch
 26 | centos-stream-release-9.0-28.el9.noarch
 27 | centos-stream-repos-9.0-28.el9.noarch
 28 | checkpolicy-3.6-1.el9.x86_64
 29 | chrony-4.6.1-1.el9.x86_64
 30 | cloud-init-24.4-6.el9.noarch
 31 | cloud-utils-growpart-0.33-1.el9.x86_64
 32 | coreutils-8.32-39.el9.x86_64
 33 | coreutils-common-8.32-39.el9.x86_64
 34 | cpio-2.13-16.el9.x86_64
 35 | cracklib-2.9.6-27.el9.x86_64
 36 | cracklib-dicts-2.9.6-27.el9.x86_64
 37 | cronie-1.5.7-14.el9.x86_64
 38 | cronie-anacron-1.5.7-14.el9.x86_64
 39 | crontabs-1.11-26.20190603git.el9.noarch
 40 | crypto-policies-20250128-1.git5269e22.el9.noarch
 41 | crypto-policies-scripts-20250128-1.git5269e22.el9.noarch
 42 | cryptsetup-libs-2.7.2-3.el9.x86_64
 43 | curl-7.76.1-31.el9.x86_64
 44 | cyrus-sasl-lib-2.1.27-21.el9.x86_64
 45 | dbus-1.12.20-8.el9.x86_64
 46 | dbus-broker-28-7.el9.x86_64
 47 | dbus-common-1.12.20-8.el9.noarch
 48 | dbus-libs-1.12.20-8.el9.x86_64
 49 | device-mapper-1.02.202-6.el9.x86_64
 50 | device-mapper-event-1.02.202-6.el9.x86_64
 51 | device-mapper-event-libs-1.02.202-6.el9.x86_64
 52 | device-mapper-libs-1.02.202-6.el9.x86_64
 53 | device-mapper-persistent-data-1.1.0-1.el9.x86_64
 54 | dhcp-client-4.4.2-19.b1.el9.x86_64
 55 | dhcp-common-4.4.2-19.b1.el9.noarch
 56 | diffutils-3.7-12.el9.x86_64
 57 | dmidecode-3.6-1.el9.x86_64
 58 | dnf-4.14.0-29.el9.noarch
 59 | dnf-data-4.14.0-29.el9.noarch
 60 | dnf-plugins-core-4.3.0-21.el9.noarch
 61 | dosfstools-4.2-3.el9.x86_64
 62 | dracut-057-87.git20250311.el9.x86_64
 63 | dracut-config-generic-057-87.git20250311.el9.x86_64
 64 | dracut-config-rescue-057-87.git20250311.el9.x86_64
 65 | dracut-network-057-87.git20250311.el9.x86_64
 66 | dracut-squash-057-87.git20250311.el9.x86_64
 67 | e2fsprogs-1.46.5-7.el9.x86_64
 68 | e2fsprogs-libs-1.46.5-7.el9.x86_64
 69 | ec2-hibinit-agent-1.0.8-0.el9.x86_64
 70 | ec2-utils-2.2.0-1.el9.0.2.x86_64
 71 | efi-filesystem-6-2.el9.noarch
 72 | efibootmgr-16-12.el9.x86_64
 73 | efivar-libs-38-3.el9.x86_64
 74 | elfutils-debuginfod-client-0.193-1.el9.x86_64
 75 | elfutils-default-yama-scope-0.193-1.el9.noarch
 76 | elfutils-libelf-0.193-1.el9.x86_64
 77 | elfutils-libs-0.193-1.el9.x86_64
 78 | epel-next-release-9-10.el9.noarch
 79 | epel-release-9-10.el9.noarch
 80 | ethtool-6.11-1.el9.x86_64
 81 | expat-2.5.0-5.el9.x86_64
 82 | file-5.39-16.el9.x86_64
 83 | file-libs-5.39-16.el9.x86_64
 84 | filesystem-3.16-5.el9.x86_64
 85 | findutils-4.8.0-7.el9.x86_64
 86 | firewalld-1.3.4-9.el9.noarch
 87 | firewalld-filesystem-1.3.4-9.el9.noarch
 88 | flashrom-1.2-10.el9.x86_64
 89 | fuse-libs-2.9.9-17.el9.x86_64
 90 | fwupd-1.9.26-1.el9.x86_64
 91 | fwupd-plugin-flashrom-1.9.26-1.el9.x86_64
 92 | gawk-5.1.0-6.el9.x86_64
 93 | gawk-all-langpacks-5.1.0-6.el9.x86_64
 94 | gdbm-libs-1.23-1.el9.x86_64
 95 | gdisk-1.0.7-5.el9.x86_64
 96 | geolite2-city-20191217-6.el9.noarch
 97 | geolite2-country-20191217-6.el9.noarch
 98 | gettext-0.21-8.el9.x86_64
 99 | gettext-libs-0.21-8.el9.x86_64
100 | glib2-2.68.4-16.el9.x86_64
101 | glibc-2.34-192.el9.x86_64
102 | glibc-common-2.34-192.el9.x86_64
103 | glibc-gconv-extra-2.34-192.el9.x86_64
104 | glibc-minimal-langpack-2.34-192.el9.x86_64
105 | gmp-6.2.0-13.el9.x86_64
106 | gnupg2-2.3.3-4.el9.x86_64
107 | gnutls-3.8.3-6.el9.x86_64
108 | gobject-introspection-1.68.0-11.el9.x86_64
109 | gpg-pubkey-3228467c-613798eb
110 | gpg-pubkey-8483c65d-5ccc5b19
111 | gpg-pubkey-e96e3db7-6196a254
112 | gpgme-1.15.1-6.el9.x86_64
113 | grep-3.6-5.el9.x86_64
114 | groff-base-1.22.4-10.el9.x86_64
115 | grub2-common-2.06-107.el9.noarch
116 | grub2-efi-x64-2.06-107.el9.x86_64
117 | grub2-efi-x64-modules-2.06-107.el9.noarch
118 | grub2-pc-2.06-107.el9.x86_64
119 | grub2-pc-modules-2.06-107.el9.noarch
120 | grub2-tools-2.06-107.el9.x86_64
121 | grub2-tools-efi-2.06-107.el9.x86_64
122 | grub2-tools-minimal-2.06-107.el9.x86_64
123 | grubby-8.40-63.el9.x86_64
124 | gzip-1.12-1.el9.x86_64
125 | hostname-3.23-6.el9.x86_64
126 | hwdata-0.348-9.18.el9.noarch
127 | ima-evm-utils-1.6.2-1.el9.x86_64
128 | inih-49-6.el9.x86_64
129 | initscripts-rename-device-10.11.8-4.el9.x86_64
130 | initscripts-service-10.11.8-4.el9.noarch
131 | ipcalc-1.0.0-5.el9.x86_64
132 | iproute-6.11.0-1.el9.x86_64
133 | iproute-tc-6.11.0-1.el9.x86_64
134 | ipset-7.11-11.el9.x86_64
135 | ipset-libs-7.11-11.el9.x86_64
136 | iptables-libs-1.8.10-11.el9.x86_64
137 | iptables-nft-1.8.10-11.el9.x86_64
138 | iputils-20210202-11.el9.x86_64
139 | irqbalance-1.9.4-2.el9.x86_64
140 | jansson-2.14-1.el9.x86_64
141 | jitterentropy-3.6.0-1.el9.x86_64
142 | jq-1.6-17.el9.x86_64
143 | json-c-0.14-11.el9.x86_64
144 | json-glib-1.6.6-1.el9.x86_64
145 | kbd-2.4.0-11.el9.x86_64
146 | kbd-legacy-2.4.0-11.el9.noarch
147 | kbd-misc-2.4.0-11.el9.noarch
148 | kernel-5.14.0-585.el9.x86_64
149 | kernel-core-5.14.0-585.el9.x86_64
150 | kernel-modules-5.14.0-585.el9.x86_64
151 | kernel-modules-core-5.14.0-585.el9.x86_64
152 | kernel-tools-5.14.0-585.el9.x86_64
153 | kernel-tools-libs-5.14.0-585.el9.x86_64
154 | kexec-tools-2.0.29-7.el9.x86_64
155 | keyutils-1.6.3-1.el9.x86_64
156 | keyutils-libs-1.6.3-1.el9.x86_64
157 | kmod-28-10.el9.x86_64
158 | kmod-libs-28-10.el9.x86_64
159 | kpartx-0.8.7-37.el9.x86_64
160 | krb5-libs-1.21.1-6.el9.x86_64
161 | less-590-5.el9.x86_64
162 | libacl-2.3.1-4.el9.x86_64
163 | libaio-0.3.111-13.el9.x86_64
164 | libarchive-3.5.3-4.el9.x86_64
165 | libassuan-2.5.5-3.el9.x86_64
166 | libatasmart-0.19-22.el9.x86_64
167 | libattr-2.5.1-3.el9.x86_64
168 | libbasicobjects-0.1.1-53.el9.x86_64
169 | libblkid-2.37.4-21.el9.x86_64
170 | libblockdev-2.28-13.el9.x86_64
171 | libblockdev-crypto-2.28-13.el9.x86_64
172 | libblockdev-fs-2.28-13.el9.x86_64
173 | libblockdev-loop-2.28-13.el9.x86_64
174 | libblockdev-mdraid-2.28-13.el9.x86_64
175 | libblockdev-part-2.28-13.el9.x86_64
176 | libblockdev-swap-2.28-13.el9.x86_64
177 | libblockdev-utils-2.28-13.el9.x86_64
178 | libbpf-1.5.0-1.el9.x86_64
179 | libbrotli-1.0.9-7.el9.x86_64
180 | libbytesize-2.5-3.el9.x86_64
181 | libcap-2.48-9.el9.x86_64
182 | libcap-ng-0.8.2-7.el9.x86_64
183 | libcap-ng-python3-0.8.2-7.el9.x86_64
184 | libcbor-0.7.0-5.el9.x86_64
185 | libcollection-0.7.0-53.el9.x86_64
186 | libcom_err-1.46.5-7.el9.x86_64
187 | libcomps-0.1.18-1.el9.x86_64
188 | libcurl-7.76.1-31.el9.x86_64
189 | libdaemon-0.14-23.el9.x86_64
190 | libdb-5.3.28-57.el9.x86_64
191 | libdhash-0.5.0-53.el9.x86_64
192 | libdnf-0.69.0-14.el9.x86_64
193 | libeconf-0.4.1-4.el9.x86_64
194 | libedit-3.1-38.20210216cvs.el9.x86_64
195 | libestr-0.1.11-4.el9.x86_64
196 | libevent-2.1.12-8.el9.x86_64
197 | libfastjson-0.99.9-5.el9.x86_64
198 | libfdisk-2.37.4-21.el9.x86_64
199 | libffi-3.4.2-8.el9.x86_64
200 | libfido2-1.13.0-2.el9.x86_64
201 | libgcc-11.5.0-5.el9.x86_64
202 | libgcrypt-1.10.0-11.el9.x86_64
203 | libgomp-11.5.0-5.el9.x86_64
204 | libgpg-error-1.42-5.el9.x86_64
205 | libgudev-237-1.el9.x86_64
206 | libgusb-0.3.8-2.el9.x86_64
207 | libidn2-2.3.0-7.el9.x86_64
208 | libini_config-1.3.1-53.el9.x86_64
209 | libjcat-0.1.6-3.el9.x86_64
210 | libkcapi-1.4.0-2.el9.x86_64
211 | libkcapi-hmaccalc-1.4.0-2.el9.x86_64
212 | libksba-1.5.1-7.el9.x86_64
213 | libldb-4.21.3-3.el9.x86_64
214 | libmaxminddb-1.5.2-4.el9.x86_64
215 | libmnl-1.0.4-16.el9.x86_64
216 | libmodulemd-2.13.0-2.el9.x86_64
217 | libmount-2.37.4-21.el9.x86_64
218 | libndp-1.9-1.el9.x86_64
219 | libnetfilter_conntrack-1.0.9-1.el9.x86_64
220 | libnfnetlink-1.0.1-23.el9.x86_64
221 | libnftnl-1.2.6-4.el9.x86_64
222 | libnghttp2-1.43.0-6.el9.x86_64
223 | libnl3-3.11.0-1.el9.x86_64
224 | libnl3-cli-3.11.0-1.el9.x86_64
225 | libnsl-2.34-192.el9.x86_64
226 | libnvme-1.13-1.el9.x86_64
227 | libpath_utils-0.2.1-53.el9.x86_64
228 | libpipeline-1.5.3-4.el9.x86_64
229 | libpsl-0.21.1-5.el9.x86_64
230 | libpwquality-1.4.4-8.el9.x86_64
231 | libref_array-0.1.5-53.el9.x86_64
232 | librepo-1.14.5-2.el9.x86_64
233 | libreport-filesystem-2.15.2-6.el9.noarch
234 | libseccomp-2.5.2-2.el9.x86_64
235 | libselinux-3.6-3.el9.x86_64
236 | libselinux-utils-3.6-3.el9.x86_64
237 | libsemanage-3.6-5.el9.x86_64
238 | libsepol-3.6-3.el9.x86_64
239 | libsigsegv-2.13-4.el9.x86_64
240 | libsmartcols-2.37.4-21.el9.x86_64
241 | libsolv-0.7.24-3.el9.x86_64
242 | libss-1.46.5-7.el9.x86_64
243 | libssh-0.10.4-13.el9.x86_64
244 | libssh-config-0.10.4-13.el9.noarch
245 | libsss_certmap-2.9.6-4.el9.2.x86_64
246 | libsss_idmap-2.9.6-4.el9.2.x86_64
247 | libsss_nss_idmap-2.9.6-4.el9.2.x86_64
248 | libsss_sudo-2.9.6-4.el9.2.x86_64
249 | libstdc++-11.5.0-5.el9.x86_64
250 | libsysfs-2.1.1-10.el9.x86_64
251 | libtalloc-2.4.2-1.el9.x86_64
252 | libtasn1-4.16.0-9.el9.x86_64
253 | libtdb-1.4.12-1.el9.x86_64
254 | libteam-1.31-16.el9.x86_64
255 | libtevent-0.16.1-1.el9.x86_64
256 | libtool-ltdl-2.4.6-46.el9.x86_64
257 | libudisks2-2.9.4-11.el9.x86_64
258 | libunistring-0.9.10-15.el9.x86_64
259 | libusbx-1.0.26-1.el9.x86_64
260 | libuser-0.63-16.el9.x86_64
261 | libutempter-1.2.1-6.el9.x86_64
262 | libuuid-2.37.4-21.el9.x86_64
263 | libverto-0.3.2-3.el9.x86_64
264 | libxcrypt-4.4.18-3.el9.x86_64
265 | libxcrypt-compat-4.4.18-3.el9.x86_64
266 | libxml2-2.9.13-9.el9.x86_64
267 | libxmlb-0.3.10-1.el9.x86_64
268 | libyaml-0.2.5-7.el9.x86_64
269 | libzstd-1.5.5-1.el9.x86_64
270 | linux-firmware-20250513-152.el9.noarch
271 | linux-firmware-whence-20250513-152.el9.noarch
272 | lmdb-libs-0.9.29-3.el9.x86_64
273 | logrotate-3.18.0-9.el9.x86_64
274 | lshw-B.02.20-1.el9.x86_64
275 | lsscsi-0.32-6.el9.x86_64
276 | lua-libs-5.4.4-4.el9.x86_64
277 | lvm2-2.03.28-6.el9.x86_64
278 | lvm2-libs-2.03.28-6.el9.x86_64
279 | lz4-libs-1.9.3-5.el9.x86_64
280 | lzo-2.10-7.el9.x86_64
281 | man-db-2.9.3-7.el9.x86_64
282 | mdadm-4.3-4.el9.x86_64
283 | microcode_ctl-20250211-1.el9.noarch
284 | mokutil-0.7.2-1.el9.x86_64
285 | mpfr-4.1.0-7.el9.x86_64
286 | ncurses-6.2-10.20210508.el9.x86_64
287 | ncurses-base-6.2-10.20210508.el9.noarch
288 | ncurses-libs-6.2-10.20210508.el9.x86_64
289 | nettle-3.10.1-1.el9.x86_64
290 | newt-0.52.21-11.el9.x86_64
291 | nftables-1.0.9-3.el9.x86_64
292 | npth-1.6-8.el9.x86_64
293 | nspr-4.35.0-17.el9.x86_64
294 | nss-3.101.0-10.el9.x86_64
295 | nss-softokn-3.101.0-10.el9.x86_64
296 | nss-softokn-freebl-3.101.0-10.el9.x86_64
297 | nss-sysinit-3.101.0-10.el9.x86_64
298 | nss-util-3.101.0-10.el9.x86_64
299 | numactl-libs-2.0.19-1.el9.x86_64
300 | oniguruma-6.9.6-1.el9.6.x86_64
301 | openldap-2.6.8-4.el9.x86_64
302 | openssh-8.7p1-45.el9.x86_64
303 | openssh-clients-8.7p1-45.el9.x86_64
304 | openssh-server-8.7p1-45.el9.x86_64
305 | openssl-3.5.0-2.el9.x86_64
306 | openssl-libs-3.5.0-2.el9.x86_64
307 | os-prober-1.77-12.el9.x86_64
308 | p11-kit-0.25.3-3.el9.x86_64
309 | p11-kit-trust-0.25.3-3.el9.x86_64
310 | pam-1.5.1-23.el9.x86_64
311 | parted-3.5-3.el9.x86_64
312 | passwd-0.80-12.el9.x86_64
313 | pciutils-libs-3.7.0-7.el9.x86_64
314 | pcre-8.44-4.el9.x86_64
315 | pcre2-10.40-6.el9.x86_64
316 | pcre2-syntax-10.40-6.el9.noarch
317 | pigz-2.5-4.el9.x86_64
318 | policycoreutils-3.6-3.el9.x86_64
319 | polkit-0.117-13.el9.x86_64
320 | polkit-libs-0.117-13.el9.x86_64
321 | polkit-pkla-compat-0.1-21.el9.x86_64
322 | popt-1.18-8.el9.x86_64
323 | prefixdevname-0.1.0-8.el9.x86_64
324 | procps-ng-3.3.17-14.el9.x86_64
325 | psmisc-23.4-3.el9.x86_64
326 | publicsuffix-list-dafsa-20210518-3.el9.noarch
327 | python-unversioned-command-3.9.21-2.el9.noarch
328 | python3-3.9.21-2.el9.x86_64
329 | python3-attrs-20.3.0-7.el9.noarch
330 | python3-audit-3.1.5-7.el9.x86_64
331 | python3-babel-2.9.1-2.el9.noarch
332 | python3-chardet-4.0.0-5.el9.noarch
333 | python3-configobj-5.0.6-25.el9.noarch
334 | python3-dateutil-2.8.1-7.el9.noarch
335 | python3-dbus-1.2.18-2.el9.x86_64
336 | python3-distro-1.5.0-7.el9.noarch
337 | python3-dnf-4.14.0-29.el9.noarch
338 | python3-dnf-plugins-core-4.3.0-21.el9.noarch
339 | python3-firewall-1.3.4-9.el9.noarch
340 | python3-gobject-base-3.40.1-6.el9.x86_64
341 | python3-gobject-base-noarch-3.40.1-6.el9.noarch
342 | python3-gpg-1.15.1-6.el9.x86_64
343 | python3-hawkey-0.69.0-14.el9.x86_64
344 | python3-idna-2.10-7.el9.1.noarch
345 | python3-jinja2-2.11.3-8.el9.noarch
346 | python3-jsonpatch-1.21-16.el9.noarch
347 | python3-jsonpointer-2.0-4.el9.noarch
348 | python3-jsonschema-3.2.0-13.el9.noarch
349 | python3-libcomps-0.1.18-1.el9.x86_64
350 | python3-libdnf-0.69.0-14.el9.x86_64
351 | python3-libs-3.9.21-2.el9.x86_64
352 | python3-libselinux-3.6-3.el9.x86_64
353 | python3-libsemanage-3.6-5.el9.x86_64
354 | python3-markupsafe-1.1.1-12.el9.x86_64
355 | python3-netifaces-0.10.6-15.el9.x86_64
356 | python3-nftables-1.0.9-3.el9.x86_64
357 | python3-oauthlib-3.1.1-5.el9.noarch
358 | python3-pip-21.3.1-1.el9.noarch
359 | python3-pip-wheel-21.3.1-1.el9.noarch
360 | python3-policycoreutils-3.6-3.el9.noarch
361 | python3-prettytable-0.7.2-27.el9.noarch
362 | python3-pyrsistent-0.17.3-8.el9.x86_64
363 | python3-pyserial-3.4-12.el9.noarch
364 | python3-pysocks-1.7.1-12.el9.noarch
365 | python3-pytz-2021.1-5.el9.noarch
366 | python3-pyyaml-5.4.1-6.el9.x86_64
367 | python3-requests-2.25.1-9.el9.noarch
368 | python3-rpm-4.16.1.3-37.el9.x86_64
369 | python3-setools-4.4.4-1.el9.x86_64
370 | python3-setuptools-53.0.0-14.el9.noarch
371 | python3-setuptools-wheel-53.0.0-14.el9.noarch
372 | python3-six-1.15.0-9.el9.noarch
373 | python3-systemd-234-19.el9.x86_64
374 | python3-urllib3-1.26.5-6.el9.noarch
375 | readline-8.1-4.el9.x86_64
376 | rng-tools-6.17-1.el9.x86_64
377 | rootfiles-8.1-34.el9.noarch
378 | rpm-4.16.1.3-37.el9.x86_64
379 | rpm-build-libs-4.16.1.3-37.el9.x86_64
380 | rpm-libs-4.16.1.3-37.el9.x86_64
381 | rpm-plugin-audit-4.16.1.3-37.el9.x86_64
382 | rpm-plugin-selinux-4.16.1.3-37.el9.x86_64
383 | rpm-plugin-systemd-inhibit-4.16.1.3-37.el9.x86_64
384 | rpm-sign-libs-4.16.1.3-37.el9.x86_64
385 | rsyslog-8.2412.0-2.el9.x86_64
386 | rsyslog-logrotate-8.2412.0-2.el9.x86_64
387 | sed-4.8-9.el9.x86_64
388 | selinux-policy-38.1.56-1.el9.noarch
389 | selinux-policy-targeted-38.1.56-1.el9.noarch
390 | setup-2.13.7-10.el9.noarch
391 | sg3_utils-1.47-10.el9.x86_64
392 | sg3_utils-libs-1.47-10.el9.x86_64
393 | shadow-utils-4.9-12.el9.x86_64
394 | shared-mime-info-2.1-5.el9.x86_64
395 | shim-x64-15-15.el8_2.x86_64
396 | slang-2.3.2-11.el9.x86_64
397 | snappy-1.1.8-8.el9.x86_64
398 | spel-dod-certs-5.13-1.el9.noarch
399 | spel-release-9-4.noarch
400 | spel-wcf-certs-5.15-1.el9.noarch
401 | sqlite-libs-3.34.1-7.el9.x86_64
402 | squashfs-tools-4.4-10.git1.el9.x86_64
403 | sssd-client-2.9.6-4.el9.2.x86_64
404 | sssd-common-2.9.6-4.el9.2.x86_64
405 | sssd-kcm-2.9.6-4.el9.2.x86_64
406 | sudo-1.9.5p2-12.el9.x86_64
407 | systemd-252-53.el9.x86_64
408 | systemd-libs-252-53.el9.x86_64
409 | systemd-networkd-253.4-1.el9.x86_64
410 | systemd-pam-252-53.el9.x86_64
411 | systemd-resolved-252-53.el9.x86_64
412 | systemd-rpm-macros-252-53.el9.noarch
413 | systemd-udev-252-53.el9.x86_64
414 | tar-1.34-7.el9.x86_64
415 | teamd-1.31-16.el9.x86_64
416 | tpm2-tss-3.2.3-1.el9.x86_64
417 | tzdata-2025b-1.el9.noarch
418 | udisks2-2.9.4-11.el9.x86_64
419 | unzip-6.0-58.el9.x86_64
420 | userspace-rcu-0.12.1-6.el9.x86_64
421 | util-linux-2.37.4-21.el9.x86_64
422 | util-linux-core-2.37.4-21.el9.x86_64
423 | vim-minimal-8.2.2637-22.el9.x86_64
424 | volume_key-libs-0.3.12-16.el9.x86_64
425 | which-2.21-29.el9.x86_64
426 | xfsprogs-6.4.0-7.el9.x86_64
427 | xz-5.2.5-8.el9.x86_64
428 | xz-libs-5.2.5-8.el9.x86_64
429 | yum-4.14.0-29.el9.noarch
430 | yum-utils-4.3.0-21.el9.noarch
431 | zlib-1.2.11-41.el9.x86_64
432 | 


