flatcar
diff --git a/‎…s/0013-Revert-drop-OEM-URI-support.patch‎ ‎…tially-revert-drop-OEM-URI-support.patch‎sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0013-Revert-drop-OEM-URI-support.patch renamed to sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0013-Partially-revert-drop-OEM-URI-support.patch
Lines changed: 25 additions & 113 deletions b/‎…s/0013-Revert-drop-OEM-URI-support.patch‎ ‎…tially-revert-drop-OEM-URI-support.patch‎sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0013-Revert-drop-OEM-URI-support.patch renamed to sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0013-Partially-revert-drop-OEM-URI-support.patch
Lines changed: 25 additions & 113 deletions
diff --git a/‎sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0014-config-Support-oem-schema-in-newer-config-spec-versi.patch‎
Lines changed: 41 additions & 0 deletions b/‎sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0014-config-Support-oem-schema-in-newer-config-spec-versi.patch‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0014-internal-resource-url-support-btrfs-as-OEM-partition.patch‎
Lines changed: 0 additions & 39 deletions b/‎sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0014-internal-resource-url-support-btrfs-as-OEM-partition.patch‎
Lines changed: 0 additions & 39 deletions
diff --git a/‎sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0017-docs-Add-re-added-platforms-to-docs-to-pass-tests.patch‎
Lines changed: 7 additions & 7 deletions b/‎sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0017-docs-Add-re-added-platforms-to-docs-to-pass-tests.patch‎
Lines changed: 7 additions & 7 deletions
@@ -1,19 +1,21 @@
-From b617624e830507f68268db881fdb1576ed25fb41 Mon Sep 17 00:00:00 2001
-From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
-Date: Wed, 25 May 2022 10:38:16 +0200
-Subject: [PATCH 13/19] Revert "*: drop OEM URI support"
+From df6384f8f0e93ab3b61cd04822cf808c7c2d289a Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <jlecuirot@microsoft.com>
+Date: Wed, 1 Apr 2026 16:11:52 +0100
+Subject: [PATCH 13/17] Partially revert "*: drop OEM URI support"
 
-This reverts commit 0c088d6de77aa1b1f47b9252a07f51cb1e249df3.
+This partially reverts commit 0c088d6de77aa1b1f47b9252a07f51cb1e249df3.
+
+Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 ---
  config/v3_0/types/url.go    |  2 +-
  config/v3_1/types/url.go    |  2 +-
  config/v3_2/types/url.go    |  2 +-
  config/v3_3/types/url.go    |  2 +-
  config/v3_4/types/url.go    |  2 +-
- docs/supported-platforms.md |  1 +
- internal/distro/distro.go   | 11 ++++-
- internal/resource/url.go    | 91 +++++++++++++++++++++++++++++++++++++
- 8 files changed, 106 insertions(+), 7 deletions(-)
+ docs/supported-platforms.md |  2 ++
+ internal/distro/distro.go   |  3 +++
+ internal/resource/url.go    | 27 +++++++++++++++++++++++++++
+ 8 files changed, 37 insertions(+), 5 deletions(-)
 
