From 1ebcaffcc1e8788e678cddb53ae422e9e0426861 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Tue, 14 Jun 2022 14:37:09 -0400
Subject: [PATCH 1/8] manifests: Split into common & RHEL 8.6 specific
 manifests

Co-authored-by: Micah Abbott <miabbott@redhat.com>
---
 manifest.yaml => common.yaml                | 165 +----------------
 extensions.yaml => rhel-8.6/extensions.yaml |   0
 rhel-8.6/fedora-coreos-config               |   1 +
 rhel-8.6/image.yaml                         |   1 +
 rhel-8.6/live                               |   1 +
 rhel-8.6/manifest.yaml                      | 187 ++++++++++++++++++++
 rhel-8.6/overlay.d                          |   1 +
 rhel-8.6/tests                              |   1 +
 8 files changed, 193 insertions(+), 164 deletions(-)
 rename manifest.yaml => common.yaml (61%)
 rename extensions.yaml => rhel-8.6/extensions.yaml (100%)
 create mode 120000 rhel-8.6/fedora-coreos-config
 create mode 120000 rhel-8.6/image.yaml
 create mode 120000 rhel-8.6/live
 create mode 100644 rhel-8.6/manifest.yaml
 create mode 120000 rhel-8.6/overlay.d
 create mode 120000 rhel-8.6/tests

diff --git a/manifest.yaml b/common.yaml
similarity index 61%
rename from manifest.yaml
rename to common.yaml
index fa78aa8e1..907c45ed6 100644
--- a/manifest.yaml
+++ b/common.yaml
@@ -1,8 +1,3 @@
-rojig:
-  license: MIT
-  name: rhcos
-  summary: OpenShift 4
-
 # We inherit from Fedora CoreOS' base configuration
 include:
   - fedora-coreos-config/manifests/ignition-and-ostree.yaml
@@ -14,16 +9,15 @@ include:
   # RHCOS owned packages
   - rhcos-packages.yaml
 
+# Layers common to all versions of RHCOS and SCOS
 ostree-layers:
   - overlay/01fcos
   - overlay/02fcos-nouveau
   - overlay/05rhcos
   - overlay/06gcp-routes
-  - overlay/15rhcos-logrotate
   - overlay/15rhcos-tuned-bits
   - overlay/20platform-chrony
   - overlay/21dhcp-chrony
-  - overlay/25rhcos-azure-udev
 
 arch-include:
   x86_64:
@@ -34,24 +28,6 @@ arch-include:
     - fedora-coreos-config/manifests/grub2-removals.yaml
     - fedora-coreos-config/manifests/bootupd.yaml
 
-# See README.md
-# and https://github.com/openshift/release/blob/master/core-services/release-controller/README.md#rpm-mirrors
-repos:
-  - rhel-8-baseos
-  - rhel-8-appstream
-  - rhel-8-fast-datapath
-  - rhel-8-server-ose
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1938928
-rpmdb: bdb
-
-# We include hours/minutes to avoid version number reuse
-automatic-version-prefix: "411.86.<date:%Y%m%d%H%M>"
-# This ensures we're semver-compatible which OpenShift wants
-automatic-version-suffix: "-"
-# Keep this is sync with the version in postprocess
-mutate-os-release: "4.11"
-
 documentation: false
 initramfs-args:
   - "--no-hostonly"
@@ -110,94 +86,6 @@ postprocess:
 