--------------------------------------------------------------------------------
/manifests/spel-minimal-ol-8-hvm.amazon-ebssurrogate.manifest.txt:
--------------------------------------------------------------------------------
  1 | Oracle Linux Server 8.10
  2 | aws-cli/2.27.21 Python/3.13.3 Linux/5.15.0-204.147.6.2.el8uek.x86_64 exe/x86_64.oracle.8
  3 | aws-cfn-bootstrap (2.0)
  4 | NetworkManager-1.40.16-19.0.1.el8_10.x86_64
  5 | NetworkManager-libnm-1.40.16-19.0.1.el8_10.x86_64
  6 | NetworkManager-team-1.40.16-19.0.1.el8_10.x86_64
  7 | NetworkManager-tui-1.40.16-19.0.1.el8_10.x86_64
  8 | acl-2.2.53-3.el8.x86_64
  9 | acpid-2.0.30-2.el8.x86_64
 10 | amazon-ec2-net-utils-2.5.4-1.el8.0.1.x86_64
 11 | amazon-ssm-agent-3.3.2299.0-1.x86_64
 12 | audit-3.1.2-1.0.1.el8.x86_64
 13 | audit-libs-3.1.2-1.0.1.el8.x86_64
 14 | authselect-1.2.6-2.el8.x86_64
 15 | authselect-libs-1.2.6-2.el8.x86_64
 16 | basesystem-11-5.el8.noarch
 17 | bash-4.4.20-5.el8.x86_64
 18 | bcache-tools-1.0.8-3.101.0.3.el8.x86_64
 19 | bind-export-libs-9.11.36-16.el8_10.4.x86_64
 20 | brotli-1.0.6-3.el8.x86_64
 21 | btrfs-progs-5.15.1-1.el8.x86_64
 22 | bubblewrap-0.4.0-2.el8_10.x86_64
 23 | bzip2-libs-1.0.6-28.el8_10.x86_64
 24 | c-ares-1.13.0-11.el8_10.x86_64
 25 | ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.noarch
 26 | checkpolicy-2.9-1.el8.x86_64
 27 | chkconfig-1.19.2-1.0.2.el8.x86_64
 28 | chrony-4.5-2.0.2.el8_10.x86_64
 29 | cloud-init-23.4-7.0.2.el8_10.9.noarch
 30 | cloud-utils-growpart-0.33-0.el8.noarch
 31 | coreutils-8.30-15.0.1.el8.x86_64
 32 | coreutils-common-8.30-15.0.1.el8.x86_64
 33 | cpio-2.12-11.el8.x86_64
 34 | cracklib-2.9.6-15.el8.x86_64
 35 | cracklib-dicts-2.9.6-15.el8.x86_64
 36 | cronie-1.5.2-10.el8.x86_64
 37 | cronie-anacron-1.5.2-10.el8.x86_64
 38 | crontabs-1.11-17.20190603git.el8.noarch
 39 | crypto-policies-20230731-1.git3177e06.el8.noarch
 40 | crypto-policies-scripts-20230731-1.git3177e06.el8.noarch
 41 | cryptsetup-libs-2.3.7-7.el8.x86_64
 42 | curl-7.61.1-34.el8_10.3.x86_64
 43 | cyrus-sasl-lib-2.1.27-6.el8_5.x86_64
 44 | dbus-1.12.8-26.0.1.el8.x86_64
 45 | dbus-common-1.12.8-26.0.1.el8.noarch
 46 | dbus-daemon-1.12.8-26.0.1.el8.x86_64
 47 | dbus-glib-0.110-2.el8.x86_64
 48 | dbus-libs-1.12.8-26.0.1.el8.x86_64
 49 | dbus-tools-1.12.8-26.0.1.el8.x86_64
 50 | device-mapper-1.02.181-15.0.1.el8_10.x86_64
 51 | device-mapper-event-1.02.181-15.0.1.el8_10.x86_64
 52 | device-mapper-event-libs-1.02.181-15.0.1.el8_10.x86_64
 53 | device-mapper-libs-1.02.181-15.0.1.el8_10.x86_64
 54 | device-mapper-multipath-0.8.4-42.el8_10.x86_64
 55 | device-mapper-multipath-libs-0.8.4-42.el8_10.x86_64
 56 | device-mapper-persistent-data-0.9.0-7.el8.x86_64
 57 | dhcp-client-4.3.6-50.el8_10.x86_64
 58 | dhcp-common-4.3.6-50.el8_10.noarch
 59 | dhcp-libs-4.3.6-50.el8_10.x86_64
 60 | diffutils-3.6-6.el8.x86_64
 61 | dmidecode-3.5-1.el8.x86_64
 62 | dnf-4.7.0-21.0.1.el8_10.noarch
 63 | dnf-data-4.7.0-21.0.1.el8_10.noarch
 64 | dnf-plugins-core-4.0.21-25.0.1.el8.noarch
 65 | dosfstools-4.1-6.el8.x86_64
 66 | dracut-049-233.git20240115.0.2.el8.x86_64
 67 | dracut-config-generic-049-233.git20240115.0.2.el8.x86_64
 68 | dracut-config-rescue-049-233.git20240115.0.2.el8.x86_64
 69 | dracut-network-049-233.git20240115.0.2.el8.x86_64
 70 | dracut-squash-049-233.git20240115.0.2.el8.x86_64
 71 | e2fsprogs-1.46.2-2.el8.x86_64
 72 | e2fsprogs-libs-1.46.2-2.el8.x86_64
 73 | ec2-hibinit-agent-1.0.8-0.el8.x86_64
 74 | ec2-instance-connect-1.1-19.el8.noarch
 75 | ec2-instance-connect-selinux-1.1-19.amzn2023.x86_64
 76 | ec2-utils-2.2.0-1.el8.0.2.x86_64
 77 | efi-filesystem-3-3.0.1.el8.noarch
 78 | efibootmgr-16-1.0.1.el8.x86_64
 79 | efivar-libs-37-4.el8.x86_64
 80 | elfutils-debuginfod-client-0.190-2.el8.x86_64
 81 | elfutils-default-yama-scope-0.190-2.el8.noarch
 82 | elfutils-libelf-0.190-2.el8.x86_64
 83 | elfutils-libs-0.190-2.el8.x86_64
 84 | epel-release-8-22.el8.noarch
 85 | ethtool-5.13-2.el8.x86_64
 86 | expat-2.2.5-17.0.1.el8_10.x86_64
 87 | file-5.33-26.el8.x86_64
 88 | file-libs-5.33-26.el8.x86_64
 89 | filesystem-3.8-6.el8.x86_64
 90 | findutils-4.6.0-23.el8_10.x86_64
 91 | firewalld-0.9.11-10.0.1.el8_10.noarch
 92 | firewalld-filesystem-0.9.11-10.0.1.el8_10.noarch
 93 | freetype-2.9.1-10.el8_10.x86_64
 94 | fuse-libs-2.9.7-19.0.1.el8.x86_64
 95 | fwupd-1.7.8-2.0.1.el8.x86_64
 96 | gawk-4.2.1-4.el8.x86_64
 97 | gdbm-1.18-2.el8.x86_64
 98 | gdbm-libs-1.18-2.el8.x86_64
 99 | gdisk-1.0.3-11.el8.x86_64
100 | geolite2-city-20180605-1.el8.noarch
101 | geolite2-country-20180605-1.el8.noarch
102 | gettext-0.19.8.1-17.el8.x86_64
103 | gettext-libs-0.19.8.1-17.el8.x86_64
104 | glib2-2.56.4-165.el8_10.x86_64
105 | glibc-2.28-251.0.3.el8_10.16.x86_64
106 | glibc-all-langpacks-2.28-251.0.3.el8_10.16.x86_64
107 | glibc-common-2.28-251.0.3.el8_10.16.x86_64
108 | glibc-gconv-extra-2.28-251.0.3.el8_10.16.x86_64
109 | gmp-6.1.2-11.el8.x86_64
110 | gnupg2-2.2.20-3.el8_6.x86_64
111 | gnupg2-smime-2.2.20-3.el8_6.x86_64
112 | gnutls-3.6.16-8.el8_10.3.x86_64
113 | gobject-introspection-1.56.1-1.el8.x86_64
114 | gpg-pubkey-2f86d6a1-5cf7cefb
115 | gpg-pubkey-ad986da3-5cabf60d
116 | gpg-pubkey-e96e3db7-6196a254
117 | gpgme-1.13.1-12.el8.x86_64
118 | grep-3.1-6.el8.x86_64
119 | groff-base-1.22.3-18.el8.x86_64
120 | grub2-common-2.02-165.0.1.el8_10.noarch
121 | grub2-efi-x64-2.02-165.0.1.el8_10.x86_64
122 | grub2-efi-x64-modules-2.02-165.0.1.el8_10.noarch
123 | grub2-pc-2.02-165.0.1.el8_10.x86_64
124 | grub2-pc-modules-2.02-165.0.1.el8_10.noarch
125 | grub2-tools-2.02-165.0.1.el8_10.x86_64
126 | grub2-tools-efi-2.02-165.0.1.el8_10.x86_64
127 | grub2-tools-extra-2.02-165.0.1.el8_10.x86_64
128 | grub2-tools-minimal-2.02-165.0.1.el8_10.x86_64
129 | grubby-8.40-49.0.2.el8.x86_64
130 | gzip-1.9-13.el8_5.x86_64
131 | hardlink-1.3-6.el8.x86_64
132 | hdparm-9.54-4.el8.x86_64
133 | hostname-3.20-6.el8.x86_64
134 | hwdata-0.314-8.22.el8.noarch
135 | ima-evm-utils-1.3.2-12.el8.x86_64
136 | info-6.5-7.el8.x86_64
137 | initscripts-10.00.18-1.0.2.el8.x86_64
138 | ipcalc-0.2.4-4.el8.x86_64
139 | iproute-6.8.0-2.el8_10.x86_64
140 | ipset-7.1-1.el8.x86_64
141 | ipset-libs-7.1-1.el8.x86_64
142 | iptables-1.8.5-11.0.1.el8_9.x86_64
143 | iptables-ebtables-1.8.5-11.0.1.el8_9.x86_64
144 | iptables-libs-1.8.5-11.0.1.el8_9.x86_64
145 | iputils-20180629-11.el8.x86_64
146 | irqbalance-1.9.2-1.el8.x86_64
147 | jansson-2.14-1.el8.x86_64
148 | json-c-0.13.1-3.el8.x86_64
149 | json-glib-1.4.4-1.el8.x86_64
150 | kbd-2.0.4-11.el8.x86_64
151 | kbd-legacy-2.0.4-11.el8.noarch
152 | kbd-misc-2.0.4-11.el8.noarch
153 | kernel-4.18.0-553.53.1.el8_10.x86_64
154 | kernel-core-4.18.0-553.53.1.el8_10.x86_64
155 | kernel-modules-4.18.0-553.53.1.el8_10.x86_64
156 | kernel-tools-4.18.0-553.53.1.el8_10.x86_64
157 | kernel-tools-libs-4.18.0-553.53.1.el8_10.x86_64
158 | kexec-tools-2.0.28-1.0.9.el8_10.x86_64
159 | keyutils-libs-1.5.10-9.0.1.el8.x86_64
160 | kmod-25-20.0.1.el8.x86_64
161 | kmod-libs-25-20.0.1.el8.x86_64
162 | kpartx-0.8.4-42.el8_10.x86_64
163 | krb5-libs-1.18.2-31.0.1.el8_10.x86_64
164 | less-530-3.el8_10.x86_64
165 | libacl-2.2.53-3.el8.x86_64
166 | libaio-0.3.112-1.el8.x86_64
167 | libarchive-3.3.3-5.el8.x86_64
168 | libassuan-2.5.1-3.el8.x86_64
169 | libatasmart-0.19-14.el8.x86_64
170 | libattr-2.4.48-3.el8.x86_64
171 | libbasicobjects-0.1.1-40.el8.x86_64
172 | libblkid-2.32.1-46.0.1.el8.x86_64
173 | libblockdev-2.28-6.0.1.el8.x86_64
174 | libblockdev-crypto-2.28-6.0.1.el8.x86_64
175 | libblockdev-fs-2.28-6.0.1.el8.x86_64
176 | libblockdev-loop-2.28-6.0.1.el8.x86_64
177 | libblockdev-mdraid-2.28-6.0.1.el8.x86_64
178 | libblockdev-part-2.28-6.0.1.el8.x86_64
179 | libblockdev-swap-2.28-6.0.1.el8.x86_64
180 | libblockdev-utils-2.28-6.0.1.el8.x86_64
181 | libbpf-0.5.0-1.el8.x86_64
182 | libbytesize-1.4-3.el8.x86_64
183 | libcap-2.48-6.el8_9.x86_64
184 | libcap-ng-0.7.11-1.el8.x86_64
185 | libcollection-0.7.0-40.el8.x86_64
186 | libcom_err-1.46.2-2.el8.x86_64
187 | libcomps-0.1.18-1.el8.x86_64
188 | libcroco-0.6.12-4.el8_2.1.x86_64
189 | libcurl-7.61.1-34.el8_10.3.x86_64
190 | libdaemon-0.14-15.el8.x86_64
191 | libdb-5.3.28-42.0.1.el8_4.x86_64
192 | libdb-utils-5.3.28-42.0.1.el8_4.x86_64
193 | libdhash-0.5.0-40.el8.x86_64
194 | libdnf-0.63.0-21.0.1.el8_10.x86_64
195 | libedit-3.1-23.20170329cvs.el8.x86_64
196 | libestr-0.1.10-3.el8.x86_64
197 | libevent-2.1.8-5.el8.x86_64
198 | libfastjson-0.99.9-2.el8.x86_64
199 | libfdisk-2.32.1-46.0.1.el8.x86_64
200 | libffi-3.1-24.el8.x86_64
201 | libgcab1-1.1-1.el8.x86_64
202 | libgcc-8.5.0-26.0.1.el8_10.x86_64
203 | libgcrypt-1.8.5-7.el8_6.x86_64
204 | libgomp-8.5.0-26.0.1.el8_10.x86_64
205 | libgpg-error-1.31-1.el8.x86_64
206 | libgudev-232-4.el8.x86_64
207 | libgusb-0.3.0-1.el8.x86_64
208 | libibverbs-48.0-1.el8.x86_64
209 | libidn2-2.2.0-1.el8.x86_64
210 | libini_config-1.3.1-40.el8.x86_64
211 | libkcapi-1.4.0-2.0.1.el8.x86_64
212 | libkcapi-hmaccalc-1.4.0-2.0.1.el8.x86_64
213 | libksba-1.3.5-9.el8_7.x86_64
214 | libldb-2.8.0-1.el8_10.x86_64
215 | libmaxminddb-1.2.0-10.el8_9.1.x86_64
216 | libmnl-1.0.4-6.el8.x86_64
217 | libmodulemd-2.13.0-1.el8.x86_64
218 | libmount-2.32.1-46.0.1.el8.x86_64
219 | libndp-1.7-7.el8_10.x86_64
220 | libnetfilter_conntrack-1.0.6-5.el8.x86_64
221 | libnfnetlink-1.0.1-13.el8.x86_64
222 | libnfsidmap-2.3.3-59.0.3.el8.x86_64
223 | libnftnl-1.2.2-3.el8.x86_64
224 | libnghttp2-1.33.0-6.el8_10.1.x86_64
225 | libnl3-3.7.0-1.el8.x86_64
226 | libnl3-cli-3.7.0-1.el8.x86_64
227 | libnsl-2.28-251.0.3.el8_10.16.x86_64
228 | libnsl2-1.2.0-2.20180605git4a062cf.el8.x86_64
229 | libpath_utils-0.2.1-40.el8.x86_64
230 | libpcap-1.9.1-5.el8.x86_64
231 | libpipeline-1.5.0-2.el8.x86_64
232 | libpng-1.6.34-5.el8.x86_64
233 | libpsl-0.20.2-6.el8.x86_64
234 | libpwquality-1.4.4-6.el8.x86_64
235 | libref_array-0.1.5-40.el8.x86_64
236 | librepo-1.14.2-5.el8.x86_64
237 | libreport-filesystem-2.9.5-15.0.4.el8.x86_64
238 | libseccomp-2.5.2-1.el8.x86_64
239 | libsecret-0.18.6-1.el8.x86_64
240 | libselinux-2.9-10.el8_10.x86_64
241 | libselinux-utils-2.9-10.el8_10.x86_64
242 | libsemanage-2.9-11.el8_10.x86_64
243 | libsepol-2.9-3.el8.x86_64
244 | libsigsegv-2.11-5.el8.x86_64
245 | libsmartcols-2.32.1-46.0.1.el8.x86_64
246 | libsmbios-2.4.1-2.el8.x86_64
247 | libsolv-0.7.20-6.el8.x86_64
248 | libss-1.46.2-2.el8.x86_64
249 | libssh-0.9.6-14.el8.x86_64
250 | libssh-config-0.9.6-14.el8.noarch
251 | libsss_autofs-2.9.4-5.0.2.el8_10.1.x86_64
252 | libsss_certmap-2.9.4-5.0.2.el8_10.1.x86_64
253 | libsss_idmap-2.9.4-5.0.2.el8_10.1.x86_64
254 | libsss_nss_idmap-2.9.4-5.0.2.el8_10.1.x86_64
255 | libsss_sudo-2.9.4-5.0.2.el8_10.1.x86_64
256 | libstdc++-8.5.0-26.0.1.el8_10.x86_64
257 | libsysfs-2.1.0-25.el8.x86_64
258 | libtalloc-2.4.1-0.el8.x86_64
259 | libtasn1-4.13-5.el8_10.x86_64
260 | libtdb-1.4.9-0.el8.x86_64
261 | libteam-1.31-4.el8.x86_64
262 | libtevent-0.16.0-0.el8.x86_64
263 | libtirpc-1.1.4-12.el8_10.x86_64
264 | libudisks2-2.9.0-16.el8.x86_64
265 | libunistring-0.9.9-3.el8.x86_64
266 | libusbx-1.0.23-4.el8.x86_64
267 | libuser-0.62-26.el8_10.x86_64
268 | libutempter-1.1.6-14.el8.x86_64
269 | libuuid-2.32.1-46.0.1.el8.x86_64
270 | libverto-0.3.2-2.el8.x86_64
271 | libxcrypt-4.1.1-6.el8.x86_64
272 | libxkbcommon-0.9.1-1.el8.x86_64
273 | libxml2-2.9.7-19.el8_10.x86_64
274 | libxmlb-0.1.15-1.el8.x86_64
275 | libyaml-0.1.7-5.el8.x86_64
276 | libzstd-1.4.4-1.0.1.el8.x86_64
277 | linux-firmware-20250423-999.40.git32f3227b.el8.noarch
278 | linux-firmware-core-20250423-999.40.git32f3227b.el8.noarch
279 | lmdb-libs-0.9.24-2.el8.x86_64
280 | logrotate-3.14.0-6.el8.x86_64
281 | lshw-B.02.19.2-6.el8.x86_64
282 | lsscsi-0.32-3.el8.x86_64
283 | lua-libs-5.3.4-12.el8.x86_64
284 | lvm2-2.03.14-15.0.1.el8_10.x86_64
285 | lvm2-libs-2.03.14-15.0.1.el8_10.x86_64
286 | lz4-libs-1.8.3-3.el8_4.x86_64
287 | lzo-2.08-14.el8.x86_64
288 | man-db-2.7.6.1-18.el8.x86_64
289 | mdadm-4.2-16.0.2.el8_10.x86_64
290 | memstrack-0.2.5-2.el8.x86_64
291 | microcode_ctl-20250211-1.0.1.el8_10.x86_64
292 | mokutil-0.6.0-1.0.2.el8.x86_64
293 | mozjs60-60.9.0-4.0.2.el8.x86_64
294 | mpfr-3.1.6-1.el8.x86_64
295 | ncurses-6.1-10.20180224.el8.x86_64
296 | ncurses-base-6.1-10.20180224.el8.noarch
297 | ncurses-libs-6.1-10.20180224.el8.x86_64
298 | nettle-3.4.1-7.el8.x86_64
299 | newt-0.52.20-11.el8.x86_64
300 | nftables-1.0.4-7.el8_10.x86_64
301 | npth-1.5-4.el8.x86_64
302 | nspr-4.35.0-1.el8_8.x86_64
303 | nss-3.101.0-11.el8_8.x86_64
304 | nss-softokn-3.101.0-11.el8_8.x86_64
305 | nss-softokn-freebl-3.101.0-11.el8_8.x86_64
306 | nss-sysinit-3.101.0-11.el8_8.x86_64
307 | nss-util-3.101.0-11.el8_8.x86_64
308 | numactl-libs-2.0.16-4.el8.x86_64
309 | nvme-cli-1.16-9.el8.x86_64
310 | nvmetcli-0.7-5.0.1.el8.noarch
311 | openldap-2.4.46-21.el8_10.x86_64
312 | openssh-8.0p1-25.0.1.el8_10.x86_64
313 | openssh-clients-8.0p1-25.0.1.el8_10.x86_64
314 | openssh-server-8.0p1-25.0.1.el8_10.x86_64
315 | openssl-1.1.1k-14.el8_6.x86_64
316 | openssl-libs-1.1.1k-14.el8_6.x86_64
317 | openssl-pkcs11-0.4.10-3.el8.x86_64
318 | oraclelinux-release-8.10-1.0.7.el8.x86_64
319 | oraclelinux-release-el8-1.0-38.el8.x86_64
320 | os-prober-1.74-9.0.1.el8.x86_64
321 | p11-kit-0.23.22-2.el8.x86_64
322 | p11-kit-trust-0.23.22-2.el8.x86_64
323 | pam-1.3.1-36.0.1.el8_10.x86_64
324 | parted-3.2-39.0.1.el8.x86_64
325 | passwd-0.80-4.el8.x86_64
326 | pciutils-libs-3.7.0-3.el8.x86_64
327 | pcre-8.42-6.el8.x86_64
328 | pcre2-10.32-3.el8_6.x86_64
329 | pigz-2.4-4.el8.x86_64
330 | pinentry-1.1.0-2.el8.x86_64
331 | platform-python-3.6.8-69.0.1.el8_10.x86_64
332 | platform-python-pip-9.0.3-24.el8.noarch
333 | platform-python-setuptools-39.2.0-8.el8_10.noarch
334 | plymouth-0.9.4-11.20200615git1e36e30.0.1.el8.x86_64
335 | plymouth-core-libs-0.9.4-11.20200615git1e36e30.0.1.el8.x86_64
336 | plymouth-scripts-0.9.4-11.20200615git1e36e30.0.1.el8.x86_64
337 | policycoreutils-2.9-26.0.1.el8_10.x86_64
338 | policycoreutils-python-utils-2.9-26.0.1.el8_10.noarch
339 | polkit-0.115-15.0.1.el8_10.2.x86_64
340 | polkit-libs-0.115-15.0.1.el8_10.2.x86_64
341 | polkit-pkla-compat-0.1-12.el8.x86_64
342 | popt-1.18-1.el8.x86_64
343 | prefixdevname-0.1.0-6.el8.x86_64
344 | procps-ng-3.3.15-14.0.1.el8.x86_64
345 | psmisc-23.1-5.el8.x86_64
346 | publicsuffix-list-dafsa-20180723-1.el8.noarch
347 | python3-audit-3.1.2-1.0.1.el8.x86_64
348 | python3-babel-2.5.1-7.el8.noarch
349 | python3-cffi-1.11.5-6.el8.x86_64
350 | python3-chardet-3.0.4-7.el8.noarch
351 | python3-configobj-5.0.6-11.el8.noarch
352 | python3-configshell-1.1.28-1.0.1.el8.noarch
353 | python3-cryptography-3.2.1-7.0.1.el8_9.x86_64
354 | python3-dateutil-2.6.1-6.el8.noarch
355 | python3-dbus-1.2.4-15.el8.x86_64
356 | python3-decorator-4.2.1-2.el8.noarch
357 | python3-dnf-4.7.0-21.0.1.el8_10.noarch
358 | python3-dnf-plugins-core-4.0.21-25.0.1.el8.noarch
359 | python3-firewall-0.9.11-10.0.1.el8_10.noarch
360 | python3-gobject-base-3.28.3-2.el8.x86_64
361 | python3-gpg-1.13.1-12.el8.x86_64
362 | python3-hawkey-0.63.0-21.0.1.el8_10.x86_64
363 | python3-idna-2.5-7.el8_10.noarch
364 | python3-jinja2-2.10.1-7.el8_10.noarch
365 | python3-jsonpatch-1.21-2.el8.noarch
366 | python3-jsonpointer-1.10-11.el8.noarch
367 | python3-jsonschema-2.6.0-4.el8.noarch
368 | python3-jwt-1.6.1-2.el8.noarch
369 | python3-kmod-0.9-20.el8.x86_64
370 | python3-libcomps-0.1.18-1.el8.x86_64
371 | python3-libdnf-0.63.0-21.0.1.el8_10.x86_64
372 | python3-libs-3.6.8-69.0.1.el8_10.x86_64
373 | python3-libselinux-2.9-10.el8_10.x86_64
374 | python3-libsemanage-2.9-11.el8_10.x86_64
375 | python3-linux-procfs-0.7.3-1.el8.noarch
376 | python3-markupsafe-0.23-19.el8.x86_64
377 | python3-netifaces-0.10.6-4.el8.x86_64
378 | python3-nftables-1.0.4-7.el8_10.x86_64
379 | python3-oauthlib-2.1.0-1.el8.noarch
380 | python3-perf-4.18.0-553.53.1.el8_10.x86_64
381 | python3-pip-9.0.3-24.el8.noarch
382 | python3-pip-wheel-9.0.3-24.el8.noarch
383 | python3-ply-3.9-9.el8.noarch
384 | python3-policycoreutils-2.9-26.0.1.el8_10.noarch
385 | python3-prettytable-0.7.2-14.el8.noarch
386 | python3-pycparser-2.14-14.el8.noarch
387 | python3-pyparsing-2.1.10-7.el8.noarch
388 | python3-pyserial-3.1.1-9.el8.noarch
389 | python3-pysocks-1.6.8-3.el8.noarch
390 | python3-pytz-2017.2-11.0.1.el8.noarch
391 | python3-pyudev-0.21.0-7.el8.noarch
392 | python3-pyyaml-3.12-12.el8.x86_64
393 | python3-requests-2.20.0-5.el8_10.noarch
394 | python3-rpm-4.14.3-32.0.1.el8_10.x86_64
395 | python3-setools-4.3.0-5.el8.x86_64
396 | python3-setuptools-39.2.0-8.el8_10.noarch
397 | python3-setuptools-wheel-39.2.0-8.el8_10.noarch
398 | python3-six-1.11.0-8.el8.noarch
399 | python3-slip-0.6.4-13.el8.noarch
400 | python3-slip-dbus-0.6.4-13.el8.noarch
401 | python3-systemd-234-8.el8.x86_64
402 | python3-unbound-1.16.2-5.8.el8_10.x86_64
403 | python3-urllib3-1.24.2-8.el8_10.noarch
404 | python3-urwid-1.3.1-4.el8.x86_64
405 | python36-3.6.8-39.module+el8.10.0+90473+c30184f9.x86_64
406 | python39-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64
407 | python39-libs-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64
408 | python39-pip-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch
409 | python39-pip-wheel-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch
410 | python39-setuptools-50.3.2-6.module+el8.10.0+90395+b6c4aad1.noarch
411 | python39-setuptools-wheel-50.3.2-6.module+el8.10.0+90395+b6c4aad1.noarch
412 | readline-7.0-10.el8.x86_64
413 | redhat-release-8.10-0.2.0.1.el8.x86_64
414 | rng-tools-6.16-1.el8.x86_64
415 | rootfiles-8.1-22.el8.noarch
416 | rpm-4.14.3-32.0.1.el8_10.x86_64
417 | rpm-build-libs-4.14.3-32.0.1.el8_10.x86_64
418 | rpm-libs-4.14.3-32.0.1.el8_10.x86_64
419 | rpm-plugin-selinux-4.14.3-32.0.1.el8_10.x86_64
420 | rpm-plugin-systemd-inhibit-4.14.3-32.0.1.el8_10.x86_64
421 | rsyslog-8.2102.0-15.el8_10.1.x86_64
422 | sed-4.5-5.el8.x86_64
423 | selinux-policy-3.14.3-139.0.1.el8_10.1.noarch
424 | selinux-policy-targeted-3.14.3-139.0.1.el8_10.1.noarch
425 | setup-2.12.2-9.el8.noarch
426 | sg3_utils-1.44-6.el8.x86_64
427 | sg3_utils-libs-1.44-6.el8.x86_64
428 | shadow-utils-4.6-22.el8.x86_64
429 | shared-mime-info-1.9-4.el8.x86_64
430 | shim-x64-15.8-4.0.2.el8_10.x86_64
431 | slang-2.3.2-3.el8.x86_64
432 | snappy-1.1.8-3.el8.x86_64
433 | spel-dod-certs-5.13-1.el8.noarch
434 | spel-release-8-4.noarch
435 | spel-wcf-certs-5.15-1.el8.noarch
436 | sqlite-libs-3.26.0-19.0.1.el8_9.x86_64
437 | squashfs-tools-4.3-21.el8.x86_64
438 | sssd-client-2.9.4-5.0.2.el8_10.1.x86_64
439 | sssd-common-2.9.4-5.0.2.el8_10.1.x86_64
440 | sssd-kcm-2.9.4-5.0.2.el8_10.1.x86_64
441 | sssd-nfs-idmap-2.9.4-5.0.2.el8_10.1.x86_64
442 | sudo-1.9.5p2-1.0.1.el8_9.x86_64
443 | systemd-239-82.0.3.el8_10.5.x86_64
444 | systemd-libs-239-82.0.3.el8_10.5.x86_64
445 | systemd-networkd-253.4-1.el8.x86_64
446 | systemd-pam-239-82.0.3.el8_10.5.x86_64
447 | systemd-udev-239-82.0.3.el8_10.5.x86_64
448 | tar-1.30-9.el8.x86_64
449 | teamd-1.31-4.el8.x86_64
450 | timedatex-0.5-3.el8.x86_64
451 | tpm2-tss-2.3.2-6.el8.x86_64
452 | trousers-0.3.15-2.el8.x86_64
453 | trousers-lib-0.3.15-2.el8.x86_64
454 | tuned-2.22.1-6.0.1.el8_10.noarch
455 | tzdata-2025b-1.0.1.el8.noarch
456 | udisks2-2.9.0-16.el8.x86_64
457 | unbound-libs-1.16.2-5.8.el8_10.x86_64
458 | unzip-6.0-47.0.1.el8_10.x86_64
459 | userspace-rcu-0.10.1-4.el8.x86_64
460 | util-linux-2.32.1-46.0.1.el8.x86_64
461 | vim-minimal-8.0.1763-19.0.1.el8_6.4.x86_64
462 | virt-what-1.25-4.el8.x86_64
463 | volume_key-libs-0.3.11-6.el8.x86_64
464 | which-2.21-20.el8.x86_64
465 | xfsprogs-5.15.0-1.0.6.el8.x86_64
466 | xkeyboard-config-2.28-1.el8.noarch
467 | xz-5.2.4-4.el8_6.x86_64
468 | xz-libs-5.2.4-4.el8_6.x86_64
469 | yum-4.7.0-21.0.1.el8_10.noarch
470 | yum-utils-4.0.21-25.0.1.el8.noarch
471 | zlib-1.2.11-25.el8.x86_64
472 | 