 diff --git a/config/v3_0/types/url.go b/config/v3_0/types/url.go
 index 2d8c44b1..f560bc22 100644
@@ -81,32 +83,23 @@ index b1f96337..752044ce 100644
  	case "s3":
  		if v, ok := u.Query()["versionId"]; ok {
 diff --git a/docs/supported-platforms.md b/docs/supported-platforms.md
-index afd49437..f8e1d3ae 100644
+index afd49437..897eeabd 100644
 --- a/docs/supported-platforms.md
 +++ b/docs/supported-platforms.md
-@@ -12,6 +12,7 @@ Ignition is currently supported for the following platforms:
+@@ -12,6 +12,8 @@ Ignition is currently supported for the following platforms:
  * [Amazon Web Services] (`aws`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
  * [Microsoft Azure] (`azure`)- Ignition will read its configuration from the custom data provided to the instance. Cloud SSH keys are handled separately.
  * [Microsoft Azure Stack] (`azurestack`) - Ignition will read its configuration from the custom data provided to the instance. Cloud SSH keys are handled separately.
 +* Bare Metal - Use the `ignition.config.url` kernel parameter to provide a URL to the configuration. The URL can use the `http://`, `https://`, `tftp://`, `s3://`, or `gs://` schemes to specify a remote config or the `oem://` scheme to specify a local config, rooted in `/usr/share/oem`.
++* PXE - Use the `ignition.config.url` and first boot kernel parameters to provide a URL to the configuration. The URL can use the `http://`, `https://`, `tftp://`, or `s3://` schemes to specify a remote config or the `oem://` scheme to specify a local config, rooted in `/usr/share/oem`.
  * [Brightbox] (`brightbox`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
  * [CloudStack] (`cloudstack`) - Ignition will read its configuration from the instance userdata via either metadata service or config drive. Cloud SSH keys are handled separately.
  * [DigitalOcean] (`digitalocean`) - Ignition will read its configuration from the droplet userdata. Cloud SSH keys and network configuration are handled separately.
 diff --git a/internal/distro/distro.go b/internal/distro/distro.go
-index 9d9351e7..f3c32aaf 100644
+index 9d9351e7..fb12b792 100644
 --- a/internal/distro/distro.go
 +++ b/internal/distro/distro.go
-@@ -23,13 +23,17 @@ import (
- // -X github.com/flatcar/ignition/v2/internal/distro.mdadmCmd=/opt/bin/mdadm
- var (
- 	// Device node directories and paths
--	diskByLabelDir = "/dev/disk/by-label"
-+	diskByLabelDir    = "/dev/disk/by-label"
-+	diskByPartUUIDDir = "/dev/disk/by-partuuid"
-+	oemDevicePath     = "/dev/disk/by-label/OEM"
- 
- 	// initrd file paths
- 	kernelCmdlinePath = "/proc/cmdline"
+@@ -30,6 +30,8 @@ var (
  	bootIDPath        = "/proc/sys/kernel/random/boot_id"
  	// initramfs directory containing distro-provided base config
  	systemConfigDir = "/usr/lib/ignition"
@@ -115,15 +108,7 @@ index 9d9351e7..f3c32aaf 100644
 
  	// Helper programs
  	groupaddCmd  = "groupadd"
-@@ -83,11 +87,14 @@ var (
- 	luksCexSecureKeyRepo    = "/etc/zkey/repository/"
- )
- 
--func DiskByLabelDir() string { return diskByLabelDir }
-+func DiskByLabelDir() string    { return diskByLabelDir }
-+func DiskByPartUUIDDir() string { return diskByPartUUIDDir }
-+func OEMDevicePath() string     { return fromEnv("OEM_DEVICE", oemDevicePath) }
- 
+@@ -88,6 +90,7 @@ func DiskByLabelDir() string { return diskByLabelDir }
  func KernelCmdlinePath() string { return kernelCmdlinePath }
  func BootIDPath() string        { return bootIDPath }
  func SystemConfigDir() string   { return fromEnv("SYSTEM_CONFIG_DIR", systemConfigDir) }
@@ -132,33 +117,26 @@ index 9d9351e7..f3c32aaf 100644
  func GroupaddCmd() string  { return groupaddCmd }
  func GroupdelCmd() string  { return groupdelCmd }
 diff --git a/internal/resource/url.go b/internal/resource/url.go
-index 5f08f059..a9f7f7ba 100644
+index 5f08f059..ab1d80fa 100644
 --- a/internal/resource/url.go
 +++ b/internal/resource/url.go
-@@ -23,10 +23,12 @@ import (
- 	"fmt"
- 	"hash"
- 	"io"
-+	"io/ioutil"
- 	"net"
+@@ -27,6 +27,7 @@ import (
  	"net/http"
  	"net/url"
  	"os"
 +	"path/filepath"
  	"strings"
  	"syscall"
  	"time"
-@@ -34,7 +36,9 @@ import (
+@@ -34,6 +35,7 @@ import (
  	"cloud.google.com/go/compute/metadata"
  	"cloud.google.com/go/storage"
  	configErrors "github.com/flatcar/ignition/v2/config/shared/errors"
 +	"github.com/flatcar/ignition/v2/internal/distro"
  	"github.com/flatcar/ignition/v2/internal/log"
-+	"github.com/flatcar/ignition/v2/internal/systemd"
  	"github.com/flatcar/ignition/v2/internal/util"
  	"golang.org/x/oauth2/google"
- 	"google.golang.org/api/option"
-@@ -165,6 +169,8 @@ func (f *Fetcher) FetchToBuffer(u url.URL, opts FetchOptions) ([]byte, error) {
+@@ -165,6 +167,8 @@ func (f *Fetcher) FetchToBuffer(u url.URL, opts FetchOptions) ([]byte, error) {
  		err = f.fetchFromTFTP(u, dest, opts)
  	case "data":
  		err = f.fetchFromDataURL(u, dest, opts)
@@ -167,7 +145,7 @@ index 5f08f059..a9f7f7ba 100644
  	case "s3", "arn":
  		buf := &s3buf{
  			WriteAtBuffer: manager.NewWriteAtBuffer([]byte{}),
-@@ -237,6 +243,8 @@ func (f *Fetcher) Fetch(u url.URL, dest *os.File, opts FetchOptions) error {
+@@ -237,6 +241,8 @@ func (f *Fetcher) Fetch(u url.URL, dest *os.File, opts FetchOptions) error {
  		return f.fetchFromTFTP(u, dest, opts)
  	case "data":
  		return f.fetchFromDataURL(u, dest, opts)
@@ -176,7 +154,7 @@ index 5f08f059..a9f7f7ba 100644
  	case "s3", "arn":
  		return f.fetchFromS3(u, dest, opts)
  	case "gs":
-@@ -447,6 +455,53 @@ type s3target interface {
+@@ -447,6 +453,27 @@ type s3target interface {
  	io.ReadSeeker
  }
 
