From 479ec3112fae9eeeaa9ffe0668c80adf251430c9 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Thu, 25 Apr 2024 23:14:08 -0400
Subject: [PATCH 1/4] Remove all RHEL 9.2 references

At this point, we're pretty committed to RHEL 9.4 and it's very unlikely
that we'll revert back to RHEL 9.2. If we do, we can just revert this
PR. This variant isn't even building right now in the pipeline so
there's no attention paid to it and no point in carrying it.
---
 extensions-rhel-9.2.yaml |  78 -----------------------
 image-rhel-9.2.yaml      |   1 -
 manifest-rhel-9.2.yaml   | 132 ---------------------------------------
 3 files changed, 211 deletions(-)
 delete mode 100644 extensions-rhel-9.2.yaml
 delete mode 120000 image-rhel-9.2.yaml
 delete mode 100644 manifest-rhel-9.2.yaml

diff --git a/extensions-rhel-9.2.yaml b/extensions-rhel-9.2.yaml
deleted file mode 100644
index b0ebcfa0c..000000000
--- a/extensions-rhel-9.2.yaml
+++ /dev/null
@@ -1,78 +0,0 @@
-# RPMs as operating system extensions, distinct from the base ostree commit/image
-# https://github.com/openshift/enhancements/blob/master/enhancements/rhcos/extensions.md
-# and https://github.com/coreos/fedora-coreos-tracker/issues/401
-
-extensions:
-  # https://issues.redhat.com/browse/RFE-4177
-  wasm:
-    architectures:
-      - x86_64
-      - aarch64
-    packages:
-      - crun-wasm
-  # https://github.com/coreos/fedora-coreos-tracker/issues/1504
-  ipsec:
-    packages:
-      - libreswan
-      - NetworkManager-libreswan
-  # https://github.com/coreos/fedora-coreos-tracker/issues/326
-  usbguard:
-    packages:
-      - usbguard
-  kerberos:
-    packages:
-      - krb5-workstation
-      - libkadm5
-  # https://github.com/kmods-via-containers/kmods-via-containers/issues/3
-  # https://gitlab.cee.redhat.com/coreos/redhat-coreos/merge_requests/866
-  # These are currently overlaid onto the host so that they can be bind-mounted
-  # into build containers... in the future they should be a `development`
-  # extension: https://github.com/openshift/machine-config-operator/pull/2143.
-  kernel-devel:
-    packages:
-      - kernel-devel
-      - kernel-headers
-    match-base-evr: kernel
-  # These are already in the base, so they're not OS extensions, but they're
-  # useful to have in RPM form to install in kmod build containers.
-  kernel:
-    kind: development
-    packages:
-      - kernel
-      - kernel-core
-      - kernel-modules
-      - kernel-modules-extra
-    match-base-evr: kernel
-  # GRPA-2822
-  # https://github.com/openshift/machine-config-operator/pull/1330
-  # https://github.com/openshift/enhancements/blob/master/enhancements/support-for-realtime-kernel.md
-  kernel-rt:
-    architectures:
-      - x86_64
-    repos:
-      - rhel-9.2-nfv
-    packages:
-      - kernel-rt-core
-      - kernel-rt-kvm
-      - kernel-rt-modules
-      - kernel-rt-modules-extra
-      - kernel-rt-devel
-  # https://github.com/openshift/machine-config-operator/pull/2456
-  # https://github.com/openshift/enhancements/blob/master/enhancements/sandboxed-containers/sandboxed-containers-tech-preview.md
-  # GRPA-3123
-  # - kata-containers (RHAOS)
-  sandboxed-containers:
-    architectures:
-      - x86_64
-      - s390x
-    packages:
-      - kata-containers
-  # https://issues.redhat.com/browse/COS-2402
-  kernel-64k:
-    architectures:
-      - aarch64
-    packages:
-      - kernel-64k-core
-      - kernel-64k-modules
-      - kernel-64k-modules-core
-      - kernel-64k-modules-extra
diff --git a/image-rhel-9.2.yaml b/image-rhel-9.2.yaml
deleted file mode 120000
index 3abbf78c5..000000000
--- a/image-rhel-9.2.yaml
+++ /dev/null
@@ -1 +0,0 @@
-image-rhel-9.4.yaml
\ No newline at end of file
diff --git a/manifest-rhel-9.2.yaml b/manifest-rhel-9.2.yaml
deleted file mode 100644
index e4009edf9..000000000
--- a/manifest-rhel-9.2.yaml
+++ /dev/null
@@ -1,132 +0,0 @@
-# Manifest for RHCOS based on RHEL 9.2
-
-rojig:
-  license: MIT
-  name: rhcos
-  summary: OpenShift 4
-
-variables:
-  osversion: "rhel-9.2"
-
-# Include manifests common to all RHEL and CentOS Stream versions and manifest
-# common to RHEL 9 & C9S variants
-include:
-  - common.yaml