--------------------------------------------------------------------------------
/manifests/spel-minimal-ol-9-hvm.amazon-ebssurrogate.manifest.txt:
--------------------------------------------------------------------------------
  1 | Oracle Linux Server 9.6
  2 | aws-cli/2.27.21 Python/3.13.3 Linux/5.14.0-362.24.1.0.1.el9_3.x86_64 exe/x86_64.oracle.9
  3 | aws-cfn-bootstrap 2.0
  4 | NetworkManager-1.52.0-1.0.1.el9_6.x86_64
  5 | NetworkManager-libnm-1.52.0-1.0.1.el9_6.x86_64
  6 | NetworkManager-team-1.52.0-1.0.1.el9_6.x86_64
  7 | NetworkManager-tui-1.52.0-1.0.1.el9_6.x86_64
  8 | acl-2.3.1-4.el9.x86_64
  9 | acpid-2.0.32-7.el9.x86_64
 10 | alternatives-1.24-2.0.1.el9.x86_64
 11 | amazon-ec2-net-utils-2.5.4-1.el9.0.1.x86_64
 12 | amazon-ssm-agent-3.3.2299.0-1.x86_64
 13 | attr-2.5.1-3.el9.x86_64
 14 | audit-3.1.5-4.0.1.el9.x86_64
 15 | audit-libs-3.1.5-4.0.1.el9.x86_64
 16 | authselect-1.2.6-3.el9.x86_64
 17 | authselect-libs-1.2.6-3.el9.x86_64
 18 | basesystem-11-13.el9.noarch
 19 | bash-5.1.8-9.el9.x86_64
 20 | bcache-tools-1.0.8-3.101.0.1.el9.x86_64
 21 | binutils-2.35.2-63.0.1.el9.x86_64
 22 | binutils-gold-2.35.2-63.0.1.el9.x86_64
 23 | btrfs-progs-6.12.0-1.el9.x86_64
 24 | bzip2-libs-1.0.8-10.el9_5.x86_64
 25 | c-ares-1.19.1-2.el9_4.x86_64
 26 | ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noarch
 27 | checkpolicy-3.6-1.el9.x86_64
 28 | chrony-4.6.1-1.0.1.el9.x86_64
 29 | cloud-init-24.4-4.0.1.el9.noarch
 30 | cloud-utils-growpart-0.33-1.el9.x86_64
 31 | coreutils-8.32-39.0.1.el9.x86_64
 32 | coreutils-common-8.32-39.0.1.el9.x86_64
 33 | cpio-2.13-16.el9.x86_64
 34 | cracklib-2.9.6-27.el9.x86_64
 35 | cracklib-dicts-2.9.6-27.el9.x86_64
 36 | cronie-1.5.7-13.el9.x86_64
 37 | cronie-anacron-1.5.7-13.el9.x86_64
 38 | crontabs-1.11-27.20190603git.el9_0.noarch
 39 | crypto-policies-20250128-1.git5269e22.el9.noarch
 40 | crypto-policies-scripts-20250128-1.git5269e22.el9.noarch
 41 | cryptsetup-libs-2.7.2-3.el9_5.x86_64
 42 | curl-7.76.1-31.el9.x86_64
 43 | cyrus-sasl-lib-2.1.27-21.el9.x86_64
 44 | dbus-1.12.20-8.0.1.el9.x86_64
 45 | dbus-broker-28-7.el9.x86_64
 46 | dbus-common-1.12.20-8.0.1.el9.noarch
 47 | dbus-libs-1.12.20-8.0.1.el9.x86_64
 48 | device-mapper-1.02.202-6.el9.x86_64
 49 | device-mapper-event-1.02.202-6.el9.x86_64
 50 | device-mapper-event-libs-1.02.202-6.el9.x86_64
 51 | device-mapper-libs-1.02.202-6.el9.x86_64
 52 | device-mapper-persistent-data-1.1.0-1.el9.x86_64
 53 | dhcp-client-4.4.2-19.b1.el9.x86_64
 54 | dhcp-common-4.4.2-19.b1.el9.noarch
 55 | diffutils-3.7-12.el9.x86_64
 56 | dmidecode-3.6-1.el9.x86_64
 57 | dnf-4.14.0-25.0.1.el9.noarch
 58 | dnf-data-4.14.0-25.0.1.el9.noarch
 59 | dnf-plugins-core-4.3.0-20.0.1.el9.noarch
 60 | dosfstools-4.2-3.el9.x86_64
 61 | dracut-057-87.git20250311.0.1.el9_6.x86_64
 62 | dracut-config-generic-057-87.git20250311.0.1.el9_6.x86_64
 63 | dracut-config-rescue-057-87.git20250311.0.1.el9_6.x86_64
 64 | dracut-network-057-87.git20250311.0.1.el9_6.x86_64
 65 | dracut-squash-057-87.git20250311.0.1.el9_6.x86_64
 66 | e2fsprogs-1.46.5-7.el9.x86_64
 67 | e2fsprogs-libs-1.46.5-7.el9.x86_64
 68 | ec2-hibinit-agent-1.0.8-0.el9.x86_64
 69 | ec2-utils-2.2.0-1.el9.0.2.x86_64
 70 | efi-filesystem-6-2.0.1.el9_0.noarch
 71 | efibootmgr-16-12.0.1.el9.x86_64
 72 | efivar-libs-38-3.el9.x86_64
 73 | elfutils-debuginfod-client-0.192-5.el9.x86_64
 74 | elfutils-default-yama-scope-0.192-5.el9.noarch
 75 | elfutils-libelf-0.192-5.el9.x86_64
 76 | elfutils-libs-0.192-5.el9.x86_64
 77 | epel-release-9-10.el9.noarch
 78 | ethtool-6.11-1.el9.x86_64
 79 | expat-2.5.0-5.el9_6.x86_64
 80 | file-5.39-16.el9.x86_64
 81 | file-libs-5.39-16.el9.x86_64
 82 | filesystem-3.16-5.el9.x86_64
 83 | findutils-4.8.0-7.el9.x86_64
 84 | firewalld-1.3.4-9.0.1.el9_5.noarch
 85 | firewalld-filesystem-1.3.4-9.0.1.el9_5.noarch
 86 | flashrom-1.2-10.el9.x86_64
 87 | fuse-libs-2.9.9-17.el9.x86_64
 88 | fwupd-1.9.26-1.0.1.el9.x86_64
 89 | fwupd-plugin-flashrom-1.9.26-1.0.1.el9.x86_64
 90 | gawk-5.1.0-6.el9.x86_64
 91 | gawk-all-langpacks-5.1.0-6.el9.x86_64
 92 | gdbm-libs-1.23-1.el9.x86_64
 93 | gdisk-1.0.7-5.el9.x86_64
 94 | geolite2-city-20191217-6.el9.noarch
 95 | geolite2-country-20191217-6.el9.noarch
 96 | gettext-0.21-8.el9.x86_64
 97 | gettext-libs-0.21-8.el9.x86_64
 98 | glib2-2.68.4-16.el9.x86_64
 99 | glibc-2.34-168.0.1.el9.x86_64
100 | glibc-common-2.34-168.0.1.el9.x86_64
101 | glibc-gconv-extra-2.34-168.0.1.el9.x86_64
102 | glibc-minimal-langpack-2.34-168.0.1.el9.x86_64
103 | gmp-6.2.0-13.el9.x86_64
104 | gnupg2-2.3.3-4.el9.x86_64
105 | gnutls-3.8.3-6.el9.x86_64
106 | gobject-introspection-1.68.0-11.el9.x86_64
107 | gpg-pubkey-3228467c-613798eb
108 | gpg-pubkey-8b4efbe6-629ec292
109 | gpg-pubkey-8d8b756f-629e59ec
110 | gpg-pubkey-e96e3db7-6196a254
111 | gpgme-1.15.1-6.el9.x86_64
112 | grep-3.6-5.el9.x86_64
113 | groff-base-1.22.4-10.el9.x86_64
114 | grub2-common-2.06-104.0.1.el9_6.noarch
115 | grub2-efi-x64-2.06-104.0.1.el9_6.x86_64
116 | grub2-efi-x64-modules-2.06-104.0.1.el9_6.noarch
117 | grub2-pc-2.06-104.0.1.el9_6.x86_64
118 | grub2-pc-modules-2.06-104.0.1.el9_6.noarch
119 | grub2-tools-2.06-104.0.1.el9_6.x86_64
120 | grub2-tools-efi-2.06-104.0.1.el9_6.x86_64
121 | grub2-tools-minimal-2.06-104.0.1.el9_6.x86_64
122 | grubby-8.40-64.0.1.el9.x86_64
123 | gzip-1.12-1.el9.x86_64
124 | hostname-3.23-6.el9.x86_64
125 | hwdata-0.348-9.18.el9.noarch
126 | ima-evm-utils-1.5-3.el9.x86_64
127 | inih-49-6.el9.x86_64
128 | initscripts-rename-device-10.11.8-4.0.1.el9.x86_64
129 | initscripts-service-10.11.8-4.0.1.el9.noarch
130 | ipcalc-1.0.0-5.el9.x86_64
131 | iproute-6.11.0-1.el9.x86_64
132 | iproute-tc-6.11.0-1.el9.x86_64
133 | ipset-7.11-11.el9_5.x86_64
134 | ipset-libs-7.11-11.el9_5.x86_64
135 | iptables-libs-1.8.10-11.el9_5.x86_64
136 | iptables-nft-1.8.10-11.el9_5.x86_64
137 | iputils-20210202-11.0.1.el9.x86_64
138 | irqbalance-1.9.4-2.0.1.el9.x86_64
139 | jansson-2.14-1.el9.x86_64
140 | jitterentropy-3.6.0-1.el9.x86_64
141 | jq-1.6-17.el9.x86_64
142 | json-c-0.14-11.el9.x86_64
143 | json-glib-1.6.6-1.el9.x86_64
144 | kbd-2.4.0-11.el9.x86_64
145 | kbd-legacy-2.4.0-11.el9.noarch
146 | kbd-misc-2.4.0-11.el9.noarch
147 | kernel-5.14.0-570.12.1.0.1.el9_6.x86_64
148 | kernel-core-5.14.0-570.12.1.0.1.el9_6.x86_64
149 | kernel-modules-5.14.0-570.12.1.0.1.el9_6.x86_64
150 | kernel-modules-core-5.14.0-570.12.1.0.1.el9_6.x86_64
151 | kernel-tools-5.14.0-570.12.1.0.1.el9_6.x86_64
152 | kernel-tools-libs-5.14.0-570.12.1.0.1.el9_6.x86_64
153 | kexec-tools-2.0.29-5.0.3.el9.x86_64
154 | keyutils-1.6.3-1.el9.x86_64
155 | keyutils-libs-1.6.3-1.el9.x86_64
156 | kmod-28-10.0.2.el9.x86_64
157 | kmod-libs-28-10.0.2.el9.x86_64
158 | kpartx-0.8.7-35.el9.x86_64
159 | krb5-libs-1.21.1-6.0.1.el9.x86_64
160 | less-590-5.el9.x86_64
161 | libacl-2.3.1-4.el9.x86_64
162 | libaio-0.3.111-13.el9.x86_64
163 | libarchive-3.5.3-4.el9.x86_64
164 | libassuan-2.5.5-3.el9.x86_64
165 | libatasmart-0.19-22.el9.x86_64
166 | libattr-2.5.1-3.el9.x86_64
167 | libbasicobjects-0.1.1-53.el9.x86_64
168 | libblkid-2.37.4-21.0.1.el9.x86_64
169 | libblockdev-2.28-13.0.1.el9_6.x86_64
170 | libblockdev-crypto-2.28-13.0.1.el9_6.x86_64
171 | libblockdev-fs-2.28-13.0.1.el9_6.x86_64
172 | libblockdev-loop-2.28-13.0.1.el9_6.x86_64
173 | libblockdev-mdraid-2.28-13.0.1.el9_6.x86_64
174 | libblockdev-part-2.28-13.0.1.el9_6.x86_64
175 | libblockdev-swap-2.28-13.0.1.el9_6.x86_64
176 | libblockdev-utils-2.28-13.0.1.el9_6.x86_64
177 | libbpf-1.5.0-1.el9.x86_64
178 | libbrotli-1.0.9-7.el9_5.x86_64
179 | libbytesize-2.5-3.el9.x86_64
180 | libcap-2.48-9.el9_2.x86_64
181 | libcap-ng-0.8.2-7.el9.x86_64
182 | libcap-ng-python3-0.8.2-7.el9.x86_64
183 | libcbor-0.7.0-5.el9.x86_64
184 | libcollection-0.7.0-53.el9.x86_64
185 | libcom_err-1.46.5-7.el9.x86_64
186 | libcomps-0.1.18-1.el9.x86_64
187 | libcurl-7.76.1-31.el9.x86_64
188 | libdaemon-0.14-23.el9.x86_64
189 | libdb-5.3.28-55.0.1.el9.x86_64
190 | libdhash-0.5.0-53.el9.x86_64
191 | libdnf-0.69.0-13.0.1.el9.x86_64
192 | libeconf-0.4.1-4.el9.x86_64
193 | libedit-3.1-38.20210216cvs.el9.x86_64
194 | libestr-0.1.11-4.el9.x86_64
195 | libevent-2.1.12-8.el9_4.x86_64
196 | libfastjson-0.99.9-5.el9.x86_64
197 | libfdisk-2.37.4-21.0.1.el9.x86_64
198 | libffi-3.4.2-8.el9.x86_64
199 | libfido2-1.13.0-2.el9.x86_64
200 | libgcc-11.5.0-5.0.1.el9_5.x86_64
201 | libgcrypt-1.10.0-11.el9.x86_64
202 | libgomp-11.5.0-5.0.1.el9_5.x86_64
203 | libgpg-error-1.42-5.el9.x86_64
204 | libgudev-237-1.el9.x86_64
205 | libgusb-0.3.8-2.el9.x86_64
206 | libidn2-2.3.0-7.el9.x86_64
207 | libini_config-1.3.1-53.el9.x86_64
208 | libjcat-0.1.6-3.el9.x86_64
209 | libkcapi-1.4.0-2.0.1.el9.x86_64
210 | libkcapi-hmaccalc-1.4.0-2.0.1.el9.x86_64
211 | libksba-1.5.1-7.el9.x86_64
212 | libldb-4.21.3-3.el9.x86_64
213 | libmaxminddb-1.5.2-4.el9.x86_64
214 | libmnl-1.0.4-16.el9_4.x86_64
215 | libmodulemd-2.13.0-2.el9.x86_64
216 | libmount-2.37.4-21.0.1.el9.x86_64
217 | libndp-1.9-1.el9.x86_64
218 | libnetfilter_conntrack-1.0.9-1.el9.x86_64
219 | libnfnetlink-1.0.1-23.el9_5.x86_64
220 | libnftnl-1.2.6-4.el9_4.x86_64
221 | libnghttp2-1.43.0-6.el9.x86_64
222 | libnl3-3.11.0-1.el9.x86_64
223 | libnl3-cli-3.11.0-1.el9.x86_64
224 | libnsl-2.34-168.0.1.el9.x86_64
225 | libnvme-1.11.1-1.el9.x86_64
226 | libpath_utils-0.2.1-53.el9.x86_64
227 | libpipeline-1.5.3-4.el9.x86_64
228 | libpsl-0.21.1-5.el9.x86_64
229 | libpwquality-1.4.4-8.el9.x86_64
230 | libref_array-0.1.5-53.el9.x86_64
231 | librepo-1.14.5-2.el9.x86_64
232 | libreport-filesystem-2.15.2-6.0.3.el9.noarch
233 | libseccomp-2.5.2-2.el9.x86_64
234 | libsecret-0.20.4-4.el9.x86_64
235 | libselinux-3.6-3.el9.x86_64
236 | libselinux-utils-3.6-3.el9.x86_64
237 | libsemanage-3.6-5.el9_6.x86_64
238 | libsepol-3.6-2.el9.x86_64
239 | libsigsegv-2.13-4.el9.x86_64
240 | libsmartcols-2.37.4-21.0.1.el9.x86_64
241 | libsolv-0.7.24-3.el9.x86_64
242 | libss-1.46.5-7.el9.x86_64
243 | libssh-0.10.4-13.el9.x86_64
244 | libssh-config-0.10.4-13.el9.noarch
245 | libsss_certmap-2.9.6-4.0.1.el9.x86_64
246 | libsss_idmap-2.9.6-4.0.1.el9.x86_64
247 | libsss_nss_idmap-2.9.6-4.0.1.el9.x86_64
248 | libsss_sudo-2.9.6-4.0.1.el9.x86_64
249 | libstdc++-11.5.0-5.0.1.el9_5.x86_64
250 | libsysfs-2.1.1-10.el9.x86_64
251 | libtalloc-2.4.2-1.el9.x86_64
252 | libtasn1-4.16.0-9.el9.x86_64
253 | libtdb-1.4.12-1.el9.x86_64
254 | libteam-1.31-16.el9_1.x86_64
255 | libtevent-0.16.1-1.el9.x86_64
256 | libtool-ltdl-2.4.6-46.el9.x86_64
257 | libudisks2-2.9.4-11.0.1.el9.x86_64
258 | libunistring-0.9.10-15.el9.x86_64
259 | libusbx-1.0.26-1.el9.x86_64
260 | libuser-0.63-16.el9.x86_64
261 | libutempter-1.2.1-6.el9.x86_64
262 | libuuid-2.37.4-21.0.1.el9.x86_64
263 | libverto-0.3.2-3.el9.x86_64
264 | libxcrypt-4.4.18-3.el9.x86_64
265 | libxcrypt-compat-4.4.18-3.el9.x86_64
266 | libxml2-2.9.13-9.el9_6.x86_64
267 | libxmlb-0.3.10-1.el9.x86_64
268 | libyaml-0.2.5-7.el9.x86_64
269 | libzstd-1.5.5-1.el9.x86_64
270 | linux-firmware-20250423-999.40.git32f3227b.el9.noarch
271 | linux-firmware-core-20250423-999.40.git32f3227b.el9.noarch
272 | linux-firmware-whence-20250423-999.40.git32f3227b.el9.noarch
273 | lmdb-libs-0.9.29-3.el9.x86_64
274 | logrotate-3.18.0-9.el9.x86_64
275 | lshw-B.02.20-1.el9.x86_64
276 | lsscsi-0.32-6.el9.x86_64
277 | lua-libs-5.4.4-4.el9.x86_64
278 | lvm2-2.03.28-6.el9.x86_64
279 | lvm2-libs-2.03.28-6.el9.x86_64
280 | lz4-libs-1.9.3-5.el9.x86_64
281 | lzo-2.10-7.el9.x86_64
282 | man-db-2.9.3-7.el9.x86_64
283 | mdadm-4.3-4.0.1.el9_5.x86_64
284 | microcode_ctl-20250211-1.0.1.el9_6.noarch
285 | mokutil-0.6.0-4.el9.x86_64
286 | mpfr-4.1.0-7.el9.x86_64
287 | ncurses-6.2-10.20210508.el9.x86_64
288 | ncurses-base-6.2-10.20210508.el9.noarch
289 | ncurses-libs-6.2-10.20210508.el9.x86_64
290 | nettle-3.10.1-1.el9.x86_64
291 | newt-0.52.21-11.el9.x86_64
292 | nftables-1.0.9-3.el9.x86_64
293 | npth-1.6-8.el9.x86_64
294 | nspr-4.35.0-17.el9_2.x86_64
295 | nss-3.101.0-10.el9_2.x86_64
296 | nss-softokn-3.101.0-10.el9_2.x86_64
297 | nss-softokn-freebl-3.101.0-10.el9_2.x86_64
298 | nss-sysinit-3.101.0-10.el9_2.x86_64
299 | nss-util-3.101.0-10.el9_2.x86_64
300 | numactl-libs-2.0.19-1.el9.x86_64
301 | nvme-cli-2.11-5.el9.x86_64
302 | nvmetcli-0.8-3.0.1.el9.noarch
303 | oniguruma-6.9.6-1.el9.6.x86_64
304 | openldap-2.6.8-4.el9.x86_64
305 | openssh-8.7p1-45.0.2.el9.x86_64
306 | openssh-clients-8.7p1-45.0.2.el9.x86_64
307 | openssh-server-8.7p1-45.0.2.el9.x86_64
308 | openssl-3.2.2-6.0.1.el9_5.1.x86_64
309 | openssl-fips-provider-3.0.7-6.0.1.el9_5.x86_64
310 | openssl-fips-provider-so-3.0.7-6.0.1.el9_5.x86_64
311 | openssl-libs-3.2.2-6.0.1.el9_5.1.x86_64
312 | oraclelinux-release-9.6-1.0.7.el9.x86_64
313 | oraclelinux-release-el9-1.0-24.el9.x86_64
314 | os-prober-1.77-12.0.1.el9_5.x86_64
315 | p11-kit-0.25.3-3.el9_5.x86_64
316 | p11-kit-trust-0.25.3-3.el9_5.x86_64
317 | pam-1.5.1-23.0.1.el9.x86_64
318 | parted-3.5-3.el9.x86_64
319 | passwd-0.80-12.el9.x86_64
320 | pciutils-libs-3.7.0-7.el9.x86_64
321 | pcre-8.44-4.el9.x86_64
322 | pcre2-10.40-6.0.1.el9.x86_64
323 | pcre2-syntax-10.40-6.0.1.el9.noarch
324 | pigz-2.8-1.el9.x86_64
325 | pinentry-1.1.1-8.el9.x86_64
326 | policycoreutils-3.6-2.1.el9.x86_64
327 | polkit-0.117-13.0.1.el9.x86_64
328 | polkit-libs-0.117-13.0.1.el9.x86_64
329 | polkit-pkla-compat-0.1-21.el9.x86_64
330 | popt-1.18-8.el9.x86_64
331 | prefixdevname-0.1.0-8.el9.x86_64
332 | procps-ng-3.3.17-14.0.1.el9.x86_64
333 | psmisc-23.4-3.el9.x86_64
334 | publicsuffix-list-dafsa-20210518-3.el9.noarch
335 | python-unversioned-command-3.9.21-2.el9.noarch
336 | python3-3.9.21-2.el9.x86_64
337 | python3-attrs-20.3.0-7.0.1.el9.noarch
338 | python3-audit-3.1.5-4.0.1.el9.x86_64
339 | python3-babel-2.9.1-2.el9.noarch
340 | python3-chardet-4.0.0-5.0.1.el9.noarch
341 | python3-configobj-5.0.6-25.el9.noarch
342 | python3-configshell-1.1.30-1.0.1.el9.noarch
343 | python3-dateutil-2.8.1-7.el9.noarch
344 | python3-dbus-1.2.18-2.el9.x86_64
345 | python3-distro-1.5.0-7.el9.noarch
346 | python3-dnf-4.14.0-25.0.1.el9.noarch
347 | python3-dnf-plugins-core-4.3.0-20.0.1.el9.noarch
348 | python3-firewall-1.3.4-9.0.1.el9_5.noarch
349 | python3-gobject-base-3.40.1-6.el9.x86_64
350 | python3-gobject-base-noarch-3.40.1-6.el9.noarch
351 | python3-gpg-1.15.1-6.el9.x86_64
352 | python3-hawkey-0.69.0-13.0.1.el9.x86_64
353 | python3-idna-2.10-7.0.1.el9_4.1.noarch
354 | python3-jinja2-2.11.3-8.el9_5.noarch
355 | python3-jsonpatch-1.21-16.el9.noarch
356 | python3-jsonpointer-2.0-4.el9.noarch
357 | python3-jsonschema-3.2.0-13.el9.noarch
358 | python3-kmod-0.9-32.el9.x86_64
359 | python3-libcomps-0.1.18-1.el9.x86_64
360 | python3-libdnf-0.69.0-13.0.1.el9.x86_64
361 | python3-libs-3.9.21-2.el9.x86_64
362 | python3-libselinux-3.6-3.el9.x86_64
363 | python3-libsemanage-3.6-5.el9_6.x86_64
364 | python3-markupsafe-1.1.1-12.el9.x86_64
365 | python3-netifaces-0.10.6-15.el9.x86_64
366 | python3-nftables-1.0.9-3.el9.x86_64
367 | python3-oauthlib-3.1.1-5.el9.noarch
368 | python3-pip-21.3.1-1.el9.noarch
369 | python3-pip-wheel-21.3.1-1.el9.noarch
370 | python3-policycoreutils-3.6-2.1.el9.noarch
371 | python3-prettytable-0.7.2-27.el9.noarch
372 | python3-pyparsing-2.4.7-9.el9.noarch
373 | python3-pyrsistent-0.17.3-8.el9.x86_64
374 | python3-pyserial-3.4-12.el9.noarch
375 | python3-pysocks-1.7.1-12.0.1.el9.noarch
376 | python3-pytz-2021.1-5.el9.noarch
377 | python3-pyyaml-5.4.1-6.0.1.el9.x86_64
378 | python3-requests-2.25.1-9.el9.noarch
379 | python3-rpm-4.16.1.3-37.el9.x86_64
380 | python3-setools-4.4.4-1.el9.x86_64
381 | python3-setuptools-53.0.0-13.el9.noarch
382 | python3-setuptools-wheel-53.0.0-13.el9.noarch
383 | python3-six-1.15.0-9.0.1.el9.noarch
384 | python3-systemd-234-19.el9.x86_64
385 | python3-urllib3-1.26.5-6.el9.noarch
386 | python3-urwid-2.1.2-4.el9.x86_64
387 | readline-8.1-4.el9.x86_64
388 | redhat-release-9.6-0.1.0.1.el9.x86_64
389 | rng-tools-6.17-1.el9.x86_64
390 | rootfiles-8.1-34.el9.noarch
391 | rpm-4.16.1.3-37.el9.x86_64
392 | rpm-build-libs-4.16.1.3-37.el9.x86_64
393 | rpm-libs-4.16.1.3-37.el9.x86_64
394 | rpm-plugin-audit-4.16.1.3-37.el9.x86_64
395 | rpm-plugin-selinux-4.16.1.3-37.el9.x86_64
396 | rpm-plugin-systemd-inhibit-4.16.1.3-37.el9.x86_64
397 | rpm-sign-libs-4.16.1.3-37.el9.x86_64
398 | rsyslog-8.2412.0-1.el9.x86_64
399 | rsyslog-logrotate-8.2412.0-1.el9.x86_64
400 | sed-4.8-9.el9.x86_64
401 | selinux-policy-38.1.53-2.0.1.el9.noarch
402 | selinux-policy-targeted-38.1.53-2.0.1.el9.noarch
403 | setup-2.13.7-10.el9.noarch
404 | sg3_utils-1.47-10.el9.x86_64
405 | sg3_utils-libs-1.47-10.el9.x86_64
406 | shadow-utils-4.9-12.el9.x86_64
407 | shared-mime-info-2.1-5.el9.x86_64
408 | shim-x64-15.8-1.0.4.el9_4.x86_64
409 | slang-2.3.2-11.el9.x86_64
410 | snappy-1.1.8-8.el9.x86_64
411 | spel-dod-certs-5.13-1.el9.noarch
412 | spel-release-9-4.noarch
413 | spel-wcf-certs-5.15-1.el9.noarch
414 | sqlite-libs-3.34.1-7.el9_3.x86_64
415 | squashfs-tools-4.4-10.git1.el9.x86_64
416 | sssd-client-2.9.6-4.0.1.el9.x86_64
417 | sssd-common-2.9.6-4.0.1.el9.x86_64
418 | sssd-kcm-2.9.6-4.0.1.el9.x86_64
419 | sudo-1.9.5p2-10.el9_3.x86_64
420 | systemd-252-51.0.1.el9.x86_64
421 | systemd-libs-252-51.0.1.el9.x86_64
422 | systemd-networkd-253.4-1.el9.x86_64
423 | systemd-pam-252-51.0.1.el9.x86_64
424 | systemd-resolved-252-51.0.1.el9.x86_64
425 | systemd-rpm-macros-252-51.0.1.el9.noarch
426 | systemd-udev-252-51.0.1.el9.x86_64
427 | tar-1.34-7.el9.x86_64
428 | teamd-1.31-16.el9_1.x86_64
429 | tpm2-tss-3.2.3-1.el9.x86_64
430 | tzdata-2025b-1.el9.noarch
431 | udisks2-2.9.4-11.0.1.el9.x86_64
432 | unzip-6.0-58.0.1.el9_5.x86_64
433 | userspace-rcu-0.12.1-6.el9.x86_64
434 | util-linux-2.37.4-21.0.1.el9.x86_64
435 | util-linux-core-2.37.4-21.0.1.el9.x86_64
436 | vim-minimal-8.2.2637-22.0.1.el9_6.x86_64
437 | virt-what-1.27-1.el9.x86_64
438 | volume_key-libs-0.3.12-16.el9.x86_64
439 | which-2.21-29.el9.x86_64
440 | xfsprogs-6.12.0-1.0.2.el9.x86_64
441 | xz-5.2.5-8.el9_0.x86_64
442 | xz-libs-5.2.5-8.el9_0.x86_64
443 | yum-4.14.0-25.0.1.el9.noarch
444 | yum-utils-4.3.0-20.0.1.el9.noarch
445 | zlib-1.2.11-40.el9.x86_64
446 | 