@@ -195,81 +173,15 @@ index 5f08f059..a9f7f7ba 100644
 +	if fi, err := os.Open(absPath); err == nil {
 +		defer fi.Close()
 +		return f.decompressCopyHashAndVerify(dest, fi, opts)
-+	} else if !os.IsNotExist(err) {
-+		f.Logger.Err("failed to read oem config: %v", err)
-+		return ErrFailed
-+	}
-+
-+	f.Logger.Info("oem config not found in %q, looking on oem partition",
-+		distro.OEMLookasideDir())
-+
-+	oemMountPath, err := ioutil.TempDir("/mnt", "oem")
-+	if err != nil {
-+		f.Logger.Err("failed to create mount path for oem partition: %v", err)
-+		return ErrFailed
-+	}
-+	// try oemMountPath, requires mounting it.
-+	if err := f.mountOEM(oemMountPath); err != nil {
-+		f.Logger.Err("failed to mount oem partition: %v", err)
-+		return ErrFailed
-+	}
-+	defer os.Remove(oemMountPath)
-+	defer f.umountOEM(oemMountPath)
-+
-+	absPath = filepath.Join(oemMountPath, path)
-+	fi, err := os.Open(absPath)
-+	if err != nil {
++	} else {
 +		f.Logger.Err("failed to read oem config: %v", err)
 +		return ErrFailed
 +	}
-+	defer fi.Close()
-+
-+	return f.decompressCopyHashAndVerify(dest, fi, opts)
 +}
 +
  // FetchFromS3 gets data from an S3 bucket as described by u and writes it into
  // dest, returning an error if one is encountered. It will attempt to acquire
  // IAM credentials from the EC2 metadata service, and if this fails will attempt
-@@ -735,3 +790,39 @@ func (f *Fetcher) parseARN(arnURL string) (string, string, string, string, error
- 	key := strings.Join(urlSplit[1:], "/")
- 	return bucket, key, "", regionHint, nil
- }
-+
-+// mountOEM waits for the presence of and mounts the oem partition at
-+// oemMountPath. oemMountPath will be created if it does not exist.
-+func (f *Fetcher) mountOEM(oemMountPath string) error {
-+	dev := []string{distro.OEMDevicePath()}
-+	if err := systemd.WaitOnDevices(context.Background(), dev, "oem-cmdline"); err != nil {
-+		f.Logger.Err("failed to wait for oem device: %v", err)
-+		return err
-+	}
-+
-+	if err := os.MkdirAll(oemMountPath, 0700); err != nil {
-+		f.Logger.Err("failed to create oem mount point: %v", err)
-+		return err
-+	}
-+
-+	if err := f.Logger.LogOp(
-+		func() error {
-+			return syscall.Mount(dev[0], oemMountPath, "ext4", 0, "")
-+		},
-+		"mounting %q at %q", distro.OEMDevicePath(), oemMountPath,
-+	); err != nil {
-+		return fmt.Errorf("failed to mount device %q at %q: %v",
-+			distro.OEMDevicePath(), oemMountPath, err)
-+	}
-+
-+	return nil
-+}
-+
-+// umountOEM unmounts the oem partition at oemMountPath.
-+func (f *Fetcher) umountOEM(oemMountPath string) {
-+	// ignore the error for the linter
-+	_ = f.Logger.LogOp(
-+		func() error { return syscall.Unmount(oemMountPath, 0) },
-+		"unmounting %q", oemMountPath,
-+	)
-+}
 -- 
-2.51.0
+2.53.0
 