-  - packages-openshift.yaml
-
-# Starting from here, everything should be specific to RHCOS based on RHEL 9.2
-
-# See "Notes about repositories" in `docs/development.md`
-repos:
-  - rhel-9.2-baseos
-  - rhel-9.2-appstream
-  - rhel-9.2-fast-datapath
-  - rhel-9.2-server-ose-4.16
-
-# We include hours/minutes to avoid version number reuse
-automatic-version-prefix: "416.92.<date:%Y%m%d%H%M>"
-# This ensures we're semver-compatible which OpenShift wants
-automatic-version-suffix: "-"
-# Keep this is sync with the version in postprocess
-mutate-os-release: "4.16"
-
-postprocess:
-  - |
-     #!/usr/bin/env bash
-     set -xeo pipefail
-
-     # Tweak /usr/lib/os-release
-     grep -v "OSTREE_VERSION" /etc/os-release > /usr/lib/os-release.rhel
-     OCP_RELEASE="4.16"
-     (
-     . /etc/os-release
-     cat > /usr/lib/os-release <<EOF
-     NAME="${NAME} CoreOS"
-     ID="rhcos"
-     ID_LIKE="rhel fedora"
-     VERSION="${OSTREE_VERSION}"
-     VERSION_ID="${OCP_RELEASE}"
-     VARIANT="CoreOS"
-     VARIANT_ID=coreos
-     PLATFORM_ID="${PLATFORM_ID}"
-     PRETTY_NAME="${NAME} CoreOS ${OSTREE_VERSION} (Plow)"
-     ANSI_COLOR="${ANSI_COLOR}"
-     CPE_NAME="${CPE_NAME%baseos}coreos"
-     HOME_URL="${HOME_URL}"
-     DOCUMENTATION_URL="https://docs.openshift.com/container-platform/${OCP_RELEASE}/"
-     BUG_REPORT_URL="https://bugzilla.redhat.com/"
-     REDHAT_BUGZILLA_PRODUCT="OpenShift Container Platform"
-     REDHAT_BUGZILLA_PRODUCT_VERSION="${OCP_RELEASE}"
-     REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform"
-     REDHAT_SUPPORT_PRODUCT_VERSION="${OCP_RELEASE}"
-     OPENSHIFT_VERSION="${OCP_RELEASE}"
-     RHEL_VERSION="${VERSION_ID}"
-     OSTREE_VERSION="${OSTREE_VERSION}"
-     EOF
-     )
-     rm -f /etc/os-release
-     ln -s ../usr/lib/os-release /etc/os-release
-
-     # Tweak /etc/system-release, /etc/system-release-cpe & /etc/redhat-release
-     (
-     . /etc/os-release
-     cat > /usr/lib/system-release-cpe <<EOF
-     ${CPE_NAME}
-     EOF
-     cat > /usr/lib/system-release <<EOF
-     ${NAME} release ${VERSION_ID}
-     EOF
-     rm -f /etc/system-release-cpe /etc/system-release /etc/redhat-release
-     ln -s /usr/lib/system-release-cpe /etc/system-release-cpe
-     ln -s /usr/lib/system-release /etc/system-release
-     ln -s /usr/lib/system-release /etc/redhat-release
-     )
-
-     # Tweak /usr/lib/issue
-     cat > /usr/lib/issue <<EOF
-     \S \S{VERSION_ID}
-     EOF
-     rm -f /etc/issue /etc/issue.net
-     ln -s /usr/lib/issue /etc/issue
-     ln -s /usr/lib/issue /etc/issue.net
-
-     # Let's have a non-boring motd, just like CL (although theirs is more subdued
-     # nowadays compared to early versions with ASCII art).  One thing we do here
-     # is add --- as a "separator"; the idea is that any "dynamic" information should
-     # be below that.
-     # See: https://projects.engineering.redhat.com/browse/COREOS-1029
-     . /etc/os-release
-     cat > /etc/motd <<EOF
-     Red Hat Enterprise Linux CoreOS $VERSION
-       Part of OpenShift ${OPENSHIFT_VERSION}, RHCOS is a Kubernetes native operating system
-       managed by the Machine Config Operator (\`clusteroperator/machine-config\`).
-
-     WARNING: Direct SSH access to machines is not recommended; instead,
-     make configuration changes via \`machineconfig\` objects:
-       https://docs.openshift.com/container-platform/${OPENSHIFT_VERSION}/architecture/architecture-rhcos.html
-
-     ---
-     EOF
-
-# Packages that are only in RHCOS and not in SCOS or that have special
-# constraints that do not apply to SCOS
-packages:
- # We include the generic release package and tweak the os-release info in a
- # post-proces script
- - redhat-release
-
-# Packages pinned to specific repos in RHCOS 9
-repo-packages:
-  - repo: rhel-9.2-appstream
-    packages:
-      # We want the one shipping in RHEL, not the equivalently versioned one in RHAOS
-      - nss-altfiles
-  - repo: rhel-9.2-server-ose-4.16
-    packages:
-      - conmon-rs
-      - cri-o
-      - cri-tools
-      - openshift-clients
-      - openshift-kubelet
-      # Use legacy coreos/toolbox until we're ready to use containers/toolbox
-      - toolbox