--------------------------------------------------------------------------------
/manifests/spel-minimal-rhel-8-hvm.amazon-ebssurrogate.manifest.txt:
--------------------------------------------------------------------------------
  1 | Red Hat Enterprise Linux 8.10 (Ootpa)
  2 | aws-cli/2.27.21 Python/3.13.3 Linux/4.18.0-513.24.1.el8_9.x86_64 exe/x86_64.rhel.8
  3 | aws-cfn-bootstrap (2.0)
  4 | acl-2.2.53-3.el8.x86_64
  5 | acpid-2.0.30-2.el8.x86_64
  6 | amazon-ec2-net-utils-2.5.4-1.el8.0.1.x86_64
  7 | amazon-libdnf-plugin-1.0.3-1.el8.x86_64
  8 | amazon-ssm-agent-3.3.2299.0-1.x86_64
  9 | audit-3.1.2-1.el8.x86_64
 10 | audit-libs-3.1.2-1.el8.x86_64
 11 | authselect-1.2.6-2.el8.x86_64
 12 | authselect-libs-1.2.6-2.el8.x86_64
 13 | basesystem-11-5.el8.noarch
 14 | bash-4.4.20-5.el8.x86_64
 15 | bind-export-libs-9.11.36-16.el8_10.4.x86_64
 16 | brotli-1.0.6-3.el8.x86_64
 17 | bubblewrap-0.4.0-2.el8_10.x86_64
 18 | bzip2-libs-1.0.6-28.el8_10.x86_64
 19 | ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.noarch
 20 | c-ares-1.13.0-11.el8_10.x86_64
 21 | checkpolicy-2.9-1.el8.x86_64
 22 | chkconfig-1.19.2-1.el8.x86_64
 23 | chrony-4.5-2.el8_10.x86_64
 24 | cloud-init-23.4-7.el8_10.9.noarch
 25 | cloud-utils-growpart-0.33-0.el8.noarch
 26 | coreutils-8.30-15.el8.x86_64
 27 | coreutils-common-8.30-15.el8.x86_64
 28 | cpio-2.12-11.el8.x86_64
 29 | cracklib-2.9.6-15.el8.x86_64
 30 | cracklib-dicts-2.9.6-15.el8.x86_64
 31 | cronie-1.5.2-10.el8.x86_64
 32 | cronie-anacron-1.5.2-10.el8.x86_64
 33 | crontabs-1.11-17.20190603git.el8.noarch
 34 | crypto-policies-20230731-1.git3177e06.el8.noarch
 35 | crypto-policies-scripts-20230731-1.git3177e06.el8.noarch
 36 | cryptsetup-libs-2.3.7-7.el8.x86_64
 37 | curl-7.61.1-34.el8_10.3.x86_64
 38 | cyrus-sasl-lib-2.1.27-6.el8_5.x86_64
 39 | dbus-1.12.8-26.el8.x86_64
 40 | dbus-common-1.12.8-26.el8.noarch
 41 | dbus-daemon-1.12.8-26.el8.x86_64
 42 | dbus-glib-0.110-2.el8.x86_64
 43 | dbus-libs-1.12.8-26.el8.x86_64
 44 | dbus-tools-1.12.8-26.el8.x86_64
 45 | device-mapper-1.02.181-15.el8_10.x86_64
 46 | device-mapper-event-1.02.181-15.el8_10.x86_64
 47 | device-mapper-event-libs-1.02.181-15.el8_10.x86_64
 48 | device-mapper-libs-1.02.181-15.el8_10.x86_64
 49 | device-mapper-persistent-data-0.9.0-7.el8.x86_64
 50 | dhcp-client-4.3.6-50.el8_10.x86_64
 51 | dhcp-common-4.3.6-50.el8_10.noarch
 52 | dhcp-libs-4.3.6-50.el8_10.x86_64
 53 | diffutils-3.6-6.el8.x86_64
 54 | dmidecode-3.5-1.el8.x86_64
 55 | dnf-4.7.0-21.el8_10.noarch
 56 | dnf-data-4.7.0-21.el8_10.noarch
 57 | dnf-plugins-core-4.0.21-25.el8.noarch
 58 | dnf-plugin-subscription-manager-1.28.42-1.el8.x86_64
 59 | dosfstools-4.1-6.el8.x86_64
 60 | dracut-049-233.git20240115.el8.x86_64
 61 | dracut-config-generic-049-233.git20240115.el8.x86_64
 62 | dracut-config-rescue-049-233.git20240115.el8.x86_64
 63 | dracut-network-049-233.git20240115.el8.x86_64
 64 | dracut-squash-049-233.git20240115.el8.x86_64
 65 | e2fsprogs-1.45.6-5.el8.x86_64
 66 | e2fsprogs-libs-1.45.6-5.el8.x86_64
 67 | ec2-hibinit-agent-1.0.8-0.el8.x86_64
 68 | ec2-instance-connect-1.1-19.el8.noarch
 69 | ec2-instance-connect-selinux-1.1-19.amzn2023.x86_64
 70 | ec2-utils-2.2.0-1.el8.0.2.x86_64
 71 | efibootmgr-16-1.el8.x86_64
 72 | efi-filesystem-3-3.el8.noarch
 73 | efivar-libs-37-4.el8.x86_64
 74 | elfutils-debuginfod-client-0.190-2.el8.x86_64
 75 | elfutils-default-yama-scope-0.190-2.el8.noarch
 76 | elfutils-libelf-0.190-2.el8.x86_64
 77 | elfutils-libs-0.190-2.el8.x86_64
 78 | epel-release-8-22.el8.noarch
 79 | ethtool-5.13-2.el8.x86_64
 80 | expat-2.2.5-17.el8_10.x86_64
 81 | file-5.33-26.el8.x86_64
 82 | file-libs-5.33-26.el8.x86_64
 83 | filesystem-3.8-6.el8.x86_64
 84 | findutils-4.6.0-23.el8_10.x86_64
 85 | firewalld-0.9.11-10.el8_10.noarch
 86 | firewalld-filesystem-0.9.11-10.el8_10.noarch
 87 | freetype-2.9.1-10.el8_10.x86_64
 88 | fuse-libs-2.9.7-19.el8.x86_64
 89 | fwupd-1.7.8-2.el8.x86_64
 90 | gawk-4.2.1-4.el8.x86_64
 91 | gdbm-1.18-2.el8.x86_64
 92 | gdbm-libs-1.18-2.el8.x86_64
 93 | gdisk-1.0.3-11.el8.x86_64
 94 | geolite2-city-20180605-1.el8.noarch
 95 | geolite2-country-20180605-1.el8.noarch
 96 | gettext-0.19.8.1-17.el8.x86_64
 97 | gettext-libs-0.19.8.1-17.el8.x86_64
 98 | glib2-2.56.4-165.el8_10.x86_64
 99 | glibc-2.28-251.el8_10.16.x86_64
100 | glibc-all-langpacks-2.28-251.el8_10.16.x86_64
101 | glibc-common-2.28-251.el8_10.16.x86_64
102 | glibc-gconv-extra-2.28-251.el8_10.16.x86_64
103 | gmp-6.1.2-11.el8.x86_64
104 | gnupg2-2.2.20-3.el8_6.x86_64
105 | gnupg2-smime-2.2.20-3.el8_6.x86_64
106 | gnutls-3.6.16-8.el8_10.3.x86_64
107 | gobject-introspection-1.56.1-1.el8.x86_64
108 | gpgme-1.13.1-12.el8.x86_64
109 | gpg-pubkey-2f86d6a1-5cf7cefb
110 | gpg-pubkey-d4082792-5b32db75
111 | gpg-pubkey-e96e3db7-6196a254
112 | gpg-pubkey-fd431d51-4ae0493b
113 | grep-3.1-6.el8.x86_64
114 | groff-base-1.22.3-18.el8.x86_64
115 | grub2-common-2.02-165.el8_10.noarch
116 | grub2-efi-x64-2.02-165.el8_10.x86_64
117 | grub2-efi-x64-modules-2.02-165.el8_10.noarch
118 | grub2-pc-2.02-165.el8_10.x86_64
119 | grub2-pc-modules-2.02-165.el8_10.noarch
120 | grub2-tools-2.02-165.el8_10.x86_64
121 | grub2-tools-efi-2.02-165.el8_10.x86_64
122 | grub2-tools-extra-2.02-165.el8_10.x86_64
123 | grub2-tools-minimal-2.02-165.el8_10.x86_64
124 | grubby-8.40-49.el8.x86_64
125 | gzip-1.9-13.el8_5.x86_64
126 | hardlink-1.3-6.el8.x86_64
127 | hdparm-9.54-4.el8.x86_64
128 | hostname-3.20-6.el8.x86_64
129 | hwdata-0.314-8.22.el8.noarch
130 | ima-evm-utils-1.3.2-12.el8.x86_64
131 | info-6.5-7.el8.x86_64
132 | initscripts-10.00.18-1.el8.x86_64
133 | ipcalc-0.2.4-4.el8.x86_64
134 | iproute-6.2.0-6.el8_10.x86_64
135 | ipset-7.1-1.el8.x86_64
136 | ipset-libs-7.1-1.el8.x86_64
137 | iptables-1.8.5-11.el8_9.x86_64
138 | iptables-ebtables-1.8.5-11.el8_9.x86_64
139 | iptables-libs-1.8.5-11.el8_9.x86_64
140 | iputils-20180629-11.el8.x86_64
141 | irqbalance-1.9.2-1.el8.x86_64
142 | jansson-2.14-1.el8.x86_64
143 | json-c-0.13.1-3.el8.x86_64
144 | json-glib-1.4.4-1.el8.x86_64
145 | kbd-2.0.4-11.el8.x86_64
146 | kbd-legacy-2.0.4-11.el8.noarch
147 | kbd-misc-2.0.4-11.el8.noarch
148 | kernel-4.18.0-553.53.1.el8_10.x86_64
149 | kernel-core-4.18.0-553.53.1.el8_10.x86_64
150 | kernel-modules-4.18.0-553.53.1.el8_10.x86_64
151 | kernel-tools-4.18.0-553.53.1.el8_10.x86_64
152 | kernel-tools-libs-4.18.0-553.53.1.el8_10.x86_64
153 | kexec-tools-2.0.26-14.el8_10.2.x86_64
154 | keyutils-libs-1.5.10-9.el8.x86_64
155 | kmod-25-20.el8.x86_64
156 | kmod-libs-25-20.el8.x86_64
157 | kpartx-0.8.4-42.el8_10.x86_64
158 | krb5-libs-1.18.2-31.el8_10.x86_64
159 | less-530-3.el8_10.x86_64
160 | libacl-2.2.53-3.el8.x86_64
161 | libaio-0.3.112-1.el8.x86_64
162 | libarchive-3.3.3-5.el8.x86_64
163 | libassuan-2.5.1-3.el8.x86_64
164 | libatasmart-0.19-14.el8.x86_64
165 | libattr-2.4.48-3.el8.x86_64
166 | libbasicobjects-0.1.1-40.el8.x86_64
167 | libblkid-2.32.1-46.el8.x86_64
168 | libblockdev-2.28-6.el8.x86_64
169 | libblockdev-crypto-2.28-6.el8.x86_64
170 | libblockdev-fs-2.28-6.el8.x86_64
171 | libblockdev-loop-2.28-6.el8.x86_64
172 | libblockdev-mdraid-2.28-6.el8.x86_64
173 | libblockdev-part-2.28-6.el8.x86_64
174 | libblockdev-swap-2.28-6.el8.x86_64
175 | libblockdev-utils-2.28-6.el8.x86_64
176 | libbpf-0.5.0-1.el8.x86_64
177 | libbytesize-1.4-3.el8.x86_64
178 | libcap-2.48-6.el8_9.x86_64
179 | libcap-ng-0.7.11-1.el8.x86_64
180 | libcollection-0.7.0-40.el8.x86_64
181 | libcom_err-1.45.6-5.el8.x86_64
182 | libcomps-0.1.18-1.el8.x86_64
183 | libcroco-0.6.12-4.el8_2.1.x86_64
184 | libcurl-7.61.1-34.el8_10.3.x86_64
185 | libdaemon-0.14-15.el8.x86_64
186 | libdb-5.3.28-42.el8_4.x86_64
187 | libdb-utils-5.3.28-42.el8_4.x86_64
188 | libdhash-0.5.0-40.el8.x86_64
189 | libdnf-0.63.0-21.el8_10.x86_64
190 | libedit-3.1-23.20170329cvs.el8.x86_64
191 | libestr-0.1.10-3.el8.x86_64
192 | libevent-2.1.8-5.el8.x86_64
193 | libfastjson-0.99.9-2.el8.x86_64
194 | libfdisk-2.32.1-46.el8.x86_64
195 | libffi-3.1-24.el8.x86_64
196 | libgcab1-1.1-1.el8.x86_64
197 | libgcc-8.5.0-26.el8_10.x86_64
198 | libgcrypt-1.8.5-7.el8_6.x86_64
199 | libgomp-8.5.0-26.el8_10.x86_64
200 | libgpg-error-1.31-1.el8.x86_64
201 | libgudev-232-4.el8.x86_64
202 | libgusb-0.3.0-1.el8.x86_64
203 | libibverbs-48.0-1.el8.x86_64
204 | libidn2-2.2.0-1.el8.x86_64
205 | libini_config-1.3.1-40.el8.x86_64
206 | libkcapi-1.4.0-2.el8.x86_64
207 | libkcapi-hmaccalc-1.4.0-2.el8.x86_64
208 | libksba-1.3.5-9.el8_7.x86_64
209 | libldb-2.8.0-1.el8_10.x86_64
210 | libmaxminddb-1.2.0-10.el8_9.1.x86_64
211 | libmnl-1.0.4-6.el8.x86_64
212 | libmodulemd-2.13.0-1.el8.x86_64
213 | libmount-2.32.1-46.el8.x86_64
214 | libndp-1.7-7.el8_10.x86_64
215 | libnetfilter_conntrack-1.0.6-5.el8.x86_64
216 | libnfnetlink-1.0.1-13.el8.x86_64
217 | libnfsidmap-2.3.3-59.el8.x86_64
218 | libnftnl-1.2.2-3.el8.x86_64
219 | libnghttp2-1.33.0-6.el8_10.1.x86_64
220 | libnl3-3.7.0-1.el8.x86_64
221 | libnl3-cli-3.7.0-1.el8.x86_64
222 | libnsl2-1.2.0-2.20180605git4a062cf.el8.x86_64
223 | libnsl-2.28-251.el8_10.16.x86_64
224 | libpath_utils-0.2.1-40.el8.x86_64
225 | libpcap-1.9.1-5.el8.x86_64
226 | libpipeline-1.5.0-2.el8.x86_64
227 | libpng-1.6.34-5.el8.x86_64
228 | libpsl-0.20.2-6.el8.x86_64
229 | libpwquality-1.4.4-6.el8.x86_64
230 | libref_array-0.1.5-40.el8.x86_64
231 | librepo-1.14.2-5.el8.x86_64
232 | libreport-filesystem-2.9.5-15.el8.x86_64
233 | librhsm-0.0.3-5.el8.x86_64
234 | libseccomp-2.5.2-1.el8.x86_64
235 | libsecret-0.18.6-1.el8.x86_64
236 | libselinux-2.9-10.el8_10.x86_64
237 | libselinux-utils-2.9-10.el8_10.x86_64
238 | libsemanage-2.9-11.el8_10.x86_64
239 | libsepol-2.9-3.el8.x86_64
240 | libsigsegv-2.11-5.el8.x86_64
241 | libsmartcols-2.32.1-46.el8.x86_64
242 | libsmbios-2.4.1-2.el8.x86_64
243 | libsolv-0.7.20-6.el8.x86_64
244 | libss-1.45.6-5.el8.x86_64
245 | libssh-0.9.6-14.el8.x86_64
246 | libssh-config-0.9.6-14.el8.noarch
247 | libsss_autofs-2.9.4-5.el8_10.1.x86_64
248 | libsss_certmap-2.9.4-5.el8_10.1.x86_64
249 | libsss_idmap-2.9.4-5.el8_10.1.x86_64
250 | libsss_nss_idmap-2.9.4-5.el8_10.1.x86_64
251 | libsss_sudo-2.9.4-5.el8_10.1.x86_64
252 | libstdc++-8.5.0-26.el8_10.x86_64
253 | libsysfs-2.1.0-25.el8.x86_64
254 | libtalloc-2.4.1-0.el8.x86_64
255 | libtasn1-4.13-5.el8_10.x86_64
256 | libtdb-1.4.9-0.el8.x86_64
257 | libteam-1.31-4.el8.x86_64
258 | libtevent-0.16.0-0.el8.x86_64
259 | libtirpc-1.1.4-12.el8_10.x86_64
260 | libudisks2-2.9.0-16.el8.x86_64
261 | libunistring-0.9.9-3.el8.x86_64
262 | libusbx-1.0.23-4.el8.x86_64
263 | libuser-0.62-26.el8_10.x86_64
264 | libutempter-1.1.6-14.el8.x86_64
265 | libuuid-2.32.1-46.el8.x86_64
266 | libverto-0.3.2-2.el8.x86_64
267 | libxcrypt-4.1.1-6.el8.x86_64
268 | libxkbcommon-0.9.1-1.el8.x86_64
269 | libxml2-2.9.7-19.el8_10.x86_64
270 | libxmlb-0.1.15-1.el8.x86_64
271 | libyaml-0.1.7-5.el8.x86_64
272 | libzstd-1.4.4-1.el8.x86_64
273 | linux-firmware-20250325-129.git710a336b.el8_10.noarch
274 | lmdb-libs-0.9.24-2.el8.x86_64
275 | logrotate-3.14.0-6.el8.x86_64
276 | lshw-B.02.19.2-6.el8.x86_64
277 | lsscsi-0.32-3.el8.x86_64
278 | lua-libs-5.3.4-12.el8.x86_64
279 | lvm2-2.03.14-15.el8_10.x86_64
280 | lvm2-libs-2.03.14-15.el8_10.x86_64
281 | lz4-libs-1.8.3-3.el8_4.x86_64
282 | lzo-2.08-14.el8.x86_64
283 | man-db-2.7.6.1-18.el8.x86_64
284 | mdadm-4.2-16.el8_10.x86_64
285 | memstrack-0.2.5-2.el8.x86_64
286 | microcode_ctl-20250211-1.el8_10.x86_64
287 | mokutil-0.3.0-12.el8.x86_64
288 | mozjs60-60.9.0-4.el8.x86_64
289 | mpfr-3.1.6-1.el8.x86_64
290 | ncurses-6.1-10.20180224.el8.x86_64
291 | ncurses-base-6.1-10.20180224.el8.noarch
292 | ncurses-libs-6.1-10.20180224.el8.x86_64
293 | nettle-3.4.1-7.el8.x86_64
294 | NetworkManager-1.40.16-19.el8_10.x86_64
295 | NetworkManager-libnm-1.40.16-19.el8_10.x86_64
296 | NetworkManager-team-1.40.16-19.el8_10.x86_64
297 | NetworkManager-tui-1.40.16-19.el8_10.x86_64
298 | newt-0.52.20-11.el8.x86_64
299 | nftables-1.0.4-7.el8_10.x86_64
300 | npth-1.5-4.el8.x86_64
301 | nspr-4.35.0-1.el8_8.x86_64
302 | nss-3.101.0-11.el8_8.x86_64
303 | nss-softokn-3.101.0-11.el8_8.x86_64
304 | nss-softokn-freebl-3.101.0-11.el8_8.x86_64
305 | nss-sysinit-3.101.0-11.el8_8.x86_64
306 | nss-util-3.101.0-11.el8_8.x86_64
307 | numactl-libs-2.0.16-4.el8.x86_64
308 | openldap-2.4.46-21.el8_10.x86_64
309 | openssh-8.0p1-25.el8_10.x86_64
310 | openssh-clients-8.0p1-25.el8_10.x86_64
311 | openssh-server-8.0p1-25.el8_10.x86_64
312 | openssl-1.1.1k-14.el8_6.x86_64
313 | openssl-libs-1.1.1k-14.el8_6.x86_64
314 | openssl-pkcs11-0.4.10-3.el8.x86_64
315 | os-prober-1.74-9.el8.x86_64
316 | p11-kit-0.23.22-2.el8.x86_64
317 | p11-kit-trust-0.23.22-2.el8.x86_64
318 | pam-1.3.1-36.el8_10.x86_64
319 | parted-3.2-39.el8.x86_64
320 | passwd-0.80-4.el8.x86_64
321 | pciutils-libs-3.7.0-3.el8.x86_64
322 | pcre2-10.32-3.el8_6.x86_64
323 | pcre-8.42-6.el8.x86_64
324 | pigz-2.4-4.el8.x86_64
325 | pinentry-1.1.0-2.el8.x86_64
326 | platform-python-3.6.8-69.el8_10.x86_64
327 | platform-python-pip-9.0.3-24.el8.noarch
328 | platform-python-setuptools-39.2.0-8.el8_10.noarch
329 | plymouth-0.9.4-11.20200615git1e36e30.el8.x86_64
330 | plymouth-core-libs-0.9.4-11.20200615git1e36e30.el8.x86_64
331 | plymouth-scripts-0.9.4-11.20200615git1e36e30.el8.x86_64
332 | policycoreutils-2.9-26.el8_10.x86_64
333 | policycoreutils-python-utils-2.9-26.el8_10.noarch
334 | polkit-0.115-15.el8_10.2.x86_64
335 | polkit-libs-0.115-15.el8_10.2.x86_64
336 | polkit-pkla-compat-0.1-12.el8.x86_64
337 | popt-1.18-1.el8.x86_64
338 | prefixdevname-0.1.0-6.el8.x86_64
339 | procps-ng-3.3.15-14.el8.x86_64
340 | psmisc-23.1-5.el8.x86_64
341 | publicsuffix-list-dafsa-20180723-1.el8.noarch
342 | python36-3.6.8-39.module+el8.10.0+20784+edafcd43.x86_64
343 | python39-3.9.20-1.module+el8.10.0+22342+478c159e.x86_64
344 | python39-libs-3.9.20-1.module+el8.10.0+22342+478c159e.x86_64
345 | python39-pip-20.2.4-9.module+el8.10.0+21329+8d76b841.noarch
346 | python39-pip-wheel-20.2.4-9.module+el8.10.0+21329+8d76b841.noarch
347 | python39-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1.noarch
348 | python39-setuptools-wheel-50.3.2-6.module+el8.10.0+22183+c898c0c1.noarch
349 | python3-audit-3.1.2-1.el8.x86_64
350 | python3-babel-2.5.1-7.el8.noarch
351 | python3-cffi-1.11.5-6.el8.x86_64
352 | python3-chardet-3.0.4-7.el8.noarch
353 | python3-cloud-what-1.28.42-1.el8.x86_64
354 | python3-configobj-5.0.6-11.el8.noarch
355 | python3-cryptography-3.2.1-7.el8_9.x86_64
356 | python3-dateutil-2.6.1-6.el8.noarch
357 | python3-dbus-1.2.4-15.el8.x86_64
358 | python3-decorator-4.2.1-2.el8.noarch
359 | python3-dnf-4.7.0-21.el8_10.noarch
360 | python3-dnf-plugins-core-4.0.21-25.el8.noarch
361 | python3-ethtool-0.14-5.el8.x86_64
362 | python3-firewall-0.9.11-10.el8_10.noarch
363 | python3-gobject-base-3.28.3-2.el8.x86_64
364 | python3-gpg-1.13.1-12.el8.x86_64
365 | python3-hawkey-0.63.0-21.el8_10.x86_64
366 | python3-idna-2.5-7.el8_10.noarch
367 | python3-iniparse-0.4-31.el8.noarch
368 | python3-inotify-0.9.6-13.el8.noarch
369 | python3-jinja2-2.10.1-7.el8_10.noarch
370 | python3-jsonpatch-1.21-2.el8.noarch
371 | python3-jsonpointer-1.10-11.el8.noarch
372 | python3-jsonschema-2.6.0-4.el8.noarch
373 | python3-jwt-1.6.1-2.el8.noarch
374 | python3-libcomps-0.1.18-1.el8.x86_64
375 | python3-libdnf-0.63.0-21.el8_10.x86_64
376 | python3-librepo-1.14.2-5.el8.x86_64
377 | python3-libs-3.6.8-69.el8_10.x86_64
378 | python3-libselinux-2.9-10.el8_10.x86_64
379 | python3-libsemanage-2.9-11.el8_10.x86_64
380 | python3-linux-procfs-0.7.3-1.el8.noarch
381 | python3-markupsafe-0.23-19.el8.x86_64
382 | python3-netifaces-0.10.6-4.el8.x86_64
383 | python3-nftables-1.0.4-7.el8_10.x86_64
384 | python3-oauthlib-2.1.0-1.el8.noarch
385 | python3-perf-4.18.0-553.53.1.el8_10.x86_64
386 | python3-pip-9.0.3-24.el8.noarch
387 | python3-pip-wheel-9.0.3-24.el8.noarch
388 | python3-ply-3.9-9.el8.noarch
389 | python3-policycoreutils-2.9-26.el8_10.noarch
390 | python3-prettytable-0.7.2-14.el8.noarch
391 | python3-pycparser-2.14-14.el8.noarch
392 | python3-pyserial-3.1.1-9.el8.noarch
393 | python3-pysocks-1.6.8-3.el8.noarch
394 | python3-pytz-2017.2-11.el8.noarch
395 | python3-pyudev-0.21.0-7.el8.noarch
396 | python3-pyyaml-3.12-12.el8.x86_64
397 | python3-requests-2.20.0-5.el8_10.noarch
398 | python3-rpm-4.14.3-32.el8_10.x86_64
399 | python3-setools-4.3.0-5.el8.x86_64
400 | python3-setuptools-39.2.0-8.el8_10.noarch
401 | python3-setuptools-wheel-39.2.0-8.el8_10.noarch
402 | python3-six-1.11.0-8.el8.noarch
403 | python3-slip-0.6.4-13.el8.noarch
404 | python3-slip-dbus-0.6.4-13.el8.noarch
405 | python3-subscription-manager-rhsm-1.28.42-1.el8.x86_64
406 | python3-syspurpose-1.28.42-1.el8.x86_64
407 | python3-systemd-234-8.el8.x86_64
408 | python3-unbound-1.16.2-5.8.el8_10.x86_64
409 | python3-urllib3-1.24.2-8.el8_10.noarch
410 | readline-7.0-10.el8.x86_64
411 | redhat-release-8.10-0.3.el8.x86_64
412 | redhat-release-eula-8.10-0.3.el8.x86_64
413 | rh-amazon-rhui-client-4.0.22-1.el8.noarch
414 | rng-tools-6.16-1.el8.x86_64
415 | rootfiles-8.1-22.el8.noarch
416 | rpm-4.14.3-32.el8_10.x86_64
417 | rpm-build-libs-4.14.3-32.el8_10.x86_64
418 | rpm-libs-4.14.3-32.el8_10.x86_64
419 | rpm-plugin-selinux-4.14.3-32.el8_10.x86_64
420 | rpm-plugin-systemd-inhibit-4.14.3-32.el8_10.x86_64
421 | rsyslog-8.2102.0-15.el8_10.1.x86_64
422 | sed-4.5-5.el8.x86_64
423 | selinux-policy-3.14.3-139.el8_10.1.noarch
424 | selinux-policy-targeted-3.14.3-139.el8_10.1.noarch
425 | setup-2.12.2-9.el8.noarch
426 | sg3_utils-1.44-6.el8.x86_64
427 | sg3_utils-libs-1.44-6.el8.x86_64
428 | shadow-utils-4.6-22.el8.x86_64
429 | shared-mime-info-1.9-4.el8.x86_64
430 | shim-x64-15.8-4.el8_9.x86_64
431 | slang-2.3.2-3.el8.x86_64
432 | snappy-1.1.8-3.el8.x86_64
433 | spel-dod-certs-5.13-1.el8.noarch
434 | spel-release-8-4.noarch
435 | spel-wcf-certs-5.15-1.el8.noarch
436 | sqlite-libs-3.26.0-19.el8_9.x86_64
437 | squashfs-tools-4.3-21.el8.x86_64
438 | sssd-client-2.9.4-5.el8_10.1.x86_64
439 | sssd-common-2.9.4-5.el8_10.1.x86_64
440 | sssd-kcm-2.9.4-5.el8_10.1.x86_64
441 | sssd-nfs-idmap-2.9.4-5.el8_10.1.x86_64
442 | subscription-manager-1.28.42-1.el8.x86_64
443 | subscription-manager-rhsm-certificates-20220623-1.el8.noarch
444 | sudo-1.9.5p2-1.el8_9.x86_64
445 | systemd-239-82.el8_10.5.x86_64
446 | systemd-libs-239-82.el8_10.5.x86_64
447 | systemd-networkd-253.4-1.el8.x86_64
448 | systemd-pam-239-82.el8_10.5.x86_64
449 | systemd-udev-239-82.el8_10.5.x86_64
450 | tar-1.30-9.el8.x86_64
451 | teamd-1.31-4.el8.x86_64
452 | timedatex-0.5-3.el8.x86_64
453 | tpm2-tss-2.3.2-6.el8.x86_64
454 | trousers-0.3.15-2.el8.x86_64
455 | trousers-lib-0.3.15-2.el8.x86_64
456 | tuned-2.22.1-6.el8_10.noarch
457 | tzdata-2025b-1.el8.noarch
458 | udisks2-2.9.0-16.el8.x86_64
459 | unbound-libs-1.16.2-5.8.el8_10.x86_64
460 | unzip-6.0-47.el8_10.x86_64
461 | usermode-1.113-2.el8.x86_64
462 | util-linux-2.32.1-46.el8.x86_64
463 | vim-minimal-8.0.1763-19.el8_6.4.x86_64
464 | virt-what-1.25-4.el8.x86_64
465 | volume_key-libs-0.3.11-6.el8.x86_64
466 | which-2.21-20.el8.x86_64
467 | xfsprogs-5.0.0-12.el8.x86_64
468 | xkeyboard-config-2.28-1.el8.noarch
469 | xz-5.2.4-4.el8_6.x86_64
470 | xz-libs-5.2.4-4.el8_6.x86_64
471 | yum-4.7.0-21.el8_10.noarch
472 | yum-utils-4.0.21-25.el8.noarch
473 | zlib-1.2.11-25.el8.x86_64
474 | 