      # We're not using resolved yet
      rm -f /usr/lib/systemd/system/systemd-resolved.service
-
-     # Enable tmp-on-tmpfs by default because we don't want to have things
-     # leak across reboots, it increases alignment with FCOS, and also fixes
-     # the Live ISO.  First, verify that RHEL is still disabling.
-     grep -q '# RHEL-only: Disable /tmp on tmpfs' /usr/lib/systemd/system/basic.target
-     echo '# RHCOS-only: we follow the Fedora/upstream default' >> /usr/lib/systemd/system/basic.target
-     echo 'Wants=tmp.mount' >> /usr/lib/systemd/system/basic.target
-  - |
-     #!/usr/bin/env bash
-     set -xeo pipefail
-
-     # Ensure that /etc/issue.d exists for console-login-helper-messages
-     # This can be removed once we rebase to RHEL 9
-     install -d -m 0755 /etc/issue.d
-  - |
-     #!/usr/bin/env bash
-     set -xeo pipefail
-
-     # Tweak /usr/lib/os-release
-     grep -v "OSTREE_VERSION" /etc/os-release > /usr/lib/os-release.rhel
-     OCP_RELEASE="4.11"
-     (
-     . /etc/os-release
-     cat > /usr/lib/os-release <<EOF
-     NAME="${NAME} CoreOS"
-     ID="rhcos"
-     ID_LIKE="rhel fedora"
-     VERSION="${OSTREE_VERSION}"
-     VERSION_ID="${OCP_RELEASE}"
-     PLATFORM_ID="${PLATFORM_ID}"
-     PRETTY_NAME="${NAME} CoreOS ${OSTREE_VERSION} (Ootpa)"
-     ANSI_COLOR="${ANSI_COLOR}"
-     CPE_NAME="cpe:/o:redhat:enterprise_linux:8::coreos"
-     HOME_URL="${HOME_URL}"
-     DOCUMENTATION_URL="https://docs.openshift.com/container-platform/${OCP_RELEASE}/"
-     BUG_REPORT_URL="https://bugzilla.redhat.com/"
-     REDHAT_BUGZILLA_PRODUCT="OpenShift Container Platform"
-     REDHAT_BUGZILLA_PRODUCT_VERSION="${OCP_RELEASE}"
-     REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform"
-     REDHAT_SUPPORT_PRODUCT_VERSION="${OCP_RELEASE}"
-     OPENSHIFT_VERSION="${OCP_RELEASE}"
-     RHEL_VERSION="${VERSION_ID}"
-     OSTREE_VERSION="${OSTREE_VERSION}"
-     EOF
-     )
-     rm -f /etc/os-release
-     ln -s ../usr/lib/os-release /etc/os-release
-
-     # Tweak /etc/system-release, /etc/system-release-cpe & /etc/redhat-release
-     (
-     . /etc/os-release
-     cat > /usr/lib/system-release-cpe <<EOF
-     ${CPE_NAME}
-     EOF
-     cat > /usr/lib/system-release <<EOF
-     ${NAME} release ${VERSION_ID}
-     EOF
-     rm -f /etc/system-release-cpe /etc/system-release /etc/redhat-release
-     ln -s /usr/lib/system-release-cpe /etc/system-release-cpe
-     ln -s /usr/lib/system-release /etc/system-release
-     ln -s /usr/lib/system-release /etc/redhat-release
-     )
-
-     # Tweak /usr/lib/issue
-     cat > /usr/lib/issue <<EOF
-     \S \S{VERSION_ID}
-     EOF
-     rm -f /etc/issue /etc/issue.net
-     ln -s /usr/lib/issue /etc/issue
-     ln -s /usr/lib/issue /etc/issue.net
-
-     # Let's have a non-boring motd, just like CL (although theirs is more subdued
-     # nowadays compared to early versions with ASCII art).  One thing we do here
-     # is add --- as a "separator"; the idea is that any "dynamic" information should
-     # be below that.
-     # See: https://projects.engineering.redhat.com/browse/COREOS-1029
-     . /etc/os-release
-     cat > /etc/motd <<EOF
-     Red Hat Enterprise Linux CoreOS $VERSION
-       Part of OpenShift ${OPENSHIFT_VERSION}, RHCOS is a Kubernetes native operating system
-       managed by the Machine Config Operator (\`clusteroperator/machine-config\`).
-
-     WARNING: Direct SSH access to machines is not recommended; instead,
-     make configuration changes via \`machineconfig\` objects:
-       https://docs.openshift.com/container-platform/${OPENSHIFT_VERSION}/architecture/architecture-rhcos.html
-
-     ---
-     EOF
   - |
     #!/usr/bin/env bash
     set -xeuo pipefail
@@ -233,17 +121,6 @@ postprocess:
     done
     rm -f $(which authselect)
 