From f5142f9d4d88440d41113c6d99f7023e13be2d25 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Thu, 25 Apr 2024 23:48:03 -0400
Subject: [PATCH 2/4] c9s: prefix dnf repo IDs with `c9s-`

Since we have multiple repos at play here, a naked `baseos` repo name
is ambiguous. Let's add a `c9s-` prefix to make it consistent with the
RHEL ones, e.g. `rhel-9.4-baseos`.
---
 c9s.repo            | 16 ++++++++--------
 extensions-c9s.yaml |  6 +++---
 manifest-c9s.yaml   | 14 +++++++-------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/c9s.repo b/c9s.repo
index a9ba5128e..9d416c653 100644
--- a/c9s.repo
+++ b/c9s.repo
@@ -1,4 +1,4 @@
-[baseos]
+[c9s-baseos]
 name=CentOS Stream 9 - BaseOS
 baseurl=https://composes.stream.centos.org/production/latest-CentOS-Stream/compose/BaseOS/$basearch/os
 gpgcheck=1
@@ -6,7 +6,7 @@ repo_gpgcheck=0
 enabled=1
 gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
 
-[appstream]
+[c9s-appstream]
 name=CentOS Stream 9 - AppStream
 baseurl=https://composes.stream.centos.org/production/latest-CentOS-Stream/compose/AppStream/$basearch/os
 gpgcheck=1
@@ -14,7 +14,7 @@ repo_gpgcheck=0
 enabled=1
 gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
 
-[extras-common]
+[c9s-extras-common]
 name=CentOS Stream 9 - Extras packages
 baseurl=https://mirror.stream.centos.org/SIGs/9-stream/extras/$basearch/extras-common
 gpgcheck=1
@@ -22,7 +22,7 @@ repo_gpgcheck=0
 enabled=1
 gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
 
-[nfv]
+[c9s-nfv]
 name=CentOS Stream 9 - NFV
 baseurl=https://composes.stream.centos.org/production/latest-CentOS-Stream/compose/NFV/$basearch/os
 gpgcheck=1
@@ -30,7 +30,7 @@ repo_gpgcheck=0
 enabled=1
 gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
 
-[rt]
+[c9s-rt]
 name=CentOS Stream 9 - RT
 baseurl=https://composes.stream.centos.org/production/latest-CentOS-Stream/compose/RT/$basearch/os
 gpgcheck=1
@@ -38,7 +38,7 @@ repo_gpgcheck=0
 enabled=1
 gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
 
-[sig-nfv]
+[c9s-sig-nfv]
 name=CentOS Stream 9 - SIG NFV
 baseurl=https://mirror.stream.centos.org/SIGs/9-stream/nfv/$basearch/openvswitch-2/
 gpgcheck=1
@@ -46,7 +46,7 @@ repo_gpgcheck=0
 enabled=1
 gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-NFV
 