--------------------------------------------------------------------------------
/manifests/spel-minimal-rhel-9-hvm.amazon-ebssurrogate.manifest.txt:
--------------------------------------------------------------------------------
  1 | Red Hat Enterprise Linux 9.6 (Plow)
  2 | aws-cli/2.27.21 Python/3.13.3 Linux/5.14.0-362.18.1.el9_3.x86_64 exe/x86_64.rhel.9
  3 | aws-cfn-bootstrap 2.0
  4 | acl-2.3.1-4.el9.x86_64
  5 | acpid-2.0.32-7.el9.x86_64
  6 | alternatives-1.24-2.el9.x86_64
  7 | amazon-ec2-net-utils-2.5.4-1.el9.0.1.x86_64
  8 | amazon-libdnf-plugin-1.0.3-1.el9.x86_64
  9 | amazon-ssm-agent-3.3.2299.0-1.x86_64
 10 | attr-2.5.1-3.el9.x86_64
 11 | audit-3.1.5-4.el9.x86_64
 12 | audit-libs-3.1.5-4.el9.x86_64
 13 | authselect-1.2.6-3.el9.x86_64
 14 | authselect-libs-1.2.6-3.el9.x86_64
 15 | basesystem-11-13.el9.noarch
 16 | bash-5.1.8-9.el9.x86_64
 17 | binutils-2.35.2-63.el9.x86_64
 18 | binutils-gold-2.35.2-63.el9.x86_64
 19 | bzip2-libs-1.0.8-10.el9_5.x86_64
 20 | ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noarch
 21 | c-ares-1.19.1-2.el9_4.x86_64
 22 | checkpolicy-3.6-1.el9.x86_64
 23 | chrony-4.6.1-1.el9.x86_64
 24 | cloud-init-24.4-4.el9.noarch
 25 | cloud-utils-growpart-0.33-1.el9.x86_64
 26 | coreutils-8.32-39.el9.x86_64
 27 | coreutils-common-8.32-39.el9.x86_64
 28 | cpio-2.13-16.el9.x86_64
 29 | cracklib-2.9.6-27.el9.x86_64
 30 | cracklib-dicts-2.9.6-27.el9.x86_64
 31 | cronie-1.5.7-13.el9.x86_64
 32 | cronie-anacron-1.5.7-13.el9.x86_64
 33 | crontabs-1.11-27.20190603git.el9_0.noarch
 34 | crypto-policies-20250128-1.git5269e22.el9.noarch
 35 | crypto-policies-scripts-20250128-1.git5269e22.el9.noarch
 36 | cryptsetup-libs-2.7.2-3.el9_5.x86_64
 37 | curl-7.76.1-31.el9.x86_64
 38 | cyrus-sasl-lib-2.1.27-21.el9.x86_64
 39 | dbus-1.12.20-8.el9.x86_64
 40 | dbus-broker-28-7.el9.x86_64
 41 | dbus-common-1.12.20-8.el9.noarch
 42 | dbus-libs-1.12.20-8.el9.x86_64
 43 | device-mapper-1.02.202-6.el9.x86_64
 44 | device-mapper-event-1.02.202-6.el9.x86_64
 45 | device-mapper-event-libs-1.02.202-6.el9.x86_64
 46 | device-mapper-libs-1.02.202-6.el9.x86_64
 47 | device-mapper-persistent-data-1.1.0-1.el9.x86_64
 48 | dhcp-client-4.4.2-19.b1.el9.x86_64
 49 | dhcp-common-4.4.2-19.b1.el9.noarch
 50 | diffutils-3.7-12.el9.x86_64
 51 | dmidecode-3.6-1.el9.x86_64
 52 | dnf-4.14.0-25.el9.noarch
 53 | dnf-data-4.14.0-25.el9.noarch
 54 | dnf-plugins-core-4.3.0-20.el9.noarch
 55 | dosfstools-4.2-3.el9.x86_64
 56 | dracut-057-87.git20250311.el9_6.x86_64
 57 | dracut-config-generic-057-87.git20250311.el9_6.x86_64
 58 | dracut-config-rescue-057-87.git20250311.el9_6.x86_64
 59 | dracut-network-057-87.git20250311.el9_6.x86_64
 60 | dracut-squash-057-87.git20250311.el9_6.x86_64
 61 | e2fsprogs-1.46.5-7.el9.x86_64
 62 | e2fsprogs-libs-1.46.5-7.el9.x86_64
 63 | ec2-hibinit-agent-1.0.8-0.el9.x86_64
 64 | ec2-utils-2.2.0-1.el9.0.2.x86_64
 65 | efibootmgr-16-12.el9.x86_64
 66 | efi-filesystem-6-2.el9_0.noarch
 67 | efivar-libs-38-3.el9.x86_64
 68 | elfutils-debuginfod-client-0.192-5.el9.x86_64
 69 | elfutils-default-yama-scope-0.192-5.el9.noarch
 70 | elfutils-libelf-0.192-5.el9.x86_64
 71 | elfutils-libs-0.192-5.el9.x86_64
 72 | epel-release-9-10.el9.noarch
 73 | ethtool-6.11-1.el9.x86_64
 74 | expat-2.5.0-5.el9_6.x86_64
 75 | file-5.39-16.el9.x86_64
 76 | file-libs-5.39-16.el9.x86_64
 77 | filesystem-3.16-5.el9.x86_64
 78 | findutils-4.8.0-7.el9.x86_64
 79 | firewalld-1.3.4-9.el9_5.noarch
 80 | firewalld-filesystem-1.3.4-9.el9_5.noarch
 81 | flashrom-1.2-10.el9.x86_64
 82 | fuse-libs-2.9.9-17.el9.x86_64
 83 | fwupd-1.9.26-1.el9.x86_64
 84 | fwupd-plugin-flashrom-1.9.26-1.el9.x86_64
 85 | gawk-5.1.0-6.el9.x86_64
 86 | gawk-all-langpacks-5.1.0-6.el9.x86_64
 87 | gdbm-libs-1.23-1.el9.x86_64
 88 | gdisk-1.0.7-5.el9.x86_64
 89 | geolite2-city-20191217-6.el9.noarch
 90 | geolite2-country-20191217-6.el9.noarch
 91 | gettext-0.21-8.el9.x86_64
 92 | gettext-libs-0.21-8.el9.x86_64
 93 | glib2-2.68.4-16.el9.x86_64
 94 | glibc-2.34-168.el9_6.14.x86_64
 95 | glibc-common-2.34-168.el9_6.14.x86_64
 96 | glibc-gconv-extra-2.34-168.el9_6.14.x86_64
 97 | glibc-minimal-langpack-2.34-168.el9_6.14.x86_64
 98 | gmp-6.2.0-13.el9.x86_64
 99 | gnupg2-2.3.3-4.el9.x86_64
100 | gnutls-3.8.3-6.el9.x86_64
101 | gobject-introspection-1.68.0-11.el9.x86_64
102 | gpgme-1.15.1-6.el9.x86_64
103 | gpg-pubkey-3228467c-613798eb
104 | gpg-pubkey-5a6340b3-6229229e
105 | gpg-pubkey-e96e3db7-6196a254
106 | gpg-pubkey-fd431d51-4ae0493b
107 | grep-3.6-5.el9.x86_64
108 | groff-base-1.22.4-10.el9.x86_64
109 | grub2-common-2.06-104.el9_6.noarch
110 | grub2-efi-x64-2.06-104.el9_6.x86_64
111 | grub2-efi-x64-modules-2.06-104.el9_6.noarch
112 | grub2-pc-2.06-104.el9_6.x86_64
113 | grub2-pc-modules-2.06-104.el9_6.noarch
114 | grub2-tools-2.06-104.el9_6.x86_64
115 | grub2-tools-efi-2.06-104.el9_6.x86_64
116 | grub2-tools-minimal-2.06-104.el9_6.x86_64
117 | grubby-8.40-64.el9.x86_64
118 | gzip-1.12-1.el9.x86_64
119 | hostname-3.23-6.el9.x86_64
120 | hwdata-0.348-9.18.el9.noarch
121 | ima-evm-utils-1.5-3.el9.x86_64
122 | inih-49-6.el9.x86_64
123 | initscripts-rename-device-10.11.8-4.el9.x86_64
124 | initscripts-service-10.11.8-4.el9.noarch
125 | ipcalc-1.0.0-5.el9.x86_64
126 | iproute-6.11.0-1.el9.x86_64
127 | iproute-tc-6.11.0-1.el9.x86_64
128 | ipset-7.11-11.el9_5.x86_64
129 | ipset-libs-7.11-11.el9_5.x86_64
130 | iptables-libs-1.8.10-11.el9_5.x86_64
131 | iptables-nft-1.8.10-11.el9_5.x86_64
132 | iputils-20210202-11.el9.x86_64
133 | irqbalance-1.9.4-2.el9.x86_64
134 | jansson-2.14-1.el9.x86_64
135 | jitterentropy-3.6.0-1.el9.x86_64
136 | jq-1.6-17.el9.x86_64
137 | json-c-0.14-11.el9.x86_64
138 | json-glib-1.6.6-1.el9.x86_64
139 | kbd-2.4.0-11.el9.x86_64
140 | kbd-legacy-2.4.0-11.el9.noarch
141 | kbd-misc-2.4.0-11.el9.noarch
142 | kernel-5.14.0-570.17.1.el9_6.x86_64
143 | kernel-core-5.14.0-570.17.1.el9_6.x86_64
144 | kernel-modules-5.14.0-570.17.1.el9_6.x86_64
145 | kernel-modules-core-5.14.0-570.17.1.el9_6.x86_64
146 | kernel-tools-5.14.0-570.17.1.el9_6.x86_64
147 | kernel-tools-libs-5.14.0-570.17.1.el9_6.x86_64
148 | kexec-tools-2.0.29-5.el9.x86_64
149 | keyutils-1.6.3-1.el9.x86_64
150 | keyutils-libs-1.6.3-1.el9.x86_64
151 | kmod-28-10.el9.x86_64
152 | kmod-libs-28-10.el9.x86_64
153 | kpartx-0.8.7-35.el9.x86_64
154 | krb5-libs-1.21.1-6.el9.x86_64
155 | less-590-5.el9.x86_64
156 | libacl-2.3.1-4.el9.x86_64
157 | libaio-0.3.111-13.el9.x86_64
158 | libarchive-3.5.3-4.el9.x86_64
159 | libassuan-2.5.5-3.el9.x86_64
160 | libatasmart-0.19-22.el9.x86_64
161 | libattr-2.5.1-3.el9.x86_64
162 | libbasicobjects-0.1.1-53.el9.x86_64
163 | libblkid-2.37.4-21.el9.x86_64
164 | libblockdev-2.28-13.el9_6.x86_64
165 | libblockdev-crypto-2.28-13.el9_6.x86_64
166 | libblockdev-fs-2.28-13.el9_6.x86_64
167 | libblockdev-loop-2.28-13.el9_6.x86_64
168 | libblockdev-mdraid-2.28-13.el9_6.x86_64
169 | libblockdev-part-2.28-13.el9_6.x86_64
170 | libblockdev-swap-2.28-13.el9_6.x86_64
171 | libblockdev-utils-2.28-13.el9_6.x86_64
172 | libbpf-1.5.0-1.el9.x86_64
173 | libbrotli-1.0.9-7.el9_5.x86_64
174 | libbytesize-2.5-3.el9.x86_64
175 | libcap-2.48-9.el9_2.x86_64
176 | libcap-ng-0.8.2-7.el9.x86_64
177 | libcap-ng-python3-0.8.2-7.el9.x86_64
178 | libcbor-0.7.0-5.el9.x86_64
179 | libcollection-0.7.0-53.el9.x86_64
180 | libcom_err-1.46.5-7.el9.x86_64
181 | libcomps-0.1.18-1.el9.x86_64
182 | libcurl-7.76.1-31.el9.x86_64
183 | libdaemon-0.14-23.el9.x86_64
184 | libdb-5.3.28-55.el9.x86_64
185 | libdhash-0.5.0-53.el9.x86_64
186 | libdnf-0.69.0-13.el9.x86_64
187 | libeconf-0.4.1-4.el9.x86_64
188 | libedit-3.1-38.20210216cvs.el9.x86_64
189 | libestr-0.1.11-4.el9.x86_64
190 | libevent-2.1.12-8.el9_4.x86_64
191 | libfastjson-0.99.9-5.el9.x86_64
192 | libfdisk-2.37.4-21.el9.x86_64
193 | libffi-3.4.2-8.el9.x86_64
194 | libfido2-1.13.0-2.el9.x86_64
195 | libgcc-11.5.0-5.el9_5.x86_64
196 | libgcrypt-1.10.0-11.el9.x86_64
197 | libgomp-11.5.0-5.el9_5.x86_64
198 | libgpg-error-1.42-5.el9.x86_64
199 | libgudev-237-1.el9.x86_64
200 | libgusb-0.3.8-2.el9.x86_64
201 | libidn2-2.3.0-7.el9.x86_64
202 | libini_config-1.3.1-53.el9.x86_64
203 | libjcat-0.1.6-3.el9.x86_64
204 | libkcapi-1.4.0-2.el9.x86_64
205 | libkcapi-hmaccalc-1.4.0-2.el9.x86_64
206 | libksba-1.5.1-7.el9.x86_64
207 | libldb-4.21.3-3.el9.x86_64
208 | libmaxminddb-1.5.2-4.el9.x86_64
209 | libmnl-1.0.4-16.el9_4.x86_64
210 | libmodulemd-2.13.0-2.el9.x86_64
211 | libmount-2.37.4-21.el9.x86_64
212 | libndp-1.9-1.el9.x86_64
213 | libnetfilter_conntrack-1.0.9-1.el9.x86_64
214 | libnfnetlink-1.0.1-23.el9_5.x86_64
215 | libnftnl-1.2.6-4.el9_4.x86_64
216 | libnghttp2-1.43.0-6.el9.x86_64
217 | libnl3-3.11.0-1.el9.x86_64
218 | libnl3-cli-3.11.0-1.el9.x86_64
219 | libnsl-2.34-168.el9_6.14.x86_64
220 | libnvme-1.11.1-1.el9.x86_64
221 | libpath_utils-0.2.1-53.el9.x86_64
222 | libpipeline-1.5.3-4.el9.x86_64
223 | libpsl-0.21.1-5.el9.x86_64
224 | libpwquality-1.4.4-8.el9.x86_64
225 | libref_array-0.1.5-53.el9.x86_64
226 | librepo-1.14.5-2.el9.x86_64
227 | libreport-filesystem-2.15.2-6.el9.noarch
228 | librhsm-0.0.3-9.el9.x86_64
229 | libseccomp-2.5.2-2.el9.x86_64
230 | libselinux-3.6-3.el9.x86_64
231 | libselinux-utils-3.6-3.el9.x86_64
232 | libsemanage-3.6-5.el9_6.x86_64
233 | libsepol-3.6-2.el9.x86_64
234 | libsigsegv-2.13-4.el9.x86_64
235 | libsmartcols-2.37.4-21.el9.x86_64
236 | libsolv-0.7.24-3.el9.x86_64
237 | libss-1.46.5-7.el9.x86_64
238 | libssh-0.10.4-13.el9.x86_64
239 | libssh-config-0.10.4-13.el9.noarch
240 | libsss_certmap-2.9.6-4.el9_6.2.x86_64
241 | libsss_idmap-2.9.6-4.el9_6.2.x86_64
242 | libsss_nss_idmap-2.9.6-4.el9_6.2.x86_64
243 | libsss_sudo-2.9.6-4.el9_6.2.x86_64
244 | libstdc++-11.5.0-5.el9_5.x86_64
245 | libsysfs-2.1.1-10.el9.x86_64
246 | libtalloc-2.4.2-1.el9.x86_64
247 | libtasn1-4.16.0-9.el9.x86_64
248 | libtdb-1.4.12-1.el9.x86_64
249 | libteam-1.31-16.el9_1.x86_64
250 | libtevent-0.16.1-1.el9.x86_64
251 | libtool-ltdl-2.4.6-46.el9.x86_64
252 | libudisks2-2.9.4-11.el9.x86_64
253 | libunistring-0.9.10-15.el9.x86_64
254 | libusbx-1.0.26-1.el9.x86_64
255 | libuser-0.63-16.el9.x86_64
256 | libutempter-1.2.1-6.el9.x86_64
257 | libuuid-2.37.4-21.el9.x86_64
258 | libverto-0.3.2-3.el9.x86_64
259 | libxcrypt-4.4.18-3.el9.x86_64
260 | libxcrypt-compat-4.4.18-3.el9.x86_64
261 | libxml2-2.9.13-9.el9_6.x86_64
262 | libxmlb-0.3.10-1.el9.x86_64
263 | libyaml-0.2.5-7.el9.x86_64
264 | libzstd-1.5.5-1.el9.x86_64
265 | linux-firmware-20250415-146.5.el9_5.noarch
266 | linux-firmware-whence-20250415-146.5.el9_5.noarch
267 | lmdb-libs-0.9.29-3.el9.x86_64
268 | logrotate-3.18.0-9.el9.x86_64
269 | lshw-B.02.20-1.el9.x86_64
270 | lsscsi-0.32-6.el9.x86_64
271 | lua-libs-5.4.4-4.el9.x86_64
272 | lvm2-2.03.28-6.el9.x86_64
273 | lvm2-libs-2.03.28-6.el9.x86_64
274 | lz4-libs-1.9.3-5.el9.x86_64
275 | lzo-2.10-7.el9.x86_64
276 | man-db-2.9.3-7.el9.x86_64
277 | mdadm-4.3-4.el9_5.x86_64
278 | microcode_ctl-20250211-1.el9_6.noarch
279 | mokutil-0.6.0-4.el9.x86_64
280 | mpfr-4.1.0-7.el9.x86_64
281 | ncurses-6.2-10.20210508.el9.x86_64
282 | ncurses-base-6.2-10.20210508.el9.noarch
283 | ncurses-libs-6.2-10.20210508.el9.x86_64
284 | nettle-3.10.1-1.el9.x86_64
285 | NetworkManager-1.52.0-3.el9_6.x86_64
286 | NetworkManager-libnm-1.52.0-3.el9_6.x86_64
287 | NetworkManager-team-1.52.0-3.el9_6.x86_64
288 | NetworkManager-tui-1.52.0-3.el9_6.x86_64
289 | newt-0.52.21-11.el9.x86_64
290 | nftables-1.0.9-3.el9.x86_64
291 | npth-1.6-8.el9.x86_64
292 | nspr-4.35.0-17.el9_2.x86_64
293 | nss-3.101.0-10.el9_2.x86_64
294 | nss-softokn-3.101.0-10.el9_2.x86_64
295 | nss-softokn-freebl-3.101.0-10.el9_2.x86_64
296 | nss-sysinit-3.101.0-10.el9_2.x86_64
297 | nss-util-3.101.0-10.el9_2.x86_64
298 | numactl-libs-2.0.19-1.el9.x86_64
299 | oniguruma-6.9.6-1.el9.6.x86_64
300 | openldap-2.6.8-4.el9.x86_64
301 | openssh-8.7p1-45.el9.x86_64
302 | openssh-clients-8.7p1-45.el9.x86_64
303 | openssh-server-8.7p1-45.el9.x86_64
304 | openssl-3.2.2-6.el9_5.1.x86_64
305 | openssl-fips-provider-3.0.7-6.el9_5.x86_64
306 | openssl-fips-provider-so-3.0.7-6.el9_5.x86_64
307 | openssl-libs-3.2.2-6.el9_5.1.x86_64
308 | os-prober-1.77-12.el9_5.x86_64
309 | p11-kit-0.25.3-3.el9_5.x86_64
310 | p11-kit-trust-0.25.3-3.el9_5.x86_64
311 | pam-1.5.1-23.el9.x86_64
312 | parted-3.5-3.el9.x86_64
313 | passwd-0.80-12.el9.x86_64
314 | pciutils-libs-3.7.0-7.el9.x86_64
315 | pcre2-10.40-6.el9.x86_64
316 | pcre2-syntax-10.40-6.el9.noarch
317 | pcre-8.44-4.el9.x86_64
318 | pigz-2.8-1.el9.x86_64
319 | policycoreutils-3.6-2.1.el9.x86_64
320 | polkit-0.117-13.el9.x86_64
321 | polkit-libs-0.117-13.el9.x86_64
322 | polkit-pkla-compat-0.1-21.el9.x86_64
323 | popt-1.18-8.el9.x86_64
324 | prefixdevname-0.1.0-8.el9.x86_64
325 | procps-ng-3.3.17-14.el9.x86_64
326 | psmisc-23.4-3.el9.x86_64
327 | publicsuffix-list-dafsa-20210518-3.el9.noarch
328 | python3-3.9.21-2.el9.x86_64
329 | python3-attrs-20.3.0-7.el9.noarch
330 | python3-audit-3.1.5-4.el9.x86_64
331 | python3-babel-2.9.1-2.el9.noarch
332 | python3-chardet-4.0.0-5.el9.noarch
333 | python3-configobj-5.0.6-25.el9.noarch
334 | python3-dateutil-2.8.1-7.el9.noarch
335 | python3-dbus-1.2.18-2.el9.x86_64
336 | python3-distro-1.5.0-7.el9.noarch
337 | python3-dnf-4.14.0-25.el9.noarch
338 | python3-dnf-plugins-core-4.3.0-20.el9.noarch
339 | python3-firewall-1.3.4-9.el9_5.noarch
340 | python3-gobject-base-3.40.1-6.el9.x86_64
341 | python3-gobject-base-noarch-3.40.1-6.el9.noarch
342 | python3-gpg-1.15.1-6.el9.x86_64
343 | python3-hawkey-0.69.0-13.el9.x86_64
344 | python3-idna-2.10-7.el9_4.1.noarch
345 | python3-jinja2-2.11.3-8.el9_5.noarch
346 | python3-jsonpatch-1.21-16.el9.noarch
347 | python3-jsonpointer-2.0-4.el9.noarch
348 | python3-jsonschema-3.2.0-13.el9.noarch
349 | python3-libcomps-0.1.18-1.el9.x86_64
350 | python3-libdnf-0.69.0-13.el9.x86_64
351 | python3-libs-3.9.21-2.el9.x86_64
352 | python3-libselinux-3.6-3.el9.x86_64
353 | python3-libsemanage-3.6-5.el9_6.x86_64
354 | python3-markupsafe-1.1.1-12.el9.x86_64
355 | python3-netifaces-0.10.6-15.el9.x86_64
356 | python3-nftables-1.0.9-3.el9.x86_64
357 | python3-oauthlib-3.1.1-5.el9.noarch
358 | python3-pip-21.3.1-1.el9.noarch
359 | python3-pip-wheel-21.3.1-1.el9.noarch
360 | python3-policycoreutils-3.6-2.1.el9.noarch
361 | python3-prettytable-0.7.2-27.el9.noarch
362 | python3-pyrsistent-0.17.3-8.el9.x86_64
363 | python3-pyserial-3.4-12.el9.noarch
364 | python3-pysocks-1.7.1-12.el9.noarch
365 | python3-pytz-2021.1-5.el9.noarch
366 | python3-pyyaml-5.4.1-6.el9.x86_64
367 | python3-requests-2.25.1-9.el9.noarch
368 | python3-rpm-4.16.1.3-37.el9.x86_64
369 | python3-setools-4.4.4-1.el9.x86_64
370 | python3-setuptools-53.0.0-13.el9.noarch
371 | python3-setuptools-wheel-53.0.0-13.el9.noarch
372 | python3-six-1.15.0-9.el9.noarch
373 | python3-systemd-234-19.el9.x86_64
374 | python3-urllib3-1.26.5-6.el9.noarch
375 | python-unversioned-command-3.9.21-2.el9.noarch
376 | readline-8.1-4.el9.x86_64
377 | redhat-release-9.6-0.1.el9.x86_64
378 | rh-amazon-rhui-client-4.0.22-1.el9.noarch
379 | rng-tools-6.17-1.el9.x86_64
380 | rootfiles-8.1-34.el9.noarch
381 | rpm-4.16.1.3-37.el9.x86_64
382 | rpm-build-libs-4.16.1.3-37.el9.x86_64
383 | rpm-libs-4.16.1.3-37.el9.x86_64
384 | rpm-plugin-audit-4.16.1.3-37.el9.x86_64
385 | rpm-plugin-selinux-4.16.1.3-37.el9.x86_64
386 | rpm-plugin-systemd-inhibit-4.16.1.3-37.el9.x86_64
387 | rpm-sign-libs-4.16.1.3-37.el9.x86_64
388 | rsyslog-8.2412.0-1.el9.x86_64
389 | rsyslog-logrotate-8.2412.0-1.el9.x86_64
390 | sed-4.8-9.el9.x86_64
391 | selinux-policy-38.1.53-5.el9_6.noarch
392 | selinux-policy-targeted-38.1.53-5.el9_6.noarch
393 | setup-2.13.7-10.el9.noarch
394 | sg3_utils-1.47-10.el9.x86_64
395 | sg3_utils-libs-1.47-10.el9.x86_64
396 | shadow-utils-4.9-12.el9.x86_64
397 | shared-mime-info-2.1-5.el9.x86_64
398 | shim-x64-15.8-4.el9_3.x86_64
399 | slang-2.3.2-11.el9.x86_64
400 | snappy-1.1.8-8.el9.x86_64
401 | spel-dod-certs-5.13-1.el9.noarch
402 | spel-release-9-4.noarch
403 | spel-wcf-certs-5.15-1.el9.noarch
404 | sqlite-libs-3.34.1-7.el9_3.x86_64
405 | squashfs-tools-4.4-10.git1.el9.x86_64
406 | sssd-client-2.9.6-4.el9_6.2.x86_64
407 | sssd-common-2.9.6-4.el9_6.2.x86_64
408 | sssd-kcm-2.9.6-4.el9_6.2.x86_64
409 | sudo-1.9.5p2-10.el9_3.x86_64
410 | systemd-252-51.el9.x86_64
411 | systemd-libs-252-51.el9.x86_64
412 | systemd-networkd-253.4-1.el9.x86_64
413 | systemd-pam-252-51.el9.x86_64
414 | systemd-resolved-252-51.el9.x86_64
415 | systemd-rpm-macros-252-51.el9.noarch
416 | systemd-udev-252-51.el9.x86_64
417 | tar-1.34-7.el9.x86_64
418 | teamd-1.31-16.el9_1.x86_64
419 | tpm2-tss-3.2.3-1.el9.x86_64
420 | tzdata-2025b-1.el9.noarch
421 | udisks2-2.9.4-11.el9.x86_64
422 | unzip-6.0-58.el9_5.x86_64
423 | userspace-rcu-0.12.1-6.el9.x86_64
424 | util-linux-2.37.4-21.el9.x86_64
425 | util-linux-core-2.37.4-21.el9.x86_64
426 | vim-minimal-8.2.2637-22.el9_6.x86_64
427 | volume_key-libs-0.3.12-16.el9.x86_64
428 | which-2.21-29.el9.x86_64
429 | xfsprogs-6.4.0-5.el9.x86_64
430 | xz-5.2.5-8.el9_0.x86_64
431 | xz-libs-5.2.5-8.el9_0.x86_64
432 | yum-4.14.0-25.el9.noarch
433 | yum-utils-4.3.0-20.el9.noarch
434 | zlib-1.2.11-40.el9.x86_64
435 | 