-  # Stop shipping a baked initiator name in the image; this should be generated
-  # at runtime. We have a service which does this
-  # (coreos-generate-iscsi-initiatorname.service) until it's done properly
-  # upstream (see https://bugzilla.redhat.com/show_bug.cgi?id=1493296).
-  - |
-     #!/usr/bin/env bash
-     set -xeuo pipefail
-
-     # NB: we don't use -f here so we break when this is no longer needed
-     rm -v /etc/iscsi/initiatorname.iscsi
-
 etc-group-members:
   - wheel
   - sudo
@@ -281,9 +158,6 @@ exclude-packages:
 # out the bottom and run `coreos-assembler build`.
 # A lof of packages are inherited by the manifests included at the top.
 packages:
- # We include the generic release package and tweak the os-release info in a
- # post-proces script
- - redhat-release
  # Contains SCTP (https://bugzilla.redhat.com/show_bug.cgi?id=1718049)
  # and it's not really going to be worth playing the "where's my kernel module"
  # game long term.  If we ship it we support it, etc.
@@ -297,7 +171,6 @@ packages:
  - cri-o cri-tools
  # Networking
  - nfs-utils
- - openvswitch2.17
  - dnsmasq
  - NetworkManager-ovs
  # Extra runtime
@@ -313,8 +186,6 @@ packages:
  - systemd-journal-remote
  # Extras
  - systemd-journal-gateway
- # RHEL7 compatibility
- - compat-openssl10
  # Make sure we pull in at least clevis 15; it drops the rd.neednet=1 hardcode
  # and has a few other patches we need.
  # https://bugzilla.redhat.com/show_bug.cgi?id=1853651
@@ -346,38 +217,6 @@ packages:
  # Upstream PR https://github.com/coreos/fedora-coreos-config/pull/786
  - WALinuxAgent-udev
 
-repo-packages:
-  # we always want the kernel from BaseOS
-  - repo: rhel-8-baseos
-    packages:
-      - kernel
-  # we want the one shipping in RHEL, not the equivalently versioned one in RHAOS
-  - repo: rhel-8-appstream
-    packages:
-      - nss-altfiles
-  - repo: rhel-8-server-ose
-    packages:
-      # Starting with 4.11, we are working with the Containers team to build
-      # certain container-tools RPMs in the RHAOS branches for RHCOS + RHEL
-      # worker nodes.
-      - conmon
-      - container-selinux
-      - containernetworking-plugins
-      - containers-common
-      - criu
-      - crun
-      - fuse-overlayfs
-      - podman
-      - runc
-      - skopeo
-      - slirp4netns
-      - toolbox
-
-modules:
-  enable:
-    # qemu-guest-agent
-    - virt:rhel
-
 packages-x86_64:
   # Temporary add of open-vm-tools. Should be removed when containerized
   - open-vm-tools
@@ -388,7 +227,6 @@ packages-x86_64:
   # rdma-core cleanly covers some key bare metal use cases
   - rdma-core
 
-
 packages-ppc64le:
   - irqbalance
   - librtas
@@ -396,7 +234,6 @@ packages-ppc64le:
   - ppc64-diag-rtas
   - rdma-core
 