-[sig-virtualization]
+[c9s-sig-virtualization]
 name=CentOS Stream 9 - SIG Virtualization
 baseurl=https://mirror.stream.centos.org/SIGs/9-stream/virt/$basearch/kata-containers/
 gpgcheck=1
@@ -54,7 +54,7 @@ repo_gpgcheck=0
 enabled=1
 gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-Virtualization
 
-[sig-cloud-okd]
+[c9s-sig-cloud-okd]
 name=CentOS Stream 9 - SIG Cloud OKD 4.15
 baseurl=https://mirror.stream.centos.org/SIGs/9-stream/cloud/$basearch/okd-4.15/
 gpgcheck=1
diff --git a/extensions-c9s.yaml b/extensions-c9s.yaml
index 6fd8917ca..0bb971124 100644
--- a/extensions-c9s.yaml
+++ b/extensions-c9s.yaml
@@ -3,7 +3,7 @@
 # and https://github.com/coreos/fedora-coreos-tracker/issues/401
 
 repos:
-  - sig-virtualization
+  - c9s-sig-virtualization
 
 extensions:
   # https://issues.redhat.com/browse/RFE-4177
@@ -55,7 +55,7 @@ extensions:
     architectures:
       - x86_64
     repos:
-      - nfv
+      - c9s-nfv
     packages:
       - kernel-rt-core
       - kernel-rt-kvm
@@ -71,7 +71,7 @@ extensions:
     architectures:
       - x86_64
     repos:
-      - sig-virtualization
+      - c9s-sig-virtualization
     packages:
       - kata-containers
   # https://issues.redhat.com/browse/COS-2402
diff --git a/manifest-c9s.yaml b/manifest-c9s.yaml
index f3a1cd27a..1b6227b8e 100644
--- a/manifest-c9s.yaml
+++ b/manifest-c9s.yaml
@@ -18,14 +18,14 @@ include:
 
 # CentOS Stream 9 repos + internal repos for now
 repos:
-  - baseos
-  - appstream
+  - c9s-baseos
+  - c9s-appstream
   # CentOS Extras Common repo for SIG RPM GPG keys
-  - extras-common
+  - c9s-extras-common
   # CentOS NFV SIG repo for openvswitch
-  - sig-nfv
+  - c9s-sig-nfv
   # CentOS Cloud SIG repo for cri-o, cri-tools and conmon-rs
-  - sig-cloud-okd
+  - c9s-sig-cloud-okd
   # Include RHCOS 9 repo for oc, hyperkube
   - rhel-9.4-server-ose-4.16
 
@@ -127,10 +127,10 @@ packages:
 # Packages pinned to specific repos in SCOS 9
 repo-packages:
   # We always want the kernel from BaseOS
-  - repo: baseos
+  - repo: c9s-baseos
     packages:
       - kernel
-  - repo: appstream
+  - repo: c9s-appstream
     packages:
       # We want the one shipping in C9S, not the equivalently versioned one in RHAOS
       - nss-altfiles

From 8644a088350bfd41dfd5fc8f1c1dfb4d96f7587e Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Mon, 6 May 2024 14:50:57 -0400
Subject: [PATCH 3/4] variants: simplify

This repo is really confusing to work with because of all the various
tiers of variants we have.

In practice, our production pipelines always specify a concrete variant
to build because the switchover between e.g. 9.2 and 9.4 happens on the
ART side, not RHCOS side. And even in CI, since the script that gets
called by Prow lives here, we can easily control which concrete variant
gets built.

So overall, we don't gain much from trying to have symbolic versionless
variants, but it adds cognitive overhead trying to understand it all.

This patch greatly simplifies things by getting rid of the `scos` and
`rhel-coreos-9` variants. Now, we *only* have concrete variants.
Document them in the README.

The only symbolic links left are the canonical variantless ones, which
determine the default variant that gets built if no `--variant` switch
is passed to `cosa init`.