--------------------------------------------------------------------------------
/spel/README.md:
--------------------------------------------------------------------------------
 1 | <!-- BEGIN TFDOCS -->
 2 | ### Inputs
 3 | 
 4 | | Name | Description | Type | Default | Required |
 5 | |------|-------------|------|---------|:--------:|
 6 | | <a name="input_spel_identifier"></a> [spel\_identifier](#input\_spel\_identifier) | Namespace that prefixes the name of the built images | `string` | n/a | yes |
 7 | | <a name="input_spel_version"></a> [spel\_version](#input\_spel\_version) | Version appended to the name of the built images | `string` | n/a | yes |
 8 | | <a name="input_amigen8_bootdev_mult"></a> [amigen8\_bootdev\_mult](#input\_amigen8\_bootdev\_mult) | Factor by which to increase /boot's size on "special" distros (like OL8) | `string` | `"1.2"` | no |
 9 | | <a name="input_amigen8_bootdev_size"></a> [amigen8\_bootdev\_size](#input\_amigen8\_bootdev\_size) | Size, in MiB, to make the /boot partition (this will be multiplied by the 'amigen8\_bootdev\_mult' value for Oracle Linux images) | `string` | `"1024"` | no |
10 | | <a name="input_amigen8_extra_rpms"></a> [amigen8\_extra\_rpms](#input\_amigen8\_extra\_rpms) | List of package specs (rpm names or URLs to .rpm files) to install to the EL8 builders and images | `list(string)` | <pre>[<br/>  "python39",<br/>  "python39-pip",<br/>  "python39-setuptools",<br/>  "crypto-policies-scripts",<br/>  "spel-release",<br/>  "spel-dod-certs",<br/>  "spel-wcf-certs",<br/>  "amazon-ec2-net-utils",<br/>  "ec2-hibinit-agent",<br/>  "ec2-instance-connect",<br/>  "ec2-instance-connect-selinux",<br/>  "ec2-utils",<br/>  "https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm"<br/>]</pre> | no |
11 | | <a name="input_amigen8_filesystem_label"></a> [amigen8\_filesystem\_label](#input\_amigen8\_filesystem\_label) | Label for the root filesystem when creating bare partitions for EL8 images | `string` | `""` | no |
12 | | <a name="input_amigen8_package_groups"></a> [amigen8\_package\_groups](#input\_amigen8\_package\_groups) | List of yum repo groups to install into EL8 images | `list(string)` | <pre>[<br/>  "core"<br/>]</pre> | no |
13 | | <a name="input_amigen8_package_manifest"></a> [amigen8\_package\_manifest](#input\_amigen8\_package\_manifest) | File containing a list of RPMs to use as the build manifest for EL8 images | `string` | `""` | no |
14 | | <a name="input_amigen8_repo_names"></a> [amigen8\_repo\_names](#input\_amigen8\_repo\_names) | List of yum repo names to enable in the EL8 builders and EL8 images | `list(string)` | <pre>[<br/>  "spel"<br/>]</pre> | no |
15 | | <a name="input_amigen8_repo_sources"></a> [amigen8\_repo\_sources](#input\_amigen8\_repo\_sources) | List of yum package refs (names or urls to .rpm files) that install yum repo definitions in EL8 builders and images | `list(string)` | <pre>[<br/>  "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm",<br/>  "https://spel-packages.cloudarmor.io/spel-packages/repo/spel-release-latest-8.noarch.rpm"<br/>]</pre> | no |
16 | | <a name="input_amigen8_source_branch"></a> [amigen8\_source\_branch](#input\_amigen8\_source\_branch) | Branch that will be checked out when cloning AMIgen8 | `string` | `"master"` | no |
17 | | <a name="input_amigen8_source_url"></a> [amigen8\_source\_url](#input\_amigen8\_source\_url) | URL that will be used to clone AMIgen8 | `string` | `"https://github.com/plus3it/AMIgen8.git"` | no |
18 | | <a name="input_amigen8_storage_layout"></a> [amigen8\_storage\_layout](#input\_amigen8\_storage\_layout) | List of colon-separated tuples (mount:name:size) that describe the desired partitions for LVM-partitioned disks on EL8 images | `list(string)` | <pre>[<br/>  "/:rootVol:6",<br/>  "swap:swapVol:2",<br/>  "/home:homeVol:1",<br/>  "/var:varVol:2",<br/>  "/var/tmp:varTmpVol:2",<br/>  "/var/log:logVol:2",<br/>  "/var/log/audit:auditVol:100%FREE"<br/>]</pre> | no |
19 | | <a name="input_amigen9_boot_dev_label"></a> [amigen9\_boot\_dev\_label](#input\_amigen9\_boot\_dev\_label) | Filesystem-label to apply to the '/boot' partition | `string` | `"boot_disk"` | no |
20 | | <a name="input_amigen9_boot_dev_size"></a> [amigen9\_boot\_dev\_size](#input\_amigen9\_boot\_dev\_size) | Size of the partition hosting the '/boot' partition | `number` | `768` | no |
21 | | <a name="input_amigen9_boot_dev_size_mult"></a> [amigen9\_boot\_dev\_size\_mult](#input\_amigen9\_boot\_dev\_size\_mult) | Factor by which to increase /boot's size on "special" distros (like OL9) | `number` | `"1.1"` | no |
22 | | <a name="input_amigen9_extra_rpms"></a> [amigen9\_extra\_rpms](#input\_amigen9\_extra\_rpms) | List of package specs (rpm names or URLs to .rpm files) to install to the EL9 builders and images | `list(string)` | <pre>[<br/>  "crypto-policies-scripts",<br/>  "spel-release",<br/>  "spel-dod-certs",<br/>  "spel-wcf-certs",<br/>  "amazon-ec2-net-utils",<br/>  "ec2-hibinit-agent",<br/>  "ec2-utils",<br/>  "https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm"<br/>]</pre> | no |
23 | | <a name="input_amigen9_filesystem_label"></a> [amigen9\_filesystem\_label](#input\_amigen9\_filesystem\_label) | Label for the root filesystem when creating bare partitions for EL9 images | `string` | `""` | no |
24 | | <a name="input_amigen9_package_groups"></a> [amigen9\_package\_groups](#input\_amigen9\_package\_groups) | List of yum repo groups to install into EL9 images | `list(string)` | <pre>[<br/>  "core"<br/>]</pre> | no |
25 | | <a name="input_amigen9_package_manifest"></a> [amigen9\_package\_manifest](#input\_amigen9\_package\_manifest) | File containing a list of RPMs to use as the build manifest for EL9 images | `string` | `""` | no |
26 | | <a name="input_amigen9_repo_names"></a> [amigen9\_repo\_names](#input\_amigen9\_repo\_names) | List of yum repo names to enable in the EL9 builders and EL9 images | `list(string)` | <pre>[<br/>  "epel",<br/>  "spel"<br/>]</pre> | no |
27 | | <a name="input_amigen9_repo_sources"></a> [amigen9\_repo\_sources](#input\_amigen9\_repo\_sources) | List of yum package refs (names or urls to .rpm files) that install yum repo definitions in EL9 builders and images | `list(string)` | <pre>[<br/>  "https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm",<br/>  "https://spel-packages.cloudarmor.io/spel-packages/repo/spel-release-latest-9.noarch.rpm"<br/>]</pre> | no |
28 | | <a name="input_amigen9_source_branch"></a> [amigen9\_source\_branch](#input\_amigen9\_source\_branch) | Branch that will be checked out when cloning AMIgen9 | `string` | `"main"` | no |
29 | | <a name="input_amigen9_source_url"></a> [amigen9\_source\_url](#input\_amigen9\_source\_url) | URL that will be used to clone AMIgen9 | `string` | `"https://github.com/plus3it/AMIgen9.git"` | no |
30 | | <a name="input_amigen9_storage_layout"></a> [amigen9\_storage\_layout](#input\_amigen9\_storage\_layout) | List of colon-separated tuples (mount:name:size) that describe the desired partitions for LVM-partitioned disks on EL9 images | `list(string)` | <pre>[<br/>  "/:rootVol:6",<br/>  "swap:swapVol:2",<br/>  "/home:homeVol:1",<br/>  "/var:varVol:2",<br/>  "/var/tmp:varTmpVol:2",<br/>  "/var/log:logVol:2",<br/>  "/var/log/audit:auditVol:100%FREE"<br/>]</pre> | no |
31 | | <a name="input_amigen9_uefi_dev_label"></a> [amigen9\_uefi\_dev\_label](#input\_amigen9\_uefi\_dev\_label) | Filesystem-label to apply to the '/boot/efi' partition | `string` | `"UEFI_DISK"` | no |
32 | | <a name="input_amigen9_uefi_dev_size"></a> [amigen9\_uefi\_dev\_size](#input\_amigen9\_uefi\_dev\_size) | Size of the partition hosting the '/boot/efi' partition | `number` | `128` | no |
33 | | <a name="input_amigen_amiutils_source_url"></a> [amigen\_amiutils\_source\_url](#input\_amigen\_amiutils\_source\_url) | URL of the AMI Utils repo to be cloned using git, containing AWS utility rpms that will be installed to the AMIs | `string` | `""` | no |
34 | | <a name="input_amigen_aws_cfnbootstrap"></a> [amigen\_aws\_cfnbootstrap](#input\_amigen\_aws\_cfnbootstrap) | URL of the tar.gz bundle containing the CFN bootstrap utilities | `string` | `"https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz"` | no |
35 | | <a name="input_amigen_aws_cliv1_source"></a> [amigen\_aws\_cliv1\_source](#input\_amigen\_aws\_cliv1\_source) | URL of the .zip bundle containing the installer for AWS CLI v1 | `string` | `""` | no |
36 | | <a name="input_amigen_aws_cliv2_source"></a> [amigen\_aws\_cliv2\_source](#input\_amigen\_aws\_cliv2\_source) | URL of the .zip bundle containing the installer for AWS CLI v2 | `string` | `"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"` | no |
37 | | <a name="input_amigen_fips_disable"></a> [amigen\_fips\_disable](#input\_amigen\_fips\_disable) | Toggles whether FIPS will be disabled in the images | `bool` | `false` | no |
38 | | <a name="input_amigen_grub_timeout"></a> [amigen\_grub\_timeout](#input\_amigen\_grub\_timeout) | Timeout value to set in the grub config of each image | `number` | `1` | no |
39 | | <a name="input_amigen_use_default_repos"></a> [amigen\_use\_default\_repos](#input\_amigen\_use\_default\_repos) | Modifies the behavior of `amigen_repo_names`. When true, `amigen_repo_names` are appended to the enabled repos. When false, `amigen_repo_names` are used exclusively | `bool` | `true` | no |
40 | | <a name="input_aws_ami_groups"></a> [aws\_ami\_groups](#input\_aws\_ami\_groups) | List of groups that have access to launch the resulting AMIs. Keyword `all` will make the AMIs publicly accessible | `list(string)` | `[]` | no |
41 | | <a name="input_aws_ami_regions"></a> [aws\_ami\_regions](#input\_aws\_ami\_regions) | List of regions to copy the AMIs to. Tags and attributes are copied along with the AMIs | `list(string)` | `[]` | no |
42 | | <a name="input_aws_ami_users"></a> [aws\_ami\_users](#input\_aws\_ami\_users) | List of account IDs that have access to launch the resulting AMIs | `list(string)` | `[]` | no |
43 | | <a name="input_aws_force_deregister"></a> [aws\_force\_deregister](#input\_aws\_force\_deregister) | Force deregister an existing AMI if one with the same name already exists | `bool` | `false` | no |
44 | | <a name="input_aws_instance_type"></a> [aws\_instance\_type](#input\_aws\_instance\_type) | EC2 instance type to use while building the AMIs | `string` | `"t3.2xlarge"` | no |
45 | | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | Name of the AWS region in which to launch the EC2 instance to create the AMIs | `string` | `"us-east-1"` | no |
46 | | <a name="input_aws_source_ami_filter_centos9stream_hvm"></a> [aws\_source\_ami\_filter\_centos9stream\_hvm](#input\_aws\_source\_ami\_filter\_centos9stream\_hvm) | Object with source AMI filters for CentOS Stream 9 HVM builds | <pre>object({<br/>    name   = string<br/>    owners = list(string)<br/>  })</pre> | <pre>{<br/>  "name": "CentOS Stream 9 x86_64 *,spel-bootstrap-centos-9stream-*.x86_64-gp*",<br/>  "owners": [<br/>    "125523088429",<br/>    "174003430611",<br/>    "216406534498"<br/>  ]<br/>}</pre> | no |
47 | | <a name="input_aws_source_ami_filter_ol8_hvm"></a> [aws\_source\_ami\_filter\_ol8\_hvm](#input\_aws\_source\_ami\_filter\_ol8\_hvm) | Object with source AMI filters for Oracle Linux 8 HVM builds | <pre>object({<br/>    name   = string<br/>    owners = list(string)<br/>  })</pre> | <pre>{<br/>  "name": "OL8.*-x86_64-HVM-*,spel-bootstrap-oraclelinux-8-hvm-*.x86_64-gp*,spel-bootstrap-ol-8-*.x86_64-gp*",<br/>  "owners": [<br/>    "131827586825",<br/>    "174003430611",<br/>    "216406534498"<br/>  ]<br/>}</pre> | no |
48 | | <a name="input_aws_source_ami_filter_ol9_hvm"></a> [aws\_source\_ami\_filter\_ol9\_hvm](#input\_aws\_source\_ami\_filter\_ol9\_hvm) | Object with source AMI filters for Oracle Linux 9 HVM builds | <pre>object({<br/>    name   = string<br/>    owners = list(string)<br/>  })</pre> | <pre>{<br/>  "name": "OL9.*-x86_64-HVM-*,spel-bootstrap-oraclelinux-9-hvm-*.x86_64-gp*,spel-bootstrap-ol-9-*.x86_64-gp*",<br/>  "owners": [<br/>    "131827586825",<br/>    "174003430611",<br/>    "216406534498"<br/>  ]<br/>}</pre> | no |
49 | | <a name="input_aws_source_ami_filter_rhel8_hvm"></a> [aws\_source\_ami\_filter\_rhel8\_hvm](#input\_aws\_source\_ami\_filter\_rhel8\_hvm) | Object with source AMI filters for RHEL 8 HVM builds | <pre>object({<br/>    name   = string<br/>    owners = list(string)<br/>  })</pre> | <pre>{<br/>  "name": "RHEL-8.*_HVM-*-x86_64-*-Hourly*-GP*,spel-bootstrap-rhel-8-*.x86_64-gp*",<br/>  "owners": [<br/>    "309956199498",<br/>    "219670896067",<br/>    "174003430611",<br/>    "216406534498"<br/>  ]<br/>}</pre> | no |
50 | | <a name="input_aws_source_ami_filter_rhel9_hvm"></a> [aws\_source\_ami\_filter\_rhel9\_hvm](#input\_aws\_source\_ami\_filter\_rhel9\_hvm) | Object with source AMI filters for RHEL 9 HVM builds | <pre>object({<br/>    name   = string<br/>    owners = list(string)<br/>  })</pre> | <pre>{<br/>  "name": "RHEL-9.*_HVM-*-x86_64-*-Hourly*-GP*,spel-bootstrap-rhel-9-*.x86_64-gp*",<br/>  "owners": [<br/>    "309956199498",<br/>    "219670896067",<br/>    "174003430611",<br/>    "216406534498"<br/>  ]<br/>}</pre> | no |
51 | | <a name="input_aws_ssh_interface"></a> [aws\_ssh\_interface](#input\_aws\_ssh\_interface) | Specifies method used to select the value for the host in the SSH connection | `string` | `"public_dns"` | no |
52 | | <a name="input_aws_subnet_id"></a> [aws\_subnet\_id](#input\_aws\_subnet\_id) | ID of the subnet where Packer will launch the EC2 instance. Required if using an non-default VPC | `string` | `null` | no |
53 | | <a name="input_aws_temporary_security_group_source_cidrs"></a> [aws\_temporary\_security\_group\_source\_cidrs](#input\_aws\_temporary\_security\_group\_source\_cidrs) | List of IPv4 CIDR blocks to be authorized access to the instance | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
54 | | <a name="input_azure_build_resource_group_name"></a> [azure\_build\_resource\_group\_name](#input\_azure\_build\_resource\_group\_name) | Existing resource group in which the build will run | `string` | `null` | no |
55 | | <a name="input_azure_client_id"></a> [azure\_client\_id](#input\_azure\_client\_id) | Application ID of the AAD Service Principal. Requires either client\_secret, client\_cert\_path or client\_jwt to be set as well | `string` | `null` | no |
56 | | <a name="input_azure_client_secret"></a> [azure\_client\_secret](#input\_azure\_client\_secret) | Password/secret registered for the AAD Service Principal | `string` | `null` | no |
57 | | <a name="input_azure_cloud_environment_name"></a> [azure\_cloud\_environment\_name](#input\_azure\_cloud\_environment\_name) | One of Public, China, Germany, or USGovernment. Defaults to Public. Long forms such as USGovernmentCloud and AzureUSGovernmentCloud are also supported | `string` | `"Public"` | no |
58 | | <a name="input_azure_custom_managed_image_name_rhel8"></a> [azure\_custom\_managed\_image\_name\_rhel8](#input\_azure\_custom\_managed\_image\_name\_rhel8) | Name of a custom managed image to use as the base image for RHEL8 builds | `string` | `null` | no |
59 | | <a name="input_azure_custom_managed_image_resource_group_name_rhel8"></a> [azure\_custom\_managed\_image\_resource\_group\_name\_rhel8](#input\_azure\_custom\_managed\_image\_resource\_group\_name\_rhel8) | Name of the resource group for the custom image in `azure_custom_managed_image_name_rhel8` | `string` | `null` | no |
60 | | <a name="input_azure_image_offer"></a> [azure\_image\_offer](#input\_azure\_image\_offer) | Name of the publisher offer to use for your base image (Azure Marketplace Images only) | `string` | `null` | no |
61 | | <a name="input_azure_image_publisher"></a> [azure\_image\_publisher](#input\_azure\_image\_publisher) | Name of the publisher to use for your base image (Azure Marketplace Images only) | `string` | `null` | no |
62 | | <a name="input_azure_image_sku"></a> [azure\_image\_sku](#input\_azure\_image\_sku) | SKU of the image offer to use for your base image (Azure Marketplace Images only) | `string` | `null` | no |
63 | | <a name="input_azure_keep_os_disk"></a> [azure\_keep\_os\_disk](#input\_azure\_keep\_os\_disk) | Boolean toggle whether to keep the managed disk or delete it after packer runs | `bool` | `false` | no |
64 | | <a name="input_azure_location"></a> [azure\_location](#input\_azure\_location) | Azure datacenter in which your VM will build | `string` | `null` | no |
65 | | <a name="input_azure_managed_image_resource_group_name"></a> [azure\_managed\_image\_resource\_group\_name](#input\_azure\_managed\_image\_resource\_group\_name) | Resource group name where the result of the Packer build will be saved. The resource group must already exist | `string` | `null` | no |
66 | | <a name="input_azure_private_virtual_network_with_public_ip"></a> [azure\_private\_virtual\_network\_with\_public\_ip](#input\_azure\_private\_virtual\_network\_with\_public\_ip) | Boolean toggle whether a public IP will be assigned when using `azure_virtual_network_name` | `bool` | `null` | no |
67 | | <a name="input_azure_subscription_id"></a> [azure\_subscription\_id](#input\_azure\_subscription\_id) | n/a | `string` | `null` | no |
68 | | <a name="input_azure_virtual_network_name"></a> [azure\_virtual\_network\_name](#input\_azure\_virtual\_network\_name) | Name of a pre-existing virtual network in which to run the build | `string` | `null` | no |
69 | | <a name="input_azure_virtual_network_resource_group_name"></a> [azure\_virtual\_network\_resource\_group\_name](#input\_azure\_virtual\_network\_resource\_group\_name) | Name of the virtual network resource group in which to run the build | `string` | `null` | no |
70 | | <a name="input_azure_virtual_network_subnet_name"></a> [azure\_virtual\_network\_subnet\_name](#input\_azure\_virtual\_network\_subnet\_name) | Name of the subnet in which to run the build | `string` | `null` | no |
71 | | <a name="input_azure_vm_size"></a> [azure\_vm\_size](#input\_azure\_vm\_size) | n/a | `string` | `"Standard_DS5_v2"` | no |
72 | | <a name="input_openstack_flavor"></a> [openstack\_flavor](#input\_openstack\_flavor) | ID, name, or full URL for the desired flavor for the server to be created | `string` | `null` | no |
73 | | <a name="input_openstack_floating_ip_network_name"></a> [openstack\_floating\_ip\_network\_name](#input\_openstack\_floating\_ip\_network\_name) | ID or name of an external network that can be used for creation of a new floating IP | `string` | `null` | no |
74 | | <a name="input_openstack_insecure"></a> [openstack\_insecure](#input\_openstack\_insecure) | Boolean whether the connection to OpenStack can be done over an insecure connection | `bool` | `false` | no |
75 | | <a name="input_openstack_networks"></a> [openstack\_networks](#input\_openstack\_networks) | List of networks by UUID to attach to this instance | `list(string)` | `[]` | no |
76 | | <a name="input_openstack_security_groups"></a> [openstack\_security\_groups](#input\_openstack\_security\_groups) | List of security groups by name to add to this instance | `list(string)` | `[]` | no |
77 | | <a name="input_openstack_source_image_name"></a> [openstack\_source\_image\_name](#input\_openstack\_source\_image\_name) | Name of the base image to use | `string` | `null` | no |
78 | | <a name="input_spel_deprecation_lifetime"></a> [spel\_deprecation\_lifetime](#input\_spel\_deprecation\_lifetime) | Duration after which image will be marked deprecated. If null, image will not be marked deprecated. The accepted units are: ns, us (or µs), ms, s, m, and h. For example, one day is 24h, and one year is 8760h. | `string` | `null` | no |
79 | | <a name="input_spel_description_url"></a> [spel\_description\_url](#input\_spel\_description\_url) | URL included in the AMI description | `string` | `"https://github.com/plus3it/spel"` | no |
80 | | <a name="input_spel_http_proxy"></a> [spel\_http\_proxy](#input\_spel\_http\_proxy) | Used as the value for the git config http.proxy setting in the builder nodes | `string` | `""` | no |
81 | | <a name="input_spel_root_volume_size"></a> [spel\_root\_volume\_size](#input\_spel\_root\_volume\_size) | Size in GB of the root volume | `number` | `20` | no |
82 | | <a name="input_spel_ssh_username"></a> [spel\_ssh\_username](#input\_spel\_ssh\_username) | Name of the user for the ssh connection to the instance. Defaults to `spel`, which is set by cloud-config userdata. If your starting image does not have `cloud-init` installed, override the default user name | `string` | `"spel"` | no |
83 | | <a name="input_virtualbox_iso_url_centos9stream"></a> [virtualbox\_iso\_url\_centos9stream](#input\_virtualbox\_iso\_url\_centos9stream) | URL to the CentOS Stream 9 .iso to use for Virtualbox builds | `string` | `"http://mirror.facebook.net/centos-stream/9-stream/BaseOS/x86_64/iso/CentOS-Stream-9-latest-x86_64-boot.iso"` | no |
84 | | <a name="input_virtualbox_vagrantcloud_username"></a> [virtualbox\_vagrantcloud\_username](#input\_virtualbox\_vagrantcloud\_username) | Vagrant Cloud username, used to namespace the vagrant boxes | `string` | `null` | no |
85 | 
86 | <!-- END TFDOCS -->
87 | 


--------------------------------------------------------------------------------
/spel/kickstarts/ks.centos9stream.minimal.cfg:
--------------------------------------------------------------------------------
  1 | # Kickstart file for a minimal linux install
  2 | 
  3 | install
  4 | text
  5 | cdrom
  6 | lang en_US.UTF-8
  7 | keyboard us
  8 | network --onboot yes --device eth0 --bootproto dhcp --ipv6 auto
  9 | rootpw  --iscrypted $6$F9bQlyf3Aj1Y3mfr$RAOMlD2CZYPaN65oVmbFbITcuT8FAONiHz4QMWHUJp6.MCxQQKXaa4VZLijbNdVYRhYFrqS3Ug3TOERKZUeDU/
 10 | firewall --service=ssh
 11 | reboot --eject
 12 | authconfig --enableshadow --passalgo=sha512
 13 | selinux --enforcing
 14 | timezone --utc Etc/UTC
 15 | bootloader --location=mbr --driveorder=sda --append="crashkernel=auto"
 16 | # The following is the partition information you requested
 17 | # Note that any partitions you deleted are not expressed
 18 | # here so unless you clear all partitions first, this is
 19 | # not guaranteed to work
 20 | clearpart --drives sda --all
 21 | zerombr
 22 | 
 23 | part /boot --fstype=ext4 --asprimary --size=512 --ondrive=sda
 24 | part pv.008002 --grow --size=200 --ondrive=sda
 25 | 
 26 | volgroup VolGroup00 --pesize=4096 pv.008002
 27 | logvol /              --name=rootVol  --vgname=VolGroup00 --size=4096 --fstype=ext4
 28 | logvol swap           --name=swapVol  --vgname=VolGroup00 --size=2048
 29 | logvol /home          --name=homeVol  --vgname=VolGroup00 --size=1024 --fstype=ext4
 30 | logvol /var           --name=varVol   --vgname=VolGroup00 --size=2048 --fstype=ext4
 31 | logvol /var/log       --name=logVol   --vgname=VolGroup00 --size=2048 --fstype=ext4
 32 | logvol /var/log/audit --name=auditVol --vgname=VolGroup00 --size=8192 --fstype=ext4 --grow
 33 | 
 34 | %include /tmp/repo-include
 35 | 
 36 | %packages --nobase --nocore
 37 | @core
 38 | authconfig
 39 | chrony
 40 | dracut-config-generic
 41 | dracut-fips
 42 | dracut-norescue
 43 | gdisk
 44 | grub2
 45 | grub2-tools
 46 | iptables-services
 47 | iptables-utils
 48 | kernel
 49 | kexec-tools
 50 | lvm2
 51 | ntp
 52 | ntpdate
 53 | openssh-clients
 54 | openssh-server
 55 | rootfiles
 56 | rsync
 57 | selinux-policy-targeted
 58 | sudo
 59 | tar
 60 | vim-common
 61 | wget
 62 | yum-utils
 63 | -abrt
 64 | -abrt-addon-ccpp
 65 | -abrt-addon-kerneloops
 66 | -abrt-addon-python
 67 | -abrt-cli
 68 | -abrt-libs
 69 | -aic94xx-firmware
 70 | -alsa-firmware
 71 | -alsa-lib
 72 | -alsa-tools-firmware
 73 | -biosdevname
 74 | -gcc-gfortran
 75 | -iprutils
 76 | -ivtv-firmware
 77 | -iwl1000-firmware
 78 | -iwl100-firmware
 79 | -iwl105-firmware
 80 | -iwl135-firmware
 81 | -iwl2000-firmware
 82 | -iwl2030-firmware
 83 | -iwl3160-firmware
 84 | -iwl3945-firmware
 85 | -iwl4965-firmware
 86 | -iwl5000-firmware
 87 | -iwl5150-firmware
 88 | -iwl6000-firmware
 89 | -iwl6000g2a-firmware
 90 | -iwl6000g2b-firmware
 91 | -iwl6050-firmware
 92 | -iwl7260-firmware
 93 | -libertas-sd8686-firmware
 94 | -libertas-sd8787-firmware
 95 | -libertas-usb8388-firmware
 96 | -libvirt-client
 97 | -libvirt-devel
 98 | -libvirt-java
 99 | -libvirt-java-devel
100 | -nc
101 | -NetworkManager
102 | -plymouth
103 | -sendmail
104 | %end
105 | 
106 | %pre
107 | URL_BASE=http://mirror.centos.org/centos/9-stream
108 | 
109 | BASEARCH=$(uname -m)
110 | CENTOS_REPOS="baseos appstream extras-common"
111 | REPO_INCLUDE='/tmp/repo-include'
112 | 
113 | (
114 |     for repo in ${CENTOS_REPOS}
115 |     do
116 |         printf 'repo --name="%s" --baseurl=%s/%s/%s --cost=100\n' \
117 |             "${repo}" "${URL_BASE}" "${repo}" "${BASEARCH}"
118 |     done
119 | ) > "${REPO_INCLUDE}"
120 | %end
121 | 
122 | %post
123 | # Credit idea for vagrant setup:
124 | # - https://www.scriptscribe.org/infrastructure/repeatable-vagrant-builds-with-packer/
125 | if grep VAGRANT /proc/cmdline
126 | then
127 |   # Create the vagrant user and give sudo access
128 |   id vagrant || useradd -m -r vagrant
129 |   echo "vagrant:vagrant" | chpasswd
130 |   (
131 |     printf 'Defaults:vagrant env_keep += "SSH_AUTH_SOCK"\n'
132 |     printf 'Defaults:vagrant !requiretty\n'
133 |     printf 'vagrant ALL=(ALL) NOPASSWD: ALL\n\n'
134 |   ) > /etc/sudoers.d/vagrant
135 |   chmod 0440 /etc/sudoers.d/vagrant
136 | fi
137 | %end
138 | 