-
 remove-from-packages:
   - - filesystem
     - "/usr/share/backgrounds"
diff --git a/extensions.yaml b/rhel-8.6/extensions.yaml
similarity index 100%
rename from extensions.yaml
rename to rhel-8.6/extensions.yaml
diff --git a/rhel-8.6/fedora-coreos-config b/rhel-8.6/fedora-coreos-config
new file mode 120000
index 000000000..3ce9ade12
--- /dev/null
+++ b/rhel-8.6/fedora-coreos-config
@@ -0,0 +1 @@
+../fedora-coreos-config
\ No newline at end of file
diff --git a/rhel-8.6/image.yaml b/rhel-8.6/image.yaml
new file mode 120000
index 000000000..73c5b0318
--- /dev/null
+++ b/rhel-8.6/image.yaml
@@ -0,0 +1 @@
+../image.yaml
\ No newline at end of file
diff --git a/rhel-8.6/live b/rhel-8.6/live
new file mode 120000
index 000000000..6fd56fbe5
--- /dev/null
+++ b/rhel-8.6/live
@@ -0,0 +1 @@
+../live
\ No newline at end of file
diff --git a/rhel-8.6/manifest.yaml b/rhel-8.6/manifest.yaml
new file mode 100644
index 000000000..3e2f1e1f8
--- /dev/null
+++ b/rhel-8.6/manifest.yaml
@@ -0,0 +1,187 @@
+# Manifest for RHCOS based on RHEL 8.6
+
+rojig:
+  license: MIT
+  name: rhcos
+  summary: OpenShift 4
+
+variables:
+  distro: "rhel"
+  version: "8.6"
+
+# Include manifests common to all RHEL and CentOS Stream versions
+include:
+  - ../common.yaml
+
+# Starting from here, everything should be specific to RHCOS based on RHEL 8.6
+
+ostree-layers:
+  # Temporary logrotate service and timer units
+  - overlay/15rhcos-logrotate
+  - overlay/25rhcos-azure-udev
+
+# See README.md
+# and https://github.com/openshift/release/blob/master/core-services/release-controller/README.md#rpm-mirrors
+repos:
+  - rhel-8-baseos
+  - rhel-8-appstream
+  - rhel-8-fast-datapath
+  - rhel-8-server-ose
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1938928
+rpmdb: bdb
+
+# We include hours/minutes to avoid version number reuse
+automatic-version-prefix: "411.86.<date:%Y%m%d%H%M>"
+# This ensures we're semver-compatible which OpenShift wants
+automatic-version-suffix: "-"
+# Keep this is sync with the version in postprocess
+mutate-os-release: "4.11"
+
+postprocess:
+  - |
+     #!/usr/bin/env bash
+     set -xeo pipefail
+
+     # Tweak /usr/lib/os-release
+     grep -v "OSTREE_VERSION" /etc/os-release > /usr/lib/os-release.rhel
+     OCP_RELEASE="4.11"
+     (
+     . /etc/os-release
+     cat > /usr/lib/os-release <<EOF
+     NAME="${NAME} CoreOS"
+     ID="rhcos"
+     ID_LIKE="rhel fedora"
+     VERSION="${OSTREE_VERSION}"
+     VERSION_ID="${OCP_RELEASE}"
+     PLATFORM_ID="${PLATFORM_ID}"
+     PRETTY_NAME="${NAME} CoreOS ${OSTREE_VERSION} (Ootpa)"
+     ANSI_COLOR="${ANSI_COLOR}"
+     CPE_NAME="${CPE_NAME%baseos}coreos"
+     HOME_URL="${HOME_URL}"
+     DOCUMENTATION_URL="https://docs.openshift.com/container-platform/${OCP_RELEASE}/"
+     BUG_REPORT_URL="https://bugzilla.redhat.com/"
+     REDHAT_BUGZILLA_PRODUCT="OpenShift Container Platform"
+     REDHAT_BUGZILLA_PRODUCT_VERSION="${OCP_RELEASE}"
+     REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform"
+     REDHAT_SUPPORT_PRODUCT_VERSION="${OCP_RELEASE}"
+     OPENSHIFT_VERSION="${OCP_RELEASE}"
+     RHEL_VERSION="${VERSION_ID}"
+     OSTREE_VERSION="${OSTREE_VERSION}"
+     EOF
+     )
+     rm -f /etc/os-release
+     ln -s ../usr/lib/os-release /etc/os-release
+
+     # Tweak /etc/system-release, /etc/system-release-cpe & /etc/redhat-release
+     (
+     . /etc/os-release
+     cat > /usr/lib/system-release-cpe <<EOF
+     ${CPE_NAME}
+     EOF
+     cat > /usr/lib/system-release <<EOF
+     ${NAME} release ${VERSION_ID}
+     EOF
+     rm -f /etc/system-release-cpe /etc/system-release /etc/redhat-release
+     ln -s /usr/lib/system-release-cpe /etc/system-release-cpe
+     ln -s /usr/lib/system-release /etc/system-release
+     ln -s /usr/lib/system-release /etc/redhat-release
+     )
+
+     # Tweak /usr/lib/issue
+     cat > /usr/lib/issue <<EOF
+     \S \S{VERSION_ID}
+     EOF