This is also prep for #799, which will add more concrete variants that
do not bake in the OpenShift components.
---
 README.md                     | 14 ++++++++++++++
 ci/prow-entrypoint.sh         | 12 ++++++------
 extensions-rhel-coreos-9.yaml |  1 -
 extensions-scos.yaml          |  1 -
 extensions.yaml               |  2 +-
 image-rhel-coreos-9.yaml      |  1 -
 image-scos.yaml               |  1 -
 image.yaml                    |  2 +-
 manifest-rhel-coreos-9.yaml   |  1 -
 manifest-scos.yaml            |  1 -
 manifest.yaml                 |  2 +-
 11 files changed, 23 insertions(+), 15 deletions(-)
 delete mode 120000 extensions-rhel-coreos-9.yaml
 delete mode 120000 extensions-scos.yaml
 delete mode 120000 image-rhel-coreos-9.yaml
 delete mode 120000 image-scos.yaml
 delete mode 120000 manifest-rhel-coreos-9.yaml
 delete mode 120000 manifest-scos.yaml

diff --git a/README.md b/README.md
index f2b23621f..4663763c9 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,19 @@ There was a previous git repository inside the Red Hat firewall that was never
 published. The history of that repository is entangled with various private
 things and is omitted. This repository is now canonical.
 
+## Variants
+
+To support building both a RHEL-based and a CentOS Stream-based CoreOS, the
+coreos-assembler concept of [variants] is used. The following variants are
+supported:
+
+- `rhel-9.4`: RHEL 9.4-based CoreOS; including OpenShift components.
+- `c9s`: CentOS Stream-based CoreOS, including OpenShift components. This
+  currently includes some packages from RHEL because not all packages required
+  by OpenShift are provided in CentOS Stream.
+
+The default variant is `rhel-9.4`.
+
 ## Reporting issues
 
 The issue tracker for this repository is only used to track the development
@@ -34,3 +47,4 @@ See [OpenShift CI notes](docs/openshift-ci-notes.md) for more information.
 
 [coreos-assembler]: https://github.com/coreos/coreos-assembler/
 [OKD issue tracker]: https://github.com/openshift/okd/issues
+[variants]: https://github.com/coreos/coreos-assembler/blob/065cd2d20e379642cc3a69e498d20708e2243b21/src/cmd-init#L45-L48
diff --git a/ci/prow-entrypoint.sh b/ci/prow-entrypoint.sh
index 4ab3f8f3b..6cd914f6b 100755
--- a/ci/prow-entrypoint.sh
+++ b/ci/prow-entrypoint.sh
@@ -300,36 +300,36 @@ main() {
             prepare_repos
             ;;
         "build" | "init-and-build-default")  # TODO: change prow job to use init-and-build-default
-            cosa_init "rhel-coreos-9"
+            cosa_init "rhel-9.4"
             cosa_build
             ;;
         "rhcos-cosa-prow-pr-ci")
             setup_user
-            cosa_init "rhel-coreos-9"
+            cosa_init "rhel-9.4"
             cosa_build
             kola_test_qemu
             ;;
         "rhcos-9-build-test-qemu")
             setup_user
-            cosa_init "rhel-coreos-9"
+            cosa_init "rhel-9.4"
             cosa_build
             kola_test_qemu
             ;;
         "rhcos-9-build-test-metal")
             setup_user
-            cosa_init "rhel-coreos-9"
+            cosa_init "rhel-9.4"
             cosa_build
             kola_test_metal
             ;;
         "scos-9-build-test-qemu")
             setup_user
-            cosa_init "scos"
+            cosa_init "c9s"
             cosa_build
             kola_test_qemu
             ;;
         "scos-9-build-test-metal")
             setup_user
-            cosa_init "scos"
+            cosa_init "c9s"
             cosa_build
             kola_test_metal
             ;;
diff --git a/extensions-rhel-coreos-9.yaml b/extensions-rhel-coreos-9.yaml
deleted file mode 120000
index 94e08ff22..000000000
--- a/extensions-rhel-coreos-9.yaml
+++ /dev/null
@@ -1 +0,0 @@
-extensions-rhel-9.4.yaml
\ No newline at end of file
diff --git a/extensions-scos.yaml b/extensions-scos.yaml
deleted file mode 120000
index dedefe813..000000000
--- a/extensions-scos.yaml
+++ /dev/null
@@ -1 +0,0 @@
-extensions-c9s.yaml
\ No newline at end of file
diff --git a/extensions.yaml b/extensions.yaml
index 91cb33f65..94e08ff22 120000
--- a/extensions.yaml
+++ b/extensions.yaml
@@ -1 +1 @@
-extensions-rhel-coreos-9.yaml
\ No newline at end of file
+extensions-rhel-9.4.yaml
\ No newline at end of file
diff --git a/image-rhel-coreos-9.yaml b/image-rhel-coreos-9.yaml
deleted file mode 120000
index 3abbf78c5..000000000
--- a/image-rhel-coreos-9.yaml
+++ /dev/null
@@ -1 +0,0 @@
-image-rhel-9.4.yaml
\ No newline at end of file
diff --git a/image-scos.yaml b/image-scos.yaml
deleted file mode 120000
index 56168f452..000000000
--- a/image-scos.yaml
+++ /dev/null
@@ -1 +0,0 @@
-image-c9s.yaml
\ No newline at end of file
diff --git a/image.yaml b/image.yaml
index 81b4da813..3abbf78c5 120000
--- a/image.yaml
+++ b/image.yaml
@@ -1 +1 @@
-image-rhel-coreos-9.yaml
\ No newline at end of file
+image-rhel-9.4.yaml
\ No newline at end of file
diff --git a/manifest-rhel-coreos-9.yaml b/manifest-rhel-coreos-9.yaml
deleted file mode 120000
index e376971b0..000000000
--- a/manifest-rhel-coreos-9.yaml
+++ /dev/null
@@ -1 +0,0 @@
-manifest-rhel-9.4.yaml
\ No newline at end of file
diff --git a/manifest-scos.yaml b/manifest-scos.yaml
deleted file mode 120000
index 047176021..000000000
--- a/manifest-scos.yaml
+++ /dev/null
@@ -1 +0,0 @@
-manifest-c9s.yaml
\ No newline at end of file
diff --git a/manifest.yaml b/manifest.yaml
index 5aa2be8d1..e376971b0 120000
--- a/manifest.yaml
+++ b/manifest.yaml
@@ -1 +1 @@
-manifest-rhel-coreos-9.yaml
\ No newline at end of file
+manifest-rhel-9.4.yaml
\ No newline at end of file