--------------------------------------------------------------------------------
/spel/scripts/amigen9-build.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # shellcheck disable=SC2034,SC2046
  3 | #
  4 | # Execute AMIGen9 scripts to prepare an EC2 instance for the AMI Create Image
  5 | # task.
  6 | #
  7 | ##############################################################################
  8 | PROGNAME="$(basename "$0")"
  9 | AMIGENBOOTSIZE="${SPEL_AMIGENBOOTDEVSZ:-768}"
 10 | AMIGENBOOTLABL="${SPEL_AMIGENBOOTDEVLBL:-boot_disk}"
 11 | AMIGENBRANCH="${SPEL_AMIGENBRANCH:-main}"
 12 | AMIGENCHROOT="${SPEL_AMIGENCHROOT:-/mnt/ec2-root}"
 13 | AMIGENFSTYPE="${SPEL_AMIGENFSTYPE:-xfs}"
 14 | AMIGENICNCTURL="${SPEL_AMIGENICNCTURL}"
 15 | AMIGENMANFST="${SPEL_AMIGENMANFST}"
 16 | AMIGENPKGGRP="${SPEL_AMIGENPKGGRP:-core}"
 17 | AMIGENREPOS="${SPEL_AMIGENREPOS}"
 18 | AMIGENREPOSRC="${SPEL_AMIGENREPOSRC}"
 19 | AMIGENROOTNM="${SPEL_AMIGENROOTNM}"
 20 | AMIGENSOURCE="${SPEL_AMIGEN9SOURCE:-https://github.com/plus3it/AMIgen9.git}"
 21 | AMIGENSSMAGENT="${SPEL_AMIGENSSMAGENT}"
 22 | AMIGENSTORLAY="${SPEL_AMIGENSTORLAY}"
 23 | AMIGENTIMEZONE="${SPEL_TIMEZONE:-UTC}"
 24 | AMIGENUEFISIZE="${SPEL_AMIGENUEFIDEVSZ:-128}"
 25 | AMIGENUEFILABL="${SPEL_AMIGENUEFIDEVLBL:-UEFI_DISK}"
 26 | AMIGENVGNAME="${SPEL_AMIGENVGNAME}"
 27 | AWSCFNBOOTSTRAP="${SPEL_AWSCFNBOOTSTRAP}"
 28 | AWSCLIV1SOURCE="${SPEL_AWSCLIV1SOURCE}"
 29 | AWSCLIV2SOURCE="${SPEL_AWSCLIV2SOURCE:-https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip}"
 30 | CLOUDPROVIDER="${SPEL_CLOUDPROVIDER:-aws}"
 31 | EXTRARPMS="${SPEL_EXTRARPMS}"
 32 | FIPSDISABLE="${SPEL_FIPSDISABLE}"
 33 | GRUBTMOUT="${SPEL_GRUBTMOUT:-5}"
 34 | HTTP_PROXY="${SPEL_HTTP_PROXY}"
 35 | USEDEFAULTREPOS="${SPEL_USEDEFAULTREPOS:-true}"
 36 | USEROOTDEVICE="${SPEL_USEROOTDEVICE:-true}"
 37 | 
 38 | 
 39 | ELBUILD="/tmp/el-build"
 40 | 
 41 | # Make interactive-execution more-verbose unless explicitly told not to
 42 | if [[ $( tty -s ) -eq 0 ]] && [[ -z ${DEBUG:-} ]]
 43 | then
 44 |     DEBUG="true"
 45 | fi
 46 | 
 47 | 
 48 | # Error handler function
 49 | function err_exit {
 50 |     local ERRSTR
 51 |     local ISNUM
 52 |     local SCRIPTEXIT
 53 | 
 54 |     ERRSTR="${1}"
 55 |     ISNUM='^[0-9]+$'
 56 |     SCRIPTEXIT="${2:-1}"
 57 | 
 58 |     if [[ ${DEBUG} == true ]]
 59 |     then
 60 |         # Our output channels
 61 |         logger -i -t "${PROGNAME}" -p kern.crit -s -- "${ERRSTR}"
 62 |     else
 63 |         logger -i -t "${PROGNAME}" -p kern.crit -- "${ERRSTR}"
 64 |     fi
 65 | 
 66 |     # Only exit if requested exit is numerical
 67 |     if [[ ${SCRIPTEXIT} =~ ${ISNUM} ]]
 68 |     then
 69 |         exit "${SCRIPTEXIT}"
 70 |     fi
 71 | }
 72 | 
 73 | # Setup per-builder values
 74 | case $( rpm -qf /etc/os-release --qf '%{name}' ) in
 75 |     centos-linux-release | centos-stream-release )
 76 |         BUILDER=centos-9stream
 77 | 
 78 |         DEFAULTREPOS=(
 79 |             baseos
 80 |             appstream
 81 |             extras-common
 82 |         )
 83 |         ;;
 84 |     redhat-release-server|redhat-release)
 85 |         BUILDER=rhel-9
 86 | 
 87 |         DEFAULTREPOS=(
 88 |             rhel-9-appstream-rhui-rpms
 89 |             rhel-9-baseos-rhui-rpms
 90 |             rhui-client-config-server-9
 91 |         )
 92 |         ;;
 93 |     oraclelinux-release)
 94 |         BUILDER=ol-9
 95 | 
 96 |         DEFAULTREPOS=(
 97 |             ol9_UEKR7
 98 |             ol9_appstream
 99 |             ol9_baseos_latest
100 |         )
101 |         ;;
102 |     *)
103 |         echo "Unknown OS. Aborting" >&2
104 |         exit 1
105 |         ;;
106 | esac
107 | DEFAULTREPOS+=()
108 | 
109 | # Default to enabling default repos
110 | ENABLEDREPOS=$(IFS=,; echo "${DEFAULTREPOS[*]}")
111 | 
112 | if [[ "$USEDEFAULTREPOS" != "true" ]]
113 | then
114 |     # Enable AMIGENREPOS exclusively when instructed not to use default repos
115 |     ENABLEDREPOS="${AMIGENREPOS}"
116 | elif [[ -n "${AMIGENREPOS:-}" ]]
117 | then
118 |     # When using default repos, also enable AMIGENREPOS if present
119 |     ENABLEDREPOS+=,"${AMIGENREPOS}"
120 | fi
121 | 
122 | export FIPSDISABLE
123 | 
124 | 
125 | retry()
126 | {
127 |     # Make an arbitrary number of attempts to execute an arbitrary command,
128 |     # passing it arbitrary parameters. Convenient for working around
129 |     # intermittent errors (which occur often with poor repo mirrors).
130 |     #
131 |     # Returns the exit code of the command.
132 |     local n=0
133 |     local try=$1
134 |     local cmd="${*: 2}"
135 |     local result=1
136 |     [[ $# -le 1 ]] && {
137 |         echo "Usage $0 <number_of_retry_attempts> <Command>"
138 |         exit $result
139 |     }
140 | 
141 |     echo "Will try $try time(s) :: $cmd"
142 | 
143 |     if [[ "${SHELLOPTS}" == *":errexit:"* ]]
144 |     then
145 |         set +e
146 |         local ERREXIT=1
147 |     fi
148 | 
149 |     until [[ $n -ge $try ]]
150 |     do
151 |         sleep $n
152 |         $cmd
153 |         result=$?
154 |         if [[ $result -eq 0 ]]
155 |         then
156 |             break
157 |         else
158 |             ((n++))
159 |             echo "Attempt $n, command failed :: $cmd"
160 |         fi
161 |     done
162 | 
163 |     if [[ "${ERREXIT}" == "1" ]]
164 |     then
165 |         set -e
166 |     fi
167 | 
168 |     return $result
169 | }  # ----------  end of function retry  ----------
170 | 
171 | # Run the builder-scripts
172 | function BuildChroot {
173 |     local STATUS_MSG
174 | 
175 |     # Prepare the build device
176 |     PrepBuildDevice
177 | 
178 |     # Invoke disk-partitioner
179 |     bash -euxo pipefail "${ELBUILD}"/$( ComposeDiskSetupString ) || \
180 |         err_exit "Failure encountered with DiskSetup.sh"
181 | 
182 |     # Invoke chroot-env disk-mounter
183 |     bash -euxo pipefail "${ELBUILD}"/$( ComposeChrootMountString ) || \
184 |         err_exit "Failure encountered with MkChrootTree.sh"
185 | 
186 |     # Invoke OS software installer
187 |     bash -euxo pipefail "${ELBUILD}"/$( ComposeOSpkgString ) || \
188 |         err_exit "Failure encountered with OSpackages.sh"
189 | 
190 |     # Invoke CSP-specific utilities scripts
191 |     case "${CLOUDPROVIDER}" in
192 |         # Invoke AWSutils installer
193 |         aws)
194 |             bash -euxo pipefail "${ELBUILD}"/$( ComposeAWSutilsString ) || \
195 |                 err_exit "Failure encountered with AWSutils.sh"
196 |             ;;
197 |         azure)
198 |             (
199 |                 export HTTP_PROXY
200 |                 bash -euxo pipefail "${ELBUILD}/AzureUtils.sh" || \
201 |                     err_exit "Failure encountered with AzureUtils.sh"
202 |             )
203 |             ;;
204 |         *)
205 |             # Concat exit-message string
206 |             STATUS_MSG="Unsupported value [${CLOUDPROVIDER}] for CLOUDPROVIDER."
207 |             STATUS_MSG="${STATUS_MSG} No provider-specific utilities"
208 |             STATUS_MSG="${STATUS_MSG} will be installed"
209 | 
210 |             # Log but do not fail-out
211 |             err_exit "${STATUS_MSG}" NONE
212 |             ;;
213 |     esac
214 | 
215 |     # Post-installation configurator
216 |     bash -euxo pipefail "${ELBUILD}"/$( PostBuildString ) || \
217 |         err_exit "Failure encountered with PostBuild.sh"
218 | 
219 |     # Collect insallation-manifest
220 |     CollectManifest
221 | 
222 |     # Invoke unmounter
223 |     bash -euxo pipefail "${ELBUILD}"/Umount.sh -c "${AMIGENCHROOT}" || \
224 |         err_exit "Failure encountered with Umount.sh"
225 | }
226 | 
227 | # Create a record of the build
228 | function CollectManifest {
229 |     echo "Saving the release info to the manifest"
230 |     grep "PRETTY_NAME=" "${AMIGENCHROOT}/etc/os-release" | \
231 |         cut --delimiter '"' -f2 > /tmp/manifest.txt
232 | 
233 |     if [[ "${CLOUDPROVIDER}" == "aws" ]]
234 |     then
235 |         if [[ -n "$AWSCLIV1SOURCE" ]]
236 |         then
237 |             echo "Saving the aws-cli-v1 version to the manifest"
238 |             [[ -o xtrace ]] && XTRACE='set -x' || XTRACE='set +x'
239 |             set +x
240 |             (chroot "${AMIGENCHROOT}" /usr/local/bin/aws1 --version) 2>&1 | \
241 |                 tee -a /tmp/manifest.txt
242 |             eval "$XTRACE"
243 |         fi
244 |         if [[ -n "$AWSCLIV2SOURCE" ]]
245 |         then
246 |             echo "Saving the aws-cli-v2 version to the manifest"
247 |             [[ -o xtrace ]] && XTRACE='set -x' || XTRACE='set +x'
248 |             set +x
249 |             (chroot "${AMIGENCHROOT}" /usr/local/bin/aws2 --version) 2>&1 | \
250 |                 tee -a /tmp/manifest.txt
251 |             eval "$XTRACE"
252 |         fi
253 |         if [[ -n "$AWSCFNBOOTSTRAP" ]]
254 |         then
255 |             echo "Saving the cfn bootstrap version to the manifest"
256 |             [[ -o xtrace ]] && XTRACE='set -x' || XTRACE='set +x'
257 |             set +x
258 |             (chroot "${AMIGENCHROOT}" python3 -m pip list) | \
259 |                 grep aws-cfn-bootstrap | tee -a /tmp/manifest.txt
260 |             eval "$XTRACE"
261 |         fi
262 |     elif [[ "${CLOUDPROVIDER}" == "azure" ]]
263 |     then
264 |         echo "Saving the waagent version to the manifest"
265 |         [[ -o xtrace ]] && XTRACE='set -x' || XTRACE='set +x'
266 |         set +x
267 |         (chroot "${AMIGENCHROOT}" /usr/sbin/waagent --version) 2>&1 | \
268 |             tee -a /tmp/manifest.txt
269 |         eval "$XTRACE"
270 |     fi
271 | 
272 |     echo "Saving the RPM manifest"
273 |     rpm --root "${AMIGENCHROOT}" -qa | sort -u >> /tmp/manifest.txt
274 | }
275 | 
276 | # Pick options for the AWSutils install command
277 | function ComposeAWSutilsString {
278 |     local AWSUTILSSTRING
279 | 
280 |     AWSUTILSSTRING="AWSutils.sh "
281 | 
282 |     # Set services to enable
283 |     AWSUTILSSTRING+="-t amazon-ssm-agent "
284 | 
285 |     # Set location for chroot-env
286 |     if [[ ${AMIGENCHROOT} == "/mnt/ec2-root" ]]
287 |     then
288 |         err_exit "Using default chroot-env location [${AMIGENCHROOT}]" NONE
289 |     else
290 |         AWSUTILSSTRING+="-m ${AMIGENCHROOT} "
291 |     fi
292 | 
293 |     # Whether to install AWS CLIv1
294 |     if [[ -n "${AWSCLIV1SOURCE}" ]]
295 |     then
296 |         AWSUTILSSTRING+="-C ${AWSCLIV1SOURCE} "
297 |     fi
298 | 
299 |     # Whether to install AWS CLIv2
300 |     if [[ -n "${AWSCLIV2SOURCE}" ]]
301 |     then
302 |         AWSUTILSSTRING+="-c ${AWSCLIV2SOURCE} "
303 |     fi
304 | 
305 |     # Whether to install AWS SSM-agent
306 |     if [[ -z ${AMIGENSSMAGENT:-} ]]
307 |     then
308 |         err_exit "Skipping install of AWS SSM-agent" NONE
309 |     else
310 |         AWSUTILSSTRING+="-s ${AMIGENSSMAGENT} "
311 |     fi
312 | 
313 |     # Whether to install AWS InstanceConnect
314 |     if [[ -z ${AMIGENICNCTURL:-} ]]
315 |     then
316 |         err_exit "Skipping install of AWS SSM-agent" NONE
317 |     else
318 |         AWSUTILSSTRING+="-i ${AMIGENICNCTURL} "
319 |     fi
320 | 
321 |     # Whether to install cfnbootstrap
322 |     if [[ -z "${AWSCFNBOOTSTRAP:-}" ]]
323 |     then
324 |         err_exit "Skipping install of AWS CFN Bootstrap" NONE
325 |     else
326 |         AWSUTILSSTRING+="-n ${AWSCFNBOOTSTRAP} "
327 |     fi
328 | 
329 |     # Return command-string for AWSutils-script
330 |     echo "${AWSUTILSSTRING}"
331 | }
332 | 
333 | # Pick options for chroot-mount command
334 | function ComposeChrootMountString {
335 |     local MOUNTCHROOTCMD
336 | 
337 |     MOUNTCHROOTCMD="MkChrootTree.sh "
338 | 
339 |     # Set location for chroot-env
340 |     if [[ ${AMIGENCHROOT} == "/mnt/ec2-root" ]]
341 |     then
342 |         err_exit "Using default chroot-env location [${AMIGENCHROOT}]" NONE
343 |     else
344 |         MOUNTCHROOTCMD+="-m ${AMIGENCHROOT} "
345 |     fi
346 | 
347 |     # Set the filesystem-type to use for OS filesystems
348 |     if [[ ${AMIGENFSTYPE} == "xfs" ]]
349 |     then
350 |         err_exit "Using default fstype [xfs] for boot filesysems" NONE
351 |     else
352 |         MOUNTCHROOTCMD+="-f ${AMIGENFSTYPE} "
353 |     fi
354 | 
355 |     # Set requested custom storage layout as necessary
356 |     if [[ -z ${AMIGENSTORLAY:-} ]]
357 |     then
358 |         err_exit "Using script-default for boot-volume layout" NONE
359 |     else
360 |         MOUNTCHROOTCMD+="-p ${AMIGENSTORLAY} "
361 |     fi
362 | 
363 |     # Set device to mount
364 |     if [[ -z ${AMIGENBUILDDEV:-} ]]
365 |     then
366 |         err_exit "Failed to define device to partition"
367 |     else
368 |         MOUNTCHROOTCMD+="-d ${AMIGENBUILDDEV}"
369 |     fi
370 | 
371 |     # Return command-string for mount-script
372 |     echo "${MOUNTCHROOTCMD}"
373 | }
374 | 
375 | ## # Pick options for disk-setup command
376 | function ComposeDiskSetupString {
377 |     local DISKSETUPCMD
378 | 
379 |     DISKSETUPCMD="DiskSetup.sh "
380 | 
381 |     # Set the size for the /boot partition
382 |     if [[ -z ${AMIGENBOOTSIZE:-} ]]
383 |     then
384 |         err_exit "Setting /boot size to 512MiB" NONE
385 |         DISKSETUPCMD+="-B 512 "
386 |     else
387 |         DISKSETUPCMD+="-B ${AMIGENBOOTSIZE} "
388 |     fi
389 | 
390 |     # Set the value of the fs-label for the /boot partition
391 |     if [[ -z ${AMIGENBOOTLABL:-} ]]
392 |     then
393 |         err_exit "Setting /boot fs-label to 'boot_disk'." NONE
394 |         DISKSETUPCMD+="-l boot_disk "
395 |     else
396 |         DISKSETUPCMD+="-l ${AMIGENBOOTLABL} "
397 |     fi
398 | 
399 |     # Set the size for the /boot/efi partition
400 |     if [[ -z ${AMIGENUEFISIZE:-} ]]
401 |     then
402 |         err_exit "Setting /boot/efi size to 256MiB" NONE
403 |         DISKSETUPCMD+="-U 256 "
404 |     else
405 |         DISKSETUPCMD+="-U ${AMIGENUEFISIZE} "
406 |     fi
407 | 
408 |     # Set the value of the fs-label for the /boot partition
409 |     if [[ -z ${AMIGENUEFILABL:-} ]]
410 |     then
411 |         err_exit "Setting /boot/efi fs-label to 'UEFI_DISK'." NONE
412 |         DISKSETUPCMD+="-L UEFI_DISK "
413 |     else
414 |         DISKSETUPCMD+="-L ${AMIGENUEFILABL} "
415 |     fi
416 | 
417 |     # Set the filesystem-type to use for OS filesystems
418 |     if [[ ${AMIGENFSTYPE} == "xfs" ]]
419 |     then
420 |         err_exit "Using default fstype [xfs] for boot filesysems" NONE
421 |     fi
422 |     DISKSETUPCMD+="-f ${AMIGENFSTYPE} "
423 | 
424 |     # Set requested custom storage layout as necessary
425 |     if [[ -z ${AMIGENSTORLAY:-} ]]
426 |     then
427 |         err_exit "Using script-default for boot-volume layout" NONE
428 |     else
429 |         DISKSETUPCMD+="-p ${AMIGENSTORLAY} "
430 |     fi
431 | 
432 |     # Set LVM2 or bare disk-formatting
433 |     if [[ -n ${AMIGENVGNAME:-} ]]
434 |     then
435 |         DISKSETUPCMD+="-v ${AMIGENVGNAME} "
436 |     elif [[ -n ${AMIGENROOTNM:-} ]]
437 |     then
438 |         DISKSETUPCMD+="-r ${AMIGENROOTNM} "
439 |     fi
440 | 
441 |     # Set device to carve
442 |     if [[ -z ${AMIGENBUILDDEV:-} ]]
443 |     then
444 |         err_exit "Failed to define device to partition"
445 |     else
446 |         DISKSETUPCMD+="-d ${AMIGENBUILDDEV}"
447 |     fi
448 | 
449 |     # Return command-string for disk-setup script
450 |     echo "${DISKSETUPCMD}"
451 | }
452 | 
453 | # Pick options for the OS-install command
454 | function ComposeOSpkgString {
455 |     local OSPACKAGESTRING
456 | 
457 |     OSPACKAGESTRING="OSpackages.sh "
458 | 
459 |     # Set location for chroot-env
460 |     if [[ ${AMIGENCHROOT} == "/mnt/ec2-root" ]]
461 |     then
462 |         err_exit "Using default chroot-env location [${AMIGENCHROOT}]" NONE
463 |     else
464 |         OSPACKAGESTRING+="-m ${AMIGENCHROOT} "
465 |     fi
466 | 
467 |     # Pick custom yum repos
468 |     if [[ -z ${ENABLEDREPOS:-} ]]
469 |     then
470 |         err_exit "Using script-default yum repos" NONE
471 |     else
472 |         OSPACKAGESTRING+="-a ${ENABLEDREPOS} "
473 |     fi
474 | 
475 |     # Custom repo-def RPMs to install
476 |     if [[ -z ${AMIGENREPOSRC:-} ]]
477 |     then
478 |         err_exit "Installing no custom repo-config RPMs" NONE
479 |     else
480 |         OSPACKAGESTRING+="-r ${AMIGENREPOSRC} "
481 |     fi
482 | 
483 |     # Add custom manifest file
484 |     if [[ -z ${AMIGENMANFST:-} ]]
485 |     then
486 |         err_exit "Installing no custom manifest" NONE
487 |     else
488 |         OSPACKAGESTRING+="-M ${AMIGENREPOSRC} "
489 |     fi
490 | 
491 |     # Add custom pkg group
492 |     if [[ -z ${AMIGENPKGGRP:-} ]]
493 |     then
494 |         err_exit "Installing no custom package group" NONE
495 |     else
496 |         OSPACKAGESTRING+="-g ${AMIGENPKGGRP} "
497 |     fi
498 | 
499 |     # Add extra rpms
500 |     if [[ -z ${EXTRARPMS:-} ]]
501 |     then
502 |         err_exit "Installing no extra rpms" NONE
503 |     else
504 |         OSPACKAGESTRING+="-e ${EXTRARPMS} "
505 |     fi
506 | 
507 |     # Customization for Oracle Linux
508 |     if [[ $BUILDER == "ol-9" ]]
509 |     then
510 |         # Exclude Unbreakable Enterprise Kernel
511 |         OSPACKAGESTRING+="-x kernel-uek,redhat*,*rhn*,*spacewalk*,*ulninfo* "
512 | 
513 |         # DNF hack
514 |         OSPACKAGESTRING+="--setup-dnf ociregion=,ocidomain=oracle.com "
515 |     fi
516 | 
517 |     # Return command-string for OS-script
518 |     echo "${OSPACKAGESTRING}"
519 | }
520 | 
521 | function PostBuildString {
522 |     local POSTBUILDCMD
523 | 
524 |     POSTBUILDCMD="PostBuild.sh "
525 | 
526 |     # Set the filesystem-type to use for OS filesystems
527 |     if [[ ${AMIGENFSTYPE} == "xfs" ]]
528 |     then
529 |         err_exit "Using default fstype [xfs] for boot filesysems" NONE
530 |     fi
531 |     POSTBUILDCMD+="-f ${AMIGENFSTYPE} "
532 | 
533 |     # Set location for chroot-env
534 |     if [[ ${AMIGENCHROOT} == "/mnt/ec2-root" ]]
535 |     then
536 |         err_exit "Using default chroot-env location [${AMIGENCHROOT}]" NONE
537 |     else
538 |         POSTBUILDCMD+="-m ${AMIGENCHROOT} "
539 |     fi
540 | 
541 |     # Set AMI starting time-zone
542 |     if [[ ${AMIGENTIMEZONE} == "UTC" ]]
543 |     then
544 |         err_exit "Using default AMI timezone [${AMIGENCHROOT}]" NONE
545 |     else
546 |         POSTBUILDCMD+="-z ${AMIGENTIMEZONE} "
547 |     fi
548 | 
549 |     # Set image GRUB_TIMEOUT value
550 |     POSTBUILDCMD+="--grub-timeout ${GRUBTMOUT}"
551 | 
552 |     # Return command-string for OS-script
553 |     echo "${POSTBUILDCMD}"
554 | }
555 | 
556 | function PrepBuildDevice {
557 |     local ROOT_DEV
558 |     local ROOT_DISK
559 |     local DISKS
560 | 
561 |     # Select the disk to use for the build
562 |     err_exit "Detecting the root device..." NONE
563 |     ROOT_DEV="$( grep ' / ' /proc/mounts | cut -d " " -f 1 )"
564 |     if [[ ${ROOT_DEV} == /dev/nvme* ]]
565 |     then
566 |       ROOT_DISK="${ROOT_DEV//p*/}"
567 |       IFS=" " read -r -a DISKS <<< "$(echo /dev/nvme*n1)"
568 |     else
569 |       err_exit "ERROR: This script supports nvme device naming. Could not determine root disk from device name: ${ROOT_DEV}"
570 |     fi
571 | 
572 |     if [[ "$USEROOTDEVICE" = "true" ]]
573 |     then
574 |       AMIGENBUILDDEV="${ROOT_DISK}"
575 |     elif [[ ${#DISKS[@]} -gt 2 ]]
576 |     then
577 |       err_exit "ERROR: This script supports at most 2 attached disks. Detected ${#DISKS[*]} disks"
578 |     else
579 |       AMIGENBUILDDEV="$(echo "${DISKS[@]/$ROOT_DISK}" | tr -d '[:space:]')"
580 |     fi
581 |     err_exit "Using ${AMIGENBUILDDEV} as the build device." NONE
582 | 
583 |     # Make sure the disk has a GPT label
584 |     err_exit "Checking ${AMIGENBUILDDEV} for a GPT label..." NONE
585 |     if ! blkid "$AMIGENBUILDDEV"
586 |     then
587 |         err_exit "No label detected. Creating GPT label on ${AMIGENBUILDDEV}..." NONE
588 |         parted -s "$AMIGENBUILDDEV" -- mklabel gpt
589 |         blkid "$AMIGENBUILDDEV"
590 |         err_exit "Created empty GPT configuration on ${AMIGENBUILDDEV}" NONE
591 |     else
592 |         err_exit "GPT label detected on ${AMIGENBUILDDEV}" NONE
593 |     fi
594 | }
595 | 
596 | ##########################
597 | ## Main program section ##
598 | ##########################
599 | 
600 | set -x
601 | set -e
602 | set -o pipefail
603 | 
604 | echo "Restarting networkd/resolved for DNS resolution"
605 | systemctl restart systemd-networkd systemd-resolved
606 | 
607 | # Ensure build-tools directory exists
608 | if [[ ! -d ${ELBUILD} ]]
609 | then
610 |     err_exit "Creating build-tools directory [${ELBUILD}]..." NONE
611 |     install -dDm 000755 "${ELBUILD}" || \
612 |         err_exit "Failed creating build-tools directory"
613 | fi
614 | 
615 | # Pull build-tools from git clone-source
616 | git clone --branch "${AMIGENBRANCH}" "${AMIGENSOURCE}" "${ELBUILD}"
617 | 
618 | # Execute build-tools
619 | BuildChroot
620 | 


--------------------------------------------------------------------------------
/spel/scripts/base.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Get major version
 4 | EL=$(rpm -qa --queryformat '%{VERSION}\n' '(redhat|sl|slf|centos|oraclelinux)-release(|-server|-workstation|-client|-computenode)')
 5 | 
 6 | # Setup repos
 7 | echo "installing the epel repo"
 8 | yum -y install "https://dl.fedoraproject.org/pub/epel/epel-release-latest-${EL}.noarch.rpm" >/dev/null
 9 | 
10 | # Update the box
11 | echo "installing updates"
12 | yum clean all >/dev/null
13 | bash /tmp/retry.sh 5 yum -y update >/dev/null
14 | 
15 | # Install common deps
16 | echo "installing common dependencies"
17 | bash /tmp/retry.sh 5 yum -y install virt-what unzip >/dev/null
18 | 
19 | # Install python3 (from epel)
20 | yum -y install python36
21 | 
22 | # Tweak sshd to prevent DNS resolution (speed up logins)
23 | echo "disabling dns resolution in sshd"
24 | if [[ $(grep -q '^UseDNS' /etc/ssh/sshd_config)$? -eq 0 ]]
25 | then
26 |     sed -i -e 's/^UseDNS.*/UseDNS no/' /etc/ssh/sshd_config
27 | else
28 |     sed -i "$ a\UseDNS no" /etc/ssh/sshd_config
29 | fi
30 | 


--------------------------------------------------------------------------------
/spel/scripts/builder-prep-9.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # shellcheck disable=SC2034,SC2046
  3 | #
  4 | # Execute AMIGen9 scripts to prepare an EC2 instance for the AMI Create Image
  5 | # task.
  6 | #
  7 | ##############################################################################
  8 | PROGNAME="$(basename "$0")"
  9 | AMIGENREPOS="${SPEL_AMIGENREPOS}"
 10 | AMIGENREPOSRC="${SPEL_AMIGENREPOSRC}"
 11 | AMIGENSOURCE="${SPEL_AMIGEN9SOURCE:-https://github.com/plus3it/AMIgen9.git}"
 12 | EXTRARPMS="${SPEL_EXTRARPMS}"
 13 | HTTP_PROXY="${SPEL_HTTP_PROXY}"
 14 | USEDEFAULTREPOS="${SPEL_USEDEFAULTREPOS:-true}"
 15 | 
 16 | 
 17 | read -r -a BUILDDEPS <<< "${SPEL_BUILDDEPS:-lvm2 yum-utils unzip git dosfstools python3-pip}"
 18 | 
 19 | ELBUILD="/tmp/el-build"
 20 | 
 21 | # Make interactive-execution more-verbose unless explicitly told not to
 22 | if [[ $( tty -s ) -eq 0 ]] && [[ -z ${DEBUG:-} ]]
 23 | then
 24 |     DEBUG="true"
 25 | fi
 26 | 
 27 | 
 28 | # Error handler function
 29 | function err_exit {
 30 |     local ERRSTR
 31 |     local ISNUM
 32 |     local SCRIPTEXIT
 33 | 
 34 |     ERRSTR="${1}"
 35 |     ISNUM='^[0-9]+$'
 36 |     SCRIPTEXIT="${2:-1}"
 37 | 
 38 |     if [[ ${DEBUG} == true ]]
 39 |     then
 40 |         # Our output channels
 41 |         logger -i -t "${PROGNAME}" -p kern.crit -s -- "${ERRSTR}"
 42 |     else
 43 |         logger -i -t "${PROGNAME}" -p kern.crit -- "${ERRSTR}"
 44 |     fi
 45 | 
 46 |     # Only exit if requested exit is numerical
 47 |     if [[ ${SCRIPTEXIT} =~ ${ISNUM} ]]
 48 |     then
 49 |         exit "${SCRIPTEXIT}"
 50 |     fi
 51 | }
 52 | 
 53 | # Setup per-builder values
 54 | case $( rpm -qf /etc/os-release --qf '%{name}' ) in
 55 |     centos-linux-release | centos-stream-release )
 56 |         BUILDER=centos-9stream
 57 | 
 58 |         DEFAULTREPOS=(
 59 |             baseos
 60 |             appstream
 61 |             extras-common
 62 |         )
 63 |         ;;
 64 |     redhat-release-server|redhat-release)
 65 |         BUILDER=rhel-9
 66 | 
 67 |         DEFAULTREPOS=(
 68 |             rhel-9-appstream-rhui-rpms
 69 |             rhel-9-baseos-rhui-rpms
 70 |             rhui-client-config-server-9
 71 |         )
 72 |         ;;
 73 |     oraclelinux-release)
 74 |         BUILDER=ol-9
 75 | 
 76 |         DEFAULTREPOS=(
 77 |             ol9_UEKR7
 78 |             ol9_appstream
 79 |             ol9_baseos_latest
 80 |         )
 81 |         ;;
 82 |     *)
 83 |         echo "Unknown OS. Aborting" >&2
 84 |         exit 1
 85 |         ;;
 86 | esac
 87 | DEFAULTREPOS+=()
 88 | 
 89 | # Default to enabling default repos
 90 | ENABLEDREPOS=$(IFS=,; echo "${DEFAULTREPOS[*]}")
 91 | 
 92 | if [[ "$USEDEFAULTREPOS" != "true" ]]
 93 | then
 94 |     # Enable AMIGENREPOS exclusively when instructed not to use default repos
 95 |     ENABLEDREPOS="${AMIGENREPOS}"
 96 | elif [[ -n "${AMIGENREPOS:-}" ]]
 97 | then
 98 |     # When using default repos, also enable AMIGENREPOS if present
 99 |     ENABLEDREPOS+=,"${AMIGENREPOS}"
100 | fi
101 | 
102 | 
103 | retry()
104 | {
105 |     # Make an arbitrary number of attempts to execute an arbitrary command,
106 |     # passing it arbitrary parameters. Convenient for working around
107 |     # intermittent errors (which occur often with poor repo mirrors).
108 |     #
109 |     # Returns the exit code of the command.
110 |     local n=0
111 |     local try=$1
112 |     local cmd="${*: 2}"
113 |     local result=1
114 |     [[ $# -le 1 ]] && {
115 |         echo "Usage $0 <number_of_retry_attempts> <Command>"
116 |         exit $result
117 |     }
118 | 
119 |     echo "Will try $try time(s) :: $cmd"
120 | 
121 |     if [[ "${SHELLOPTS}" == *":errexit:"* ]]
122 |     then
123 |         set +e
124 |         local ERREXIT=1
125 |     fi
126 | 
127 |     until [[ $n -ge $try ]]
128 |     do
129 |         sleep $n
130 |         $cmd
131 |         result=$?
132 |         if [[ $result -eq 0 ]]
133 |         then
134 |             break
135 |         else
136 |             ((n++))
137 |             echo "Attempt $n, command failed :: $cmd"
138 |         fi
139 |     done
140 | 
141 |     if [[ "${ERREXIT}" == "1" ]]
142 |     then
143 |         set -e
144 |     fi
145 | 
146 |     return $result
147 | }  # ----------  end of function retry  ----------
148 | 
149 | 
150 | # Disable strict hostkey checking
151 | function DisableStrictHostCheck {
152 |     local HOSTVAL
153 | 
154 |     if [[ ${1:-} == '' ]]
155 |     then
156 |         err_exit "No connect-string passed to function [${0}]"
157 |     else
158 |         HOSTVAL="$( sed -e 's/^.*@//' -e 's/:.*$//' <<< "${1}" )"
159 |     fi
160 | 
161 |     # Git host-target parameters
162 |     err_exit "Disabling SSH's strict hostkey checking for ${HOSTVAL}" NONE
163 |     (
164 |         printf "Host %s\n" "${HOSTVAL}"
165 |         printf "  Hostname %s\n" "${HOSTVAL}"
166 |         printf "  StrictHostKeyChecking off\n"
167 |     ) >> "${HOME}/.ssh/config" || \
168 |     err_exit "Failed disabling SSH's strict hostkey checking"
169 | }
170 | 
171 | 
172 | 
173 | ##########################
174 | ## Main program section ##
175 | ##########################
176 | 
177 | set -x
178 | set -e
179 | set -o pipefail
180 | 
181 | # Install supplementary tooling
182 | if [[ ${#BUILDDEPS[@]} -gt 0 ]]
183 | then
184 |     err_exit "Installing build-host dependencies" NONE
185 |     yum -y install "${BUILDDEPS[@]}" || \
186 |         err_exit "Failed installing build-host dependencies"
187 | 
188 |     err_exit "Verifying build-host dependencies" NONE
189 |     rpm -q "${BUILDDEPS[@]}" || \
190 |         err_exit "Verification failed"
191 | fi
192 | 
193 | if [[ -n "${HTTP_PROXY:-}" ]]
194 | then
195 |     echo "Setting Git Config Proxy"
196 |     git config --global http.proxy "${HTTP_PROXY}"
197 |     echo "Set git config to use proxy"
198 | fi
199 | 
200 | if [[ -n "${EPELREPO:-}" ]]
201 | then
202 |     yum-config-manager --enable "$EPELREPO" > /dev/null
203 | fi
204 | 
205 | echo "Installing custom repo packages in the builder box"
206 | IFS="," read -r -a BUILDER_AMIGENREPOSRC <<< "$AMIGENREPOSRC"
207 | for RPM in "${BUILDER_AMIGENREPOSRC[@]}"
208 | do
209 |     {
210 |         STDERR=$( yum -y install "$RPM" 2>&1 1>&$out );
211 |     } {out}>&1 || echo "$STDERR" | grep "Error: Nothing to do"
212 | done
213 | 
214 | echo "Enabling repos in the builder box"
215 | yum-config-manager --disable "*" > /dev/null
216 | yum-config-manager --enable "$ENABLEDREPOS" > /dev/null
217 | 
218 | echo "Installing specified extra packages in the builder box"
219 | IFS="," read -r -a BUILDER_EXTRARPMS <<< "$EXTRARPMS"
220 | for RPM in "${BUILDER_EXTRARPMS[@]}"
221 | do
222 |     {
223 |         STDERR=$( yum -y install "$RPM" 2>&1 1>&$out );
224 |     } {out}>&1 || echo "$STDERR" | grep "Error: Nothing to do"
225 | done
226 | 
227 | # Disable strict host-key checking when doing git-over-ssh
228 | if [[ ${AMIGENSOURCE} =~ "@" ]]
229 | then
230 |     DisableStrictHostCheck "${AMIGENSOURCE}"
231 | fi
232 | 


--------------------------------------------------------------------------------
/spel/scripts/cleanup.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Remove deps no longer needed
 4 | REMOVE_DEPS="virt-what"
 5 | yum -y remove --setopt=clean_requirements_on_remove=1 ${REMOVE_DEPS} >/dev/null
 6 | 
 7 | # Generate RPM manifest
 8 | cat /etc/redhat-release > /tmp/manifest.txt
 9 | rpm -qa | sort -u >> /tmp/manifest.txt
10 | 
11 | # Remove yum artifacts
12 | yum --enablerepo=* clean all >/dev/null
13 | rm -rf /var/cache/yum
14 | rm -rf /var/lib/yum
15 | 
16 | # Removing leftover leases and persistent rules
17 | echo "cleaning up dhcp leases"
18 | rm -f /var/lib/dhclient/*
19 | 
20 | # Make sure Udev doesn't block our network
21 | echo "cleaning up udev rules"
22 | rm -f /etc/udev/rules.d/70-persistent-net.rules
23 | mkdir /etc/udev/rules.d/70-persistent-net.rules
24 | rm -rf /dev/.udev/
25 | rm -f /lib/udev/rules.d/75-persistent-net-generator.rules
26 | 
27 | # Ensure unique SSH hostkeys
28 | echo "generating new ssh hostkeys"
29 | shred -uz /etc/ssh/*key*
30 | service sshd restart
31 | 
32 | # Clean out miscellaneous log files
33 | for FILE in boot.log btmp cloud-init.log cloud-init-output.log cron dmesg \
34 |     dmesg.old dracut.log lastlog maillog messages secure spooler tallylog \
35 |     wtmp yum.log rhsm/rhsmcertd.log rhsm/rhsm.log sa/sa22
36 | do
37 |     if [[ -e /var/log/$FILE ]];
38 |     then
39 |         cat /dev/null > /var/log/${FILE}
40 |     fi
41 | done
42 | 
43 | # Clean out audit logs
44 | find -L /var/log/audit -type f -print0 | xargs -0 shred -uz
45 | 
46 | # Clean out root's history buffers and files
47 | echo "cleaning shell history"
48 | history -c ; cat /dev/null > /root/.bash_history
49 | 


--------------------------------------------------------------------------------
/spel/scripts/dep.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Setup the the box. This runs as root
4 | 
5 | 
6 | # You can install anything you need here.
7 | 


--------------------------------------------------------------------------------
/spel/scripts/free-root.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #
 3 | # Script to more-thorougly clear out processes that may be holding the boot-
 4 | # disk open
 5 | #
 6 | ################################################################################
 7 | 
 8 | set -x
 9 | set -e
10 | 
11 | echo "Restarting systemd"
12 | systemctl daemon-reexec
13 | 
14 | # The auditd (UpStart) service may or may not be running...
15 | if [[ $( service auditd status > /dev/null 2>&1 )$? -eq 0 ]]
16 | then
17 |   echo "Killing auditd"
18 |   service auditd stop
19 | else
20 |   echo "The auditd service is not running"
21 | fi
22 | 
23 | echo "Kill all non-essential services"
24 | for SERVICE in $(
25 |   systemctl list-units --type=service --state=running | \
26 |   awk '/loaded active running/{ print $1 }' | \
27 |   grep -Ev '(audit|sshd|user@)'
28 | )
29 | do
30 |   echo "Killing ${SERVICE}"
31 |   systemctl stop "${SERVICE}"
32 | done
33 | 
34 | echo "Sleeping to allow everything to stop"
35 | sleep 10
36 | 
37 | if [[ $( mountpoint -q /oldroot )$? -eq 0 ]]
38 | then
39 |   echo "Killing processes locking /oldroot"
40 |   fuser -vmk /oldroot
41 | else
42 |   echo "NO-OP: /oldroot is not a mount"
43 | fi
44 | 


--------------------------------------------------------------------------------
/spel/scripts/pivot-root.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | ##############################################################################
 4 | #
 5 | # Pivot the root partition to a tmpfs mount point so that the root volume can
 6 | # be re-partitioned.
 7 | #
 8 | ##############################################################################
 9 | 
10 | set -x
11 | set -e
12 | 
13 | # Get fuser
14 | echo "Installing psmisc RPM..."
15 | yum -y install psmisc
16 | 
17 | # Get rid of anything that might be in the /boot hierarchy
18 | for BOOT_DIR in /boot{/efi,}
19 | do
20 |   if  [[ -d ${BOOT_DIR} ]] &&
21 |       [[ $( mountpoint "${BOOT_DIR}" ) == "${BOOT_DIR} is a mountpoint" ]]
22 |   then
23 |     fuser -vmk "${BOOT_DIR}" || true
24 |     umount "${BOOT_DIR}"
25 |   fi
26 | done
27 | 
28 | 
29 | # Create tmpfs mount
30 | echo "Creating /tmproot..."
31 | install -Ddm 000755 /tmp/tmproot
32 | echo "Mounting tmpfs to /tmp/tmproot..."
33 | mount none /tmp/tmproot -t tmpfs
34 | 
35 | # Copy everything to the tmpfs mount
36 | echo "Copying / to /tmp/tmproot..."
37 | cp -ax / /tmp/tmproot
38 | 
39 | echo "Copying dev-nodes to /tmp/tmproot..."
40 | cp -a /dev /tmp/tmproot
41 | 
42 | # Switch / to tmpfs
43 | echo "Creating /tmp/tmproot/oldroot..."
44 | mkdir /tmp/tmproot/oldroot
45 | 
46 | echo "Prepare for pivot_root action..."
47 | mount --make-rprivate /
48 | 
49 | echo "Execute pivot_root..."
50 | pivot_root /tmp/tmproot /tmp/tmproot/oldroot
51 | 
52 | echo "Move sub-mounts into /oldroot..."
53 | mount --move /oldroot/dev /dev
54 | mount --move /oldroot/proc /proc
55 | mount --move /oldroot/sys /sys
56 | mount --move /oldroot/run /run
57 | if [[ $( mountpoint /oldroot/tmp ) =~ "is a mountpoint" ]]
58 | then
59 |   mount --move /oldroot/tmp /tmp
60 | fi
61 | 
62 | # Unmount everything we can on /oldroot
63 | MOUNTS=$(
64 |     cut -d ' ' -f 2 /proc/mounts | \
65 |     grep '/oldroot/' | \
66 |     sort -ru
67 | )
68 | if [[ ${#MOUNTS} -ne 0 ]]
69 | then
70 |   echo "Attempting to clear stragglers found in /proc/mounts"
71 | 
72 |   echo "$MOUNTS" | while IFS= read -r MOUNT
73 |   do
74 |     echo "Attempting to dismount ${MOUNT}... "
75 |     umount "$MOUNT" || true
76 |   done
77 | else
78 |   echo "Found no stragglers in /proc/mounts"
79 | fi
80 | 
81 | # Restart sshd to relink it to /tmp/tmproot
82 | if systemctl is-active --quiet firewalld ; then systemctl stop firewalld ; fi
83 | systemctl restart sshd
84 | 
85 | # Kill ssh processes, releasing any locks on /oldroot, and forcing packer to reconnect
86 | pkill --signal HUP sshd
87 | 