+     rm -f /etc/issue /etc/issue.net
+     ln -s /usr/lib/issue /etc/issue
+     ln -s /usr/lib/issue /etc/issue.net
+
+     # Let's have a non-boring motd, just like CL (although theirs is more subdued
+     # nowadays compared to early versions with ASCII art).  One thing we do here
+     # is add --- as a "separator"; the idea is that any "dynamic" information should
+     # be below that.
+     # See: https://projects.engineering.redhat.com/browse/COREOS-1029
+     . /etc/os-release
+     cat > /etc/motd <<EOF
+     Red Hat Enterprise Linux CoreOS $VERSION
+       Part of OpenShift ${OPENSHIFT_VERSION}, RHCOS is a Kubernetes native operating system
+       managed by the Machine Config Operator (\`clusteroperator/machine-config\`).
+
+     WARNING: Direct SSH access to machines is not recommended; instead,
+     make configuration changes via \`machineconfig\` objects:
+       https://docs.openshift.com/container-platform/${OPENSHIFT_VERSION}/architecture/architecture-rhcos.html
+
+     ---
+     EOF
+  # Collection of workarounds specific to RHEL 8.6 based RHCOS
+  - |
+     #!/usr/bin/env bash
+     set -xeo pipefail
+
+     # Ensure that /etc/issue.d exists for console-login-helper-messages
+     # This can be removed once we rebase to RHEL 9
+     install -d -m 0755 /etc/issue.d
+  - |
+     #!/usr/bin/env bash
+     set -xeuo pipefail
+
+     # Enable tmp-on-tmpfs by default because we don't want to have things
+     # leak across reboots, it increases alignment with FCOS, and also fixes
+     # the Live ISO.  First, verify that RHEL is still disabling.
+     grep -q '# RHEL-only: Disable /tmp on tmpfs' /usr/lib/systemd/system/basic.target
+     echo '# RHCOS-only: we follow the Fedora/upstream default' >> /usr/lib/systemd/system/basic.target
+     echo 'Wants=tmp.mount' >> /usr/lib/systemd/system/basic.target
+  # Stop shipping a baked initiator name in the image; this should be generated
+  # at runtime. We have a service which does this
+  # (coreos-generate-iscsi-initiatorname.service) until it's done properly
+  # upstream (see https://bugzilla.redhat.com/show_bug.cgi?id=1493296).
+  - |
+     #!/usr/bin/env bash
+     set -xeuo pipefail
+
+     # NB: we don't use -f here so we break when this is no longer needed
+     rm -v /etc/iscsi/initiatorname.iscsi
+
+# Packages that are only in RHCOS and not in SCOS or that have special
+# constraints that do not apply to SCOS
+packages:
+ # We include the generic release package and tweak the os-release info in a
+ # post-proces script
+ - redhat-release
+ # RHEL7 compatibility
+ - compat-openssl10
+ # SCOS package name does not include a version number
+ - openvswitch2.17
+
+# Packages pinned to specific repos in RHCOS
+repo-packages:
+  # we always want the kernel from BaseOS
+  - repo: rhel-8-baseos
+    packages:
+      - kernel
+  # we want the one shipping in RHEL, not the equivalently versioned one in RHAOS
+  - repo: rhel-8-appstream
+    packages:
+      - nss-altfiles
+  - repo: rhel-8-server-ose
+    packages:
+      # Starting with 4.11, we are working with the Containers team to build
+      # certain container-tools RPMs in the RHAOS branches for RHCOS + RHEL
+      # worker nodes.
+      - conmon
+      - container-selinux
+      - containernetworking-plugins
+      - containers-common
+      - criu
+      - crun
+      - fuse-overlayfs
+      - podman
+      - runc
+      - skopeo
+      - slirp4netns
+      - toolbox
+
+modules:
+  enable:
+    # qemu-guest-agent
+    - virt:rhel
diff --git a/rhel-8.6/overlay.d b/rhel-8.6/overlay.d
new file mode 120000
index 000000000..ac61c8821
--- /dev/null
+++ b/rhel-8.6/overlay.d
@@ -0,0 +1 @@
+../overlay.d/
\ No newline at end of file
diff --git a/rhel-8.6/tests b/rhel-8.6/tests
new file mode 120000
index 000000000..6dd24e02b
--- /dev/null
+++ b/rhel-8.6/tests
@@ -0,0 +1 @@
+../tests
\ No newline at end of file