From 76807f6979fb25dd4491f3c51b627f3ee69e576a Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Wed, 8 May 2024 18:52:25 -0400
Subject: [PATCH 4/4] c9s: always get containers-common from appstream

There's a messy situation right now where the containers-common package
is higher versioned in OCP than in c9s proper. And because we need the
OCP repo for now to compose SCOS, we get the OCP one, which causes
issues because unlike the c9s version, it doesn't ship the RHEL keys.

Work around this by pinning containers-common to the c9s-appstream repo.

While we're here, improve error-handling so that we output stderr if
podman fails.

See also: https://github.com/openshift/os/issues/1505#issuecomment-2102988693

Fixes: https://github.com/openshift/os/issues/1505
---
 manifest-c9s.yaml                 | 3 +++
 tests/kola/systemd/journal-compat | 7 ++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/manifest-c9s.yaml b/manifest-c9s.yaml
index 1b6227b8e..49fb55d4a 100644
--- a/manifest-c9s.yaml
+++ b/manifest-c9s.yaml
@@ -136,3 +136,6 @@ repo-packages:
       - nss-altfiles
       # Use the new containers/toolbox
       - toolbox
+      # The one shipping in C9S is temporarily lower versioned, so be explicit
+      # https://github.com/openshift/os/issues/1505
+      - containers-common
diff --git a/tests/kola/systemd/journal-compat b/tests/kola/systemd/journal-compat
index 3b19cf02a..6fbb94138 100755
--- a/tests/kola/systemd/journal-compat
+++ b/tests/kola/systemd/journal-compat
@@ -13,7 +13,12 @@ set -euo pipefail
 cd $(mktemp -d)
 
 # The string Linux should match the kernel boot
-podman run --privileged --net=none -v /var/log:/var/log:ro --rm registry.access.redhat.com/ubi8/ubi:latest journalctl -D /var/log/journal --grep="Linux" > journal.txt 2>err.txt
+rc=0
+podman run --privileged --net=none -v /var/log:/var/log:ro --rm registry.access.redhat.com/ubi8/ubi:latest journalctl -D /var/log/journal --grep="Linux" > journal.txt 2>err.txt || rc=$?
+if [ "$rc" != 0 ]; then
+    cat err.txt
+    fatal "podman run exited with rc=$rc"
+fi
 if grep -qF 'uses an unsupported feature' err.txt; then
     fatal "Got unsupported feature trying to read journal"
 fi