--------------------------------------------------------------------------------
/spel/scripts/retry.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Make an arbitrary number of attempts to execute an arbitrary command,
 3 | # passing it arbitrary parameters. Convenient for working around
 4 | # intermittent errors (which occur often with poor repo mirrors).
 5 | #
 6 | # Returns the exit code of the command.
 7 | 
 8 | retry()
 9 | {
10 |     local n=0
11 |     local try=$1
12 |     local cmd="${*: 2}"
13 |     local result=1
14 |     [[ $# -le 1 ]] && {
15 |         echo "Usage $0 <number_of_retry_attempts> <Command>"
16 |         exit $result
17 |     }
18 | 
19 |     echo "Will try $try time(s) :: $cmd"
20 | 
21 |     if [[ "${SHELLOPTS}" == *":errexit:"* ]]
22 |     then
23 |         set +e
24 |         local ERREXIT=1
25 |     fi
26 | 
27 |     until [[ $n -ge $try ]]
28 |     do
29 |         sleep $n
30 |         $cmd
31 |         result=$?
32 |         if [[ $result -eq 0 ]]
33 |         then
34 |             break
35 |         else
36 |             ((n++))
37 |             echo "Attempt $n, command failed :: $cmd"
38 |         fi
39 |     done
40 | 
41 |     if [[ "${ERREXIT}" == "1" ]]
42 |     then
43 |         set -e
44 |     fi
45 | 
46 |     return $result
47 | }  # ----------  end of function retry  ----------
48 | 
49 | retry "$@"
50 | exit $?
51 | 


--------------------------------------------------------------------------------
/spel/scripts/vagrant.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Vagrant specific
 4 | date > /etc/vagrant_box_build_time
 5 | 
 6 | # Configure vagrant user
 7 | id vagrant 2>/dev/null || \
 8 |     ( useradd -m -r vagrant && echo "vagrant:vagrant" | chpasswd )
 9 | 
10 | # Installing vagrant keys
11 | echo "installing vagrant keys"
12 | /bin/mkdir -p /home/vagrant/.ssh
13 | /bin/chmod 0700 /home/vagrant/.ssh
14 | /usr/bin/curl -s -S --retry 5 -L -o /home/vagrant/.ssh/authorized_keys https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub
15 | /bin/chown -R vagrant:vagrant /home/vagrant/.ssh
16 | /bin/chmod 0600 /home/vagrant/.ssh/*
17 | 
18 | # Customize the message of the day
19 | echo 'Development Environment' > /etc/motd
20 | 


--------------------------------------------------------------------------------
/spel/scripts/virtualbox.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Bail if we are not running inside VirtualBox.
 4 | if [[ "$(virt-what | head -1)" != "virtualbox" ]]; then
 5 |     exit 0
 6 | fi
 7 | 
 8 | # Install deps
 9 | echo "installing virtualbox guest addition dependencies"
10 | VBOX_GUEST_DEPS=(kernel-devel kernel-headers gcc perl)
11 | test "$(rpm --quiet -q bzip2)$?" -eq 0 || VBOX_GUEST_DEPS+=(bzip2)
12 | bash /tmp/retry.sh 5 yum -y install "${VBOX_GUEST_DEPS[@]}"
13 | bash /tmp/retry.sh 5 yum -y install dkms make
14 | KERN_DIR=/lib/modules/$(uname -r)/build
15 | export KERN_DIR
16 | 
17 | # Install VirtualBox Guest Additions
18 | echo "installing virtualbox guest additions"
19 | mkdir -p /mnt/virtualbox
20 | mount -o loop /home/vagrant/VBoxGuest*.iso /mnt/virtualbox
21 | sh /mnt/virtualbox/VBoxLinuxAdditions.run || (cat /var/log/vboxadd-setup.log && exit 1)
22 | ln -sf /opt/VBoxGuestAdditions-*/lib/VBoxGuestAdditions /usr/lib/VBoxGuestAdditions
23 | umount /mnt/virtualbox
24 | rm -rf /home/vagrant/VBoxGuest*.iso
25 | 
26 | # Remove deps
27 | echo "removing virtualbox guest addition dependencies"
28 | yum -y remove --setopt=clean_requirements_on_remove=1 "${VBOX_GUEST_DEPS[@]}"
29 | 


--------------------------------------------------------------------------------
/spel/scripts/vmware.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Bail if we are not running inside VMWare.
 4 | if [[ "$(virt-what | head -1)" != "vmware" ]]; then
 5 |     exit 0
 6 | fi
 7 | 
 8 | # Install the VMWare Tools from a linux ISO.
 9 | echo "installing vmware tools"
10 | 
11 | #wget http://192.168.0.185/linux.iso -P /tmp
12 | mkdir -p /mnt/vmware
13 | mount -o loop /home/vagrant/linux.iso /mnt/vmware
14 | 
15 | cd /tmp || exit 1
16 | tar xzf /mnt/vmware/VMwareTools-*.tar.gz
17 | 
18 | umount /mnt/vmware
19 | rm -fr /home/vagrant/linux.iso
20 | 
21 | /tmp/vmware-tools-distrib/vmware-install.pl -d
22 | rm -fr /tmp/vmware-tools-distrib
23 | 


--------------------------------------------------------------------------------
/spel/scripts/zerodisk.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Zero out the free space to save space in the final image:
 4 | echo "zeroing out free space"
 5 | dd if=/dev/zero of=/EMPTY bs=1M || true
 6 | rm -f /EMPTY
 7 | 
 8 | # Sync to ensure that the delete completes before this moves on.
 9 | sync
10 | sync
11 | sync
12 | 


--------------------------------------------------------------------------------
/spel/userdata/userdata.cloud:
--------------------------------------------------------------------------------
 1 | #cloud-config
 2 | 
 3 | ##############################################################################
 4 | # Set the default cloud-init user to `spel`
 5 | ##############################################################################
 6 | user:
 7 |   name: spel
 8 |   gecos: spel admin account
 9 |   lock_passwd: true
10 |   sudo: "ALL=(root) NOPASSWD:ALL"
11 |   selinux_user: unconfined_u
12 | 
13 | runcmd:
14 |   # use default crypto policies, if possible
15 |   - update-crypto-policies --set DEFAULT || true
16 | 


--------------------------------------------------------------------------------
/tests/conftest.py:
--------------------------------------------------------------------------------
 1 | """Configuration for pytest."""
 2 | 
 3 | import os
 4 | import urllib.error
 5 | import urllib.request
 6 | 
 7 | import distro
 8 | import pytest
 9 | 
10 | # Static globals
11 | METADATA_KERNEL = "http://169.254.169.254/latest/meta-data/kernel-id"
12 | FIPS_DISABLED = set(["true", "TRUE", "1", "on"])
13 | 
14 | # Markers
15 | VIRTUALIZATION_MARKERS = set(["hvm", "paravirtual"])
16 | PLAT_MARKERS = set(["el7", "el8", "el9"])
17 | FIPS_MARKERS = set(["fips_enabled", "fips_disabled"])
18 | AMIUTILS_MARKERS = set(["amiutils_enabled", "amiutils_disabled"])
19 | 
20 | # Platform-specific globals
21 | PLAT = "el" + distro.major_version()
22 | FIPS = (
23 |     "fips_disabled"
24 |     if os.environ.get("SPEL_DISABLEFIPS") in FIPS_DISABLED
25 |     else "fips_enabled"
26 | )
27 | AMIUTILS = (
28 |     "amiutils_enabled" if os.environ.get("SPEL_AMIUTILSOURCE") else "amiutils_disabled"
29 | )
30 | VIRT = "hvm"
31 | try:
32 |     with urllib.request.urlopen(METADATA_KERNEL):
33 |         VIRT = "paravirtual"
34 | except urllib.error.URLError:
35 |     pass
36 | 
37 | 
38 | def pytest_configure(config):
39 |     """Configure pytest."""
40 |     config.addinivalue_line("markers", "el8: mark test to run only on el8 platforms")
41 |     config.addinivalue_line("markers", "el9: mark test to run only on el9 platforms")
42 |     config.addinivalue_line("markers", "hvm: mark test to run only on hvm instances")
43 |     config.addinivalue_line(
44 |         "markers", "paravirtual: mark test to run only on paravirtual instances"
45 |     )
46 |     config.addinivalue_line(
47 |         "markers", "fips_enabled: mark test to run only if fips is enabled"
48 |     )
49 |     config.addinivalue_line(
50 |         "markers", "fips_disabled: mark test to run only if fips is disabled"
51 |     )
52 |     config.addinivalue_line(
53 |         "markers", "amiutils_enabled: mark test to run only if AMI Utils pkgs were used"
54 |     )
55 |     config.addinivalue_line(
56 |         "markers",
57 |         "amiutils_disabled: mark test to run only if AMI Utils pkgs were not used",
58 |     )
59 | 
60 | 
61 | def pytest_runtest_setup(item):
62 |     """Configure pytest."""
63 |     if isinstance(item, pytest.Function):
64 |         if not item.get_closest_marker(PLAT):
65 |             if PLAT_MARKERS.intersection(item.keywords):
66 |                 pytest.skip(f"does not run on platform {PLAT}")
67 |         if not item.get_closest_marker(VIRT):
68 |             if VIRTUALIZATION_MARKERS.intersection(item.keywords):
69 |                 pytest.skip(f"does not run on virtualization type {VIRT}")
70 |         if not item.get_closest_marker(FIPS):
71 |             if FIPS_MARKERS.intersection(item.keywords):
72 |                 pytest.skip(f"test incompatible with fips mode, {FIPS}")
73 |         if not item.get_closest_marker(AMIUTILS_MARKERS):
74 |             if AMIUTILS_MARKERS.intersection(item.keywords):
75 |                 pytest.skip(f"does not run when ami utils is deselected, {AMIUTILS}")
76 | 
77 | 
78 | def pytest_logger_stdoutloggers(item):  # pylint: disable=unused-argument
79 |     """Configure pytest logger."""
80 |     return ["spel_validation"]
81 | 


--------------------------------------------------------------------------------
/tests/minimal-linux.pkr.hcl:
--------------------------------------------------------------------------------
  1 | variable "aws_region" {
  2 |   type    = string
  3 |   default = "us-east-1"
  4 | }
  5 | 
  6 | variable "aws_source_ami_centos8stream_hvm" {
  7 |   type    = string
  8 |   default = env("amazon_ebssurrogate_minimal_centos_8stream_hvm")
  9 | }
 10 | 
 11 | variable "aws_source_ami_centos9stream_hvm" {
 12 |   type    = string
 13 |   default = env("amazon_ebssurrogate_minimal_centos_9stream_hvm")
 14 | }
 15 | 
 16 | variable "aws_source_ami_ol_8_hvm" {
 17 |   type    = string
 18 |   default = env("amazon_ebssurrogate_minimal_ol_8_hvm")
 19 | }
 20 | 
 21 | variable "aws_source_ami_ol_9_hvm" {
 22 |   type    = string
 23 |   default = env("amazon_ebssurrogate_minimal_ol_9_hvm")
 24 | }
 25 | 
 26 | variable "aws_source_ami_rhel8_hvm" {
 27 |   type    = string
 28 |   default = env("amazon_ebssurrogate_minimal_rhel_8_hvm")
 29 | }
 30 | 
 31 | variable "aws_source_ami_rhel9_hvm" {
 32 |   type    = string
 33 |   default = env("amazon_ebssurrogate_minimal_rhel_9_hvm")
 34 | }
 35 | 
 36 | variable "aws_ssh_interface" {
 37 |   type    = string
 38 |   default = "public_dns"
 39 | }
 40 | 
 41 | variable "aws_subnet_id" {
 42 |   type    = string
 43 |   default = ""
 44 | }
 45 | 
 46 | variable "aws_temporary_security_group_source_cidrs" {
 47 |   type    = list(string)
 48 |   default = ["0.0.0.0/0"]
 49 | }
 50 | 
 51 | variable "spel_amiutilsource" {
 52 |   type    = string
 53 |   default = env("SPEL_AMIUTILSOURCE")
 54 | }
 55 | 
 56 | variable "spel_disablefips" {
 57 |   type    = string
 58 |   default = ""
 59 | }
 60 | 
 61 | variable "spel_identifier" {
 62 |   type    = string
 63 |   default = env("SPEL_IDENTIFIER")
 64 | }
 65 | 
 66 | variable "spel_pypi_url" {
 67 |   type    = string
 68 |   default = "https://pypi.org/simple"
 69 | }
 70 | 
 71 | variable "spel_version" {
 72 |   type    = string
 73 |   default = env("SPEL_VERSION")
 74 | }
 75 | 
 76 | source "amazon-ebs" "base" {
 77 |   ami_description             = "This is a validation AMI for ${var.spel_identifier}-${source.name}-${var.spel_version}.x86_64-gp3"
 78 |   ami_name                    = "validation-${var.spel_identifier}-${source.name}-${var.spel_version}.x86_64-gp3"
 79 |   associate_public_ip_address = true
 80 |   communicator                = "ssh"
 81 |   ena_support                 = true
 82 |   force_deregister            = true
 83 |   instance_type               = "t3.large"
 84 |   launch_block_device_mappings {
 85 |     delete_on_termination = true
 86 |     device_name           = "/dev/sda1"
 87 |     volume_size           = 21
 88 |     volume_type           = "gp3"
 89 |   }
 90 |   max_retries                           = 20
 91 |   region                                = var.aws_region
 92 |   skip_create_ami                       = true
 93 |   skip_save_build_region                = true
 94 |   sriov_support                         = true
 95 |   ssh_interface                         = var.aws_ssh_interface
 96 |   ssh_port                              = 22
 97 |   ssh_pty                               = true
 98 |   ssh_username                          = "spel"
 99 |   subnet_id                             = var.aws_subnet_id
100 |   tags                                  = { Name = "" } # Empty name tag avoids inheriting "Packer Builder"
101 |   temporary_security_group_source_cidrs = var.aws_temporary_security_group_source_cidrs
102 |   user_data_file                        = "${path.root}/userdata/validation.cloud"
103 | }
104 | 
105 | build {
106 |   source "amazon-ebs.base" {
107 |     source_ami = var.aws_source_ami_centos8stream_hvm
108 |     name       = "minimal-centos-8stream-hvm"
109 |   }
110 | 
111 |   source "amazon-ebs.base" {
112 |     source_ami = var.aws_source_ami_centos9stream_hvm
113 |     name       = "minimal-centos-9stream-hvm"
114 |   }
115 | 
116 |   source "amazon-ebs.base" {
117 |     source_ami = var.aws_source_ami_ol_8_hvm
118 |     name       = "minimal-ol-8-hvm"
119 |   }
120 | 
121 |   source "amazon-ebs.base" {
122 |     source_ami = var.aws_source_ami_ol_9_hvm
123 |     name       = "minimal-ol-9-hvm"
124 |   }
125 | 
126 |   source "amazon-ebs.base" {
127 |     source_ami = var.aws_source_ami_rhel8_hvm
128 |     name       = "minimal-rhel-8-hvm"
129 |   }
130 | 
131 |   source "amazon-ebs.base" {
132 |     source_ami = var.aws_source_ami_rhel9_hvm
133 |     name       = "minimal-rhel-9-hvm"
134 |   }
135 | 
136 |   provisioner "shell" {
137 |     execute_command = "{{ .Vars }} sudo -E /bin/bash -ex -o pipefail '{{ .Path }}'"
138 |     scripts = [
139 |       "${path.root}/scripts/grow_check.sh",
140 |     ]
141 |   }
142 | 
143 |   provisioner "shell" {
144 |     execute_command = "{{ .Vars }} sudo -E /bin/sh -ex -o pipefail '{{ .Path }}'"
145 |     inline = [
146 |       "mkdir -p /tmp/spel/tests",
147 |       "chown -R spel:spel /tmp/spel",
148 |     ]
149 |     pause_before = "5s"
150 |   }
151 | 
152 |   provisioner "file" {
153 |     destination  = "/tmp/spel/tests"
154 |     direction    = "upload"
155 |     pause_before = "5s"
156 |     source       = "tests/"
157 |   }
158 | 
159 |   provisioner "shell" {
160 |     environment_vars = [
161 |       "PYPI_URL=${var.spel_pypi_url}",
162 |     ]
163 |     execute_command = "{{ .Vars }} sudo -E /bin/sh -ex -o pipefail '{{ .Path }}'"
164 |     inline = [
165 |       "PYPI_URL=$${PYPI_URL:-https://pypi.org/simple}",
166 |       "ls -alR /tmp",
167 |       "python3 -m ensurepip",
168 |       "python3 -m pip install --index-url=\"$PYPI_URL\" --upgrade pip setuptools",
169 |       "python3 -m pip install --index-url=\"$PYPI_URL\" -r /tmp/spel/tests/requirements.txt",
170 |       "for DEV in $(lsblk -ln | awk '/ part /{ print $1}'); do pvresize /dev/$${DEV} || true; done",
171 |     ]
172 |     pause_before = "5s"
173 |   }
174 | 
175 |   provisioner "shell" {
176 |     environment_vars = [
177 |       "LVM_SUPPRESS_FD_WARNINGS=1",
178 |       "SPEL_AMIUTILSOURCE=${var.spel_amiutilsource}",
179 |       "SPEL_DISABLEFIPS=${var.spel_disablefips}",
180 |     ]
181 |     execute_command = "{{ .Vars }} sudo -E /bin/sh -ex -o pipefail '{{ .Path }}'"
182 |     inline = [
183 |       "PATH=/usr/local/bin:\"$PATH\"",
184 |       "export PATH",
185 |       "pytest --strict-markers -s -v --color=no /tmp/spel | tee /tmp/pytest.log",
186 |     ]
187 |     pause_before = "5s"
188 |   }
189 | 
190 |   provisioner "file" {
191 |     destination = ".spel/${var.spel_version}/validation-${var.spel_identifier}-${source.name}.log"
192 |     direction   = "download"
193 |     source      = "/tmp/pytest.log"
194 |   }
195 | 
196 |   post-processor "artifice" {
197 |     files = [
198 |       ".spel/${var.spel_version}/validation-${var.spel_identifier}-${source.name}.log",
199 |     ]
200 |   }
201 | }
202 | 


--------------------------------------------------------------------------------
/tests/requirements.txt:
--------------------------------------------------------------------------------
1 | distro==1.9.0
2 | pytest==7.0.1;python_version<="3.6"
3 | pytest==8.3.5;python_version>="3.7"
4 | pytest-logger==1.0.0;python_version<="3.6"
5 | pytest-logger==1.1.1;python_version>="3.7"
6 | pytest-testinfra==6.8.0;python_version<="3.6"
7 | pytest-testinfra==10.2.2;python_version>="3.7"
8 | 


--------------------------------------------------------------------------------
/tests/scripts/grow_check.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #
 3 | set -euo pipefail
 4 | #
 5 | # Script to exercise growing the partition containing the "/" filesystem
 6 | #
 7 | ################################################################################
 8 | 
 9 | 
10 | ROOT_DEV="$( grep ' / ' /proc/mounts | cut -d " " -f 1 )"
11 | 
12 | # Extract physical disk device from LVM2 VG
13 | if [[ ${ROOT_DEV} == /dev/mapper/* ]]
14 | then
15 |   ROOT_VOLGRP="$( sed -e 's#/dev/mapper/##' -e 's/-.*$//' <<< "${ROOT_DEV}" )"
16 |   echo "Printing pvdisplay output in case it is needed for troubleshooting..."
17 |   pvdisplay -S vgname="${ROOT_VOLGRP}"
18 |   ROOT_DSKPRT="$(
19 |     pvdisplay -S vgname="${ROOT_VOLGRP}" | \
20 |     awk '/PV Name/{ print $3 }'
21 |   )"
22 | else
23 |   echo "This script requires root on LVM2 volume"
24 |   exit 1
25 | fi
26 | 
27 | # Separate "/"-hosting partition from base device
28 | if [[ ${ROOT_DSKPRT} == /dev/nvme* ]]
29 | then
30 |   ROOT_DISK="${ROOT_DSKPRT//p*/}"
31 |   ROOT_PART="${ROOT_DSKPRT//*p/}"
32 | elif [[ ${ROOT_DSKPRT} =~ ^/dev/(sda)|(xvd) ]]
33 | then
34 |   ROOT_DISK="${ROOT_DSKPRT%?}"
35 |   ROOT_PART="${ROOT_DSKPRT//${ROOT_DISK}/}"
36 | else
37 |   echo "This script supports nvme, xvd, and sda device naming. Could not determine root partitioning from physical volume: ${ROOT_DSKPRT}" >&2
38 |   exit 1
39 | fi
40 | 
41 | SEL_MODE="$( getenforce )"
42 | 
43 | # Run the grow-part task
44 | if [[ -d /sys/fs/selinux ]] ; then setenforce Permissive ; fi
45 | printf "Attempting to grow %s... " "${ROOT_DSKPRT}"
46 | growpart "${ROOT_DISK}" "${ROOT_PART}"
47 | echo "Success!"
48 | if [[ -d /sys/fs/selinux ]] ; then setenforce "${SEL_MODE}" ; fi
49 | 


--------------------------------------------------------------------------------
/tests/test_ami.py:
--------------------------------------------------------------------------------
  1 | """Test spel aws ami builds."""
  2 | 
  3 | # pylint: disable=missing-function-docstring
  4 | import logging
  5 | 
  6 | import pytest
  7 | 
  8 | log = logging.getLogger("spel_validation")
  9 | log.setLevel(logging.INFO)
 10 | 
 11 | 
 12 | def test_root_volume_is_resized(host):  # noqa: D103
 13 |     cmd = "test $(vgs --noheadings -o pv_free | sed 's/ //g') != 0"
 14 |     pv_free = host.run(cmd)
 15 |     assert pv_free.exit_status == 0
 16 | 
 17 | 
 18 | @pytest.mark.amiutils_enabled
 19 | @pytest.mark.parametrize("name", [])
 20 | def test_common_amiutils_pkgs(host, name):  # noqa: D103
 21 |     pkg = host.package(name)
 22 |     if pkg.is_installed:
 23 |         log.info(
 24 |             "%s", {"pkg": pkg.name, "version": pkg.version, "release": pkg.release}
 25 |         )
 26 |     assert pkg.is_installed
 27 | 
 28 | 
 29 | def test_aws_cli_is_in_path(host):  # noqa: D103
 30 |     cmd = "aws --version"
 31 |     aws = host.run(cmd)
 32 |     log.info("\n%s", aws.stderr)
 33 |     assert host.exists("aws")
 34 | 
 35 | 
 36 | def test_repo_access(host):  # noqa: D103
 37 |     cmd = "yum -y repolist all | sed -n '/^repo id/,$p'"
 38 |     repos = host.run(cmd)
 39 |     log.info("stdout:\n%s", repos.stdout)
 40 |     log.info("stderr:\n%s", repos.stderr)
 41 |     assert repos.exit_status == 0
 42 |     assert "Errno" not in repos.stderr
 43 | 
 44 | 
 45 | def test_boot_is_mounted(host):  # noqa: D103
 46 |     boot = host.mount_point("/boot")
 47 |     assert boot.exists
 48 | 
 49 | 
 50 | def test_tmp_mount_properties(host):  # noqa: D103
 51 |     tmp = host.mount_point("/tmp")
 52 |     assert tmp.exists
 53 |     assert tmp.device == "tmpfs"
 54 |     assert tmp.filesystem == "tmpfs"
 55 | 
 56 | 
 57 | def test_selinux_enforcing(host):  # noqa: D103
 58 |     cmd = "test $(getenforce) = 'Enforcing'"
 59 |     selinux_permissive = host.run(cmd)
 60 |     assert selinux_permissive.exit_status == 0
 61 | 
 62 | 
 63 | @pytest.mark.fips_enabled
 64 | def test_fips_enabled(host):  # noqa: D103
 65 |     fips = host.file("/proc/sys/crypto/fips_enabled")
 66 |     assert fips.exists and fips.content.strip() == b"1"
 67 | 
 68 | 
 69 | @pytest.mark.fips_disabled
 70 | def test_fips_disabled(host):  # noqa: D103
 71 |     fips = host.file("/proc/sys/crypto/fips_enabled")
 72 |     assert not fips.exists or fips.content.strip() == b"0"
 73 | 
 74 | 
 75 | @pytest.mark.parametrize(
 76 |     "names",
 77 |     [
 78 |         [
 79 |             "python3",
 80 |             "python36",
 81 |             "python38",
 82 |             "python39",
 83 |         ]
 84 |     ],
 85 | )
 86 | def test_python3_installed(host, names):  # noqa: D103
 87 |     pkg = type("pkg", (object,), {"is_installed": False})
 88 |     for name in names:
 89 |         pkg = host.package(name)
 90 |         if pkg.is_installed:
 91 |             break
 92 | 
 93 |     assert pkg.is_installed
 94 |     log.info("%s", {"pkg": pkg.name, "version": pkg.version, "release": pkg.release})
 95 | 
 96 | 
 97 | @pytest.mark.parametrize(
 98 |     "realpaths,link",
 99 |     [
100 |         (
101 |             (
102 |                 "/usr/bin/python3.6",
103 |                 "/usr/libexec/platform-python3.6",
104 |                 "/usr/bin/python3.8",
105 |                 "/usr/bin/python3.9",
106 |             ),
107 |             "/usr/bin/python3",
108 |         )
109 |     ],
110 | )
111 | def test_python3_symlink(host, realpaths, link):  # noqa: D103
112 |     python3_symlink = host.file(link).linked_to
113 |     assert python3_symlink in realpaths
114 | 
115 | 
116 | @pytest.mark.parametrize("versions", [["3.6", "3.8", "3.9"]])
117 | def test_python3_version(host, versions):  # noqa: D103
118 |     cmd = "python3 --version"
119 |     python3_version = host.run(cmd)
120 |     log.info("`%s` stdout: %s", cmd, python3_version.stdout)
121 |     log.info("`%s` stderr: %s", cmd, python3_version.stderr)
122 | 
123 |     assert python3_version.exit_status == 0
124 | 
125 |     # Example stdout content: 'Python 3.6.8'
126 |     version = python3_version.stdout.strip().split()[1]
127 | 
128 |     major_minor = ".".join(version.split(".")[:2])
129 |     assert major_minor in versions
130 | 
131 | 
132 | def test_timedatectl_dbus_status(host):  # noqa: D103
133 |     cmd = "timedatectl"
134 |     timedatectl = host.run(cmd)
135 |     log.info("stdout:\n%s", timedatectl.stdout)
136 |     log.info("stderr:\n%s", timedatectl.stderr)
137 |     assert timedatectl.exit_status == 0
138 | 
139 | 
140 | def test_var_run_symlink(host):  # noqa: D103
141 |     var_run_symlink = host.file("/var/run").linked_to
142 |     assert var_run_symlink == "/run"
143 | 
144 | 
145 | @pytest.mark.parametrize(
146 |     "service",
147 |     [
148 |         ("amazon-ssm-agent.service"),
149 |     ],
150 | )
151 | def test_systemd_services(host, service):  # noqa: D103
152 |     chk_service = host.service(service)
153 |     assert chk_service.is_enabled
154 | 
155 | 
156 | @pytest.mark.el8
157 | @pytest.mark.parametrize(
158 |     "name",
159 |     [
160 |         ("spel-release"),
161 |         ("spel-dod-certs"),
162 |         ("spel-wcf-certs"),
163 |         ("amazon-ssm-agent"),
164 |         ("amazon-ec2-net-utils"),
165 |         ("ec2-hibinit-agent"),
166 |         ("ec2-instance-connect"),
167 |         ("ec2-instance-connect-selinux"),
168 |         ("ec2-utils"),
169 |     ],
170 | )
171 | def test_spel_packages_el8(host, name):  # noqa: D103
172 |     pkg = host.package(name)
173 |     if pkg.is_installed:
174 |         log.info(
175 |             "%s", {"pkg": pkg.name, "version": pkg.version, "release": pkg.release}
176 |         )
177 |     assert pkg.is_installed
178 | 
179 | 
180 | @pytest.mark.el9
181 | @pytest.mark.parametrize(
182 |     "name",
183 |     [
184 |         ("spel-release"),
185 |         ("spel-dod-certs"),
186 |         ("spel-wcf-certs"),
187 |         ("amazon-ssm-agent"),
188 |         ("amazon-ec2-net-utils"),
189 |         ("ec2-hibinit-agent"),
190 |         ("ec2-utils"),
191 |     ],
192 | )
193 | def test_spel_packages_el9(host, name):  # noqa: D103
194 |     pkg = host.package(name)
195 |     if pkg.is_installed:
196 |         log.info(
197 |             "%s", {"pkg": pkg.name, "version": pkg.version, "release": pkg.release}
198 |         )
199 |     assert pkg.is_installed
200 | 
201 | 
202 | def test_cfn_bootstrap(host):  # noqa: D103
203 |     cmd = "python3 -m pip show aws-cfn-bootstrap"
204 |     cfnbootstrap = host.run(cmd)
205 |     log.info("stdout:\n%s", cfnbootstrap.stdout)
206 |     log.info("stderr:\n%s", cfnbootstrap.stderr)
207 |     assert cfnbootstrap.exit_status == 0
208 |     assert "Version: 2.0" in cfnbootstrap.stdout
209 | 


--------------------------------------------------------------------------------
/tests/userdata/validation.cloud:
--------------------------------------------------------------------------------
 1 | #cloud-config
 2 | 
 3 | ##############################################################################
 4 | #
 5 | # Set the default cloud-init user to `spel` and update packages
 6 | #
 7 | ##############################################################################
 8 | user:
 9 |   name: spel
10 |   gecos: spel admin account
11 |   lock_passwd: true
12 |   sudo: "ALL=(root) NOPASSWD:ALL"
13 |   selinux_user: unconfined_u
14 | 


--------------------------------------------------------------------------------