From 3f22e587ba7ba55b84d95b252da0d25210072313 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Thu, 9 Jun 2022 12:27:28 +0200
Subject: [PATCH 2/8] Keep RHEL 8.6 based RHCOS as the default

---
 extensions.yaml | 1 +
 manifest.yaml   | 3 +++
 2 files changed, 4 insertions(+)
 create mode 120000 extensions.yaml
 create mode 100644 manifest.yaml

diff --git a/extensions.yaml b/extensions.yaml
new file mode 120000
index 000000000..df0dd1aa6
--- /dev/null
+++ b/extensions.yaml
@@ -0,0 +1 @@
+rhel-8.6/extensions.yaml
\ No newline at end of file
diff --git a/manifest.yaml b/manifest.yaml
new file mode 100644
index 000000000..63836df40
--- /dev/null
+++ b/manifest.yaml
@@ -0,0 +1,3 @@
+# Default RHEL version used to build RHCOS
+include:
+  - rhel-8.6/manifest.yaml

From 3a0912faf95dac580c36449941e98d54c2f9c70a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Fri, 10 Jun 2022 17:48:27 +0200
Subject: [PATCH 3/8] ci: Make RHEL version explicit

Prepare for testing multiple RHEL versions.
---
 ci/prow-entrypoint.sh | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/ci/prow-entrypoint.sh b/ci/prow-entrypoint.sh
index fc28535ea..73e85fa6e 100755
--- a/ci/prow-entrypoint.sh
+++ b/ci/prow-entrypoint.sh
@@ -6,6 +6,9 @@ set -xeuo pipefail
 # Global variables
 REDIRECTOR_URL="https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/"
 
+# Default version of RHEL used to build RHCOS
+RHELVER="rhel-8.6"
+
 # This function is used to update the /etc/passwd file within the COSA container
 # at test-time. The need for this comes from the fact that OpenShift will run a
 # container with a randomized user ID by default to enhance security. Because
@@ -28,6 +31,8 @@ setup_user() {
     whoami
 }
 
+# Setup a new build directory with COSA init, selecting the version of RHEL or
+# CentOS Stream that we want as a basis for RHCOS/SCOS.
 cosa_init() {
     if test -d builds; then
         echo "Already in an initialized cosa dir"
@@ -43,7 +48,7 @@ cosa_init() {
     cd "$cosa_dir"
 
     # Setup source tree
-    cosa init --transient "${tmp_src}/os"
+    cosa init --transient "${tmp_src}/os" "${RHELVER}"
 }
 
 # Do a cosa build & cosa build-extensions only.
@@ -61,11 +66,10 @@ cosa_build() {
     cosa buildfetch --url="${prev_build_url}"
 
     # Fetch the repos corresponding to the release we are building
-    rhelver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["automatic-version-prefix"]' | cut -f2 -d.)
-    id
-    whoami
-    ls -alh "src/config/"
-    curl -L "http://base-${ocpver_mut}-rhel${rhelver}.ocp.svc.cluster.local" -o "src/config/ocp.repo"
+    if [[ "${RHELVER}" == "rhel-8.6" ]]; then
+        rhelver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["automatic-version-prefix"]' | cut -f2 -d.)
+        curl -L "http://base-${ocpver_mut}-rhel${rhelver}.ocp.svc.cluster.local" -o "src/config/ocp.repo"
+    fi
 
     # Fetch packages
     cosa fetch
@@ -158,13 +162,15 @@ main () {
             cosa_init
             cosa_build
             ;;
-        "rhcos-86-build-test-qemu")
+        "build-test-qemu-kola-basic" | "rhcos-86-build-test-qemu")
+            RHELVER="rhel-8.6"
             setup_user
             cosa_init
             cosa_build
             kola_test_qemu
             ;;
-        "rhcos-86-build-test-metal")
+        "build-test-qemu-kola-all" | "rhcos-86-build-test-metal")
+            RHELVER="rhel-8.6"
             setup_user
             cosa_init
             cosa_build

From 5cfa7d6bf8dba0cd56ea4cda82478658f9f6f89e Mon Sep 17 00:00:00 2001
From: Micah Abbott <miabbott@redhat.com>
Date: Tue, 14 Jun 2022 14:32:25 -0400
Subject: [PATCH 4/8] manifests: move rhel 8.6 manifest to OCP 4.12

We have the `release-4.11` branch created, so `master` should be
targeting 4.12.
---
 rhel-8.6/manifest.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rhel-8.6/manifest.yaml b/rhel-8.6/manifest.yaml
index 3e2f1e1f8..bcae242f8 100644
--- a/rhel-8.6/manifest.yaml
+++ b/rhel-8.6/manifest.yaml
@@ -32,11 +32,11 @@ repos:
 rpmdb: bdb
 
 # We include hours/minutes to avoid version number reuse
-automatic-version-prefix: "411.86.<date:%Y%m%d%H%M>"
+automatic-version-prefix: "412.86.<date:%Y%m%d%H%M>"
 # This ensures we're semver-compatible which OpenShift wants
 automatic-version-suffix: "-"
 # Keep this is sync with the version in postprocess
-mutate-os-release: "4.11"
+mutate-os-release: "4.12"
 
 postprocess:
   - |
@@ -45,7 +45,7 @@ postprocess:
 
      # Tweak /usr/lib/os-release
      grep -v "OSTREE_VERSION" /etc/os-release > /usr/lib/os-release.rhel
-     OCP_RELEASE="4.11"
+     OCP_RELEASE="4.12"
      (
      . /etc/os-release
      cat > /usr/lib/os-release <<EOF

From 7dd98cba7d47a1224cd87763656769a5f5b3ff2c Mon Sep 17 00:00:00 2001
From: Micah Abbott <miabbott@redhat.com>
Date: Tue, 14 Jun 2022 14:39:37 -0400
Subject: [PATCH 5/8] manifests: drop clevis version requirement

RHEL 8.6 shipped with `clevis-15-8`, so we can drop the version
requirement here.
---
 common.yaml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/common.yaml b/common.yaml
index 907c45ed6..ec91a42f6 100644
--- a/common.yaml
+++ b/common.yaml
@@ -186,10 +186,8 @@ packages:
  - systemd-journal-remote
  # Extras
  - systemd-journal-gateway
- # Make sure we pull in at least clevis 15; it drops the rd.neednet=1 hardcode
- # and has a few other patches we need.
- # https://bugzilla.redhat.com/show_bug.cgi?id=1853651
- - "'clevis >= 15-1.el8' 'clevis-luks >= 15-1.el8' 'clevis-dracut >= 15-1.el8'"
+ # RHEL 8.6 shipped with clevis-15-8, so we can drop the version requirement
+ - clevis clevis-luks clevis-dracut
  - cryptsetup-reencrypt tpm2-tools
  # Used to update PAM configuration to work with SSSD
  # https://bugzilla.redhat.com/show_bug.cgi?id=1774154

From a45ed578342726bdbfd8ec1ee3206f166eaa71c5 Mon Sep 17 00:00:00 2001
From: Micah Abbott <miabbott@redhat.com>
Date: Tue, 14 Jun 2022 14:52:43 -0400
Subject: [PATCH 6/8] manifests: drop cryptsetup-reencrypt

The use of `cryptsetup-reencrypt` goes back to the null-cipher LUKS
container that we used to do disk encryption in early, early OCP 4
days.  As part of #788, the `rhcos-fde` dracut module dropped the
requirement on this package, so we should be able to safely drop it
from the manifest as well.
---
 common.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/common.yaml b/common.yaml
index ec91a42f6..053173ff7 100644
--- a/common.yaml
+++ b/common.yaml
@@ -188,7 +188,8 @@ packages:
  - systemd-journal-gateway
  # RHEL 8.6 shipped with clevis-15-8, so we can drop the version requirement
  - clevis clevis-luks clevis-dracut
- - cryptsetup-reencrypt tpm2-tools
+ # tpm2-tools is required by clevis
+ - tpm2-tools
  # Used to update PAM configuration to work with SSSD
  # https://bugzilla.redhat.com/show_bug.cgi?id=1774154
  - authselect

From b340e10d449388076adc4f8aec0be9f7d07228ff Mon Sep 17 00:00:00 2001
From: Micah Abbott <miabbott@redhat.com>
Date: Thu, 16 Jun 2022 11:30:02 -0400
Subject: [PATCH 7/8] adjust manifest to have common.yaml in subdir

---
 rhel-8.6/common.yaml   | 1 +
 rhel-8.6/manifest.yaml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 120000 rhel-8.6/common.yaml

diff --git a/rhel-8.6/common.yaml b/rhel-8.6/common.yaml
new file mode 120000
index 000000000..1e00c6887
--- /dev/null
+++ b/rhel-8.6/common.yaml
@@ -0,0 +1 @@
+../common.yaml
\ No newline at end of file
diff --git a/rhel-8.6/manifest.yaml b/rhel-8.6/manifest.yaml
index bcae242f8..05655679e 100644
--- a/rhel-8.6/manifest.yaml
+++ b/rhel-8.6/manifest.yaml
@@ -11,7 +11,7 @@ variables:
 
 # Include manifests common to all RHEL and CentOS Stream versions
 include:
-  - ../common.yaml
+  - common.yaml
 
 # Starting from here, everything should be specific to RHCOS based on RHEL 8.6
 

From 4e1e546d0ebd9d8e42a2c45cf2a379ceedec68de Mon Sep 17 00:00:00 2001
From: Micah Abbott <miabbott@redhat.com>
Date: Thu, 16 Jun 2022 11:31:02 -0400
Subject: [PATCH 8/8] unroll symlinks and populate necessary files

---
 ci/prow-entrypoint.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/ci/prow-entrypoint.sh b/ci/prow-entrypoint.sh
index 73e85fa6e..c3300dd82 100755
--- a/ci/prow-entrypoint.sh
+++ b/ci/prow-entrypoint.sh
@@ -49,6 +49,22 @@ cosa_init() {
 
     # Setup source tree
     cosa init --transient "${tmp_src}/os" "${RHELVER}"
+
+    # Running `cosa fetch` etc in the context of these Prow jobs doesn't play
+    # well with relative symlinks. Convert the symlinks in the subdir to
+    # copies of the files and copy in the rest of the necessary bits.  This
+    # allows the subdir organization to remain in place for non-Prow use cases
+    # and just special cases this particular environment.
+    pushd "$cosa_dir/src/config/"
+    while IFS= read -r -d '' linkname; do
+        realfile=$(readlink -f $linkname)
+        rm $linkname
+        cp -a $realfile $linkname
+    done< <(find ./ -type l -print0)
+
+    cp -a "${tmp_src}"/os/{.git,common.yaml,kola-denylist.yaml,group,rhcos-packages.yaml,passwd} .
+    popd
+
 }
 
 # Do a cosa build & cosa build-extensions only.