@@ -0,0 +1,41 @@
+From 22332650e3b97479aca7144b04a6dbd2590596de Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <jlecuirot@microsoft.com>
+Date: Mon, 6 Apr 2026 13:13:58 +0100
+Subject: [PATCH 14/18] config: Support oem:// schema in newer config spec
+ versions
+
+Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
+---
+ config/v3_5/types/url.go              | 2 +-
+ config/v3_6_experimental/types/url.go | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/config/v3_5/types/url.go b/config/v3_5/types/url.go
+index b1f96337..752044ce 100644
+--- a/config/v3_5/types/url.go
++++ b/config/v3_5/types/url.go
+@@ -32,7 +32,7 @@ func validateURL(s string) error {
+ 	}
+ 
+ 	switch u.Scheme {
+-	case "http", "https", "tftp", "gs":
++	case "http", "https", "tftp", "gs", "oem":
+ 		return nil
+ 	case "s3":
+ 		if v, ok := u.Query()["versionId"]; ok {
+diff --git a/config/v3_6_experimental/types/url.go b/config/v3_6_experimental/types/url.go
+index b1f96337..752044ce 100644
+--- a/config/v3_6_experimental/types/url.go
++++ b/config/v3_6_experimental/types/url.go
+@@ -32,7 +32,7 @@ func validateURL(s string) error {
+ 	}
+ 
+ 	switch u.Scheme {
+-	case "http", "https", "tftp", "gs":
++	case "http", "https", "tftp", "gs", "oem":
+ 		return nil
+ 	case "s3":
+ 		if v, ok := u.Query()["versionId"]; ok {
+-- 
+2.53.0
+
@@ -1,7 +1,7 @@
-From 9840bd7740f5667f8b2d6e3d87da226dab14bf83 Mon Sep 17 00:00:00 2001
+From f0030362abcedf24149860673ef0596cf3051787 Mon Sep 17 00:00:00 2001
 From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 Date: Mon, 4 Mar 2024 15:05:14 +0100
-Subject: [PATCH 17/19] docs: Add re-added platforms to docs to pass tests
+Subject: [PATCH 17/18] docs: Add re-added platforms to docs to pass tests
 
 Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 Co-Authored-By: Krzesimir Nowak <knowak@microsoft.com
@@ -10,18 +10,18 @@ Co-Authored-By: Krzesimir Nowak <knowak@microsoft.com
  1 file changed, 4 insertions(+)
 
 diff --git a/docs/supported-platforms.md b/docs/supported-platforms.md
-index f8e1d3ae..0a30664c 100644
+index 897eeabd..2a861637 100644
 --- a/docs/supported-platforms.md
 +++ b/docs/supported-platforms.md
-@@ -15,6 +15,7 @@ Ignition is currently supported for the following platforms:
- * Bare Metal - Use the `ignition.config.url` kernel parameter to provide a URL to the configuration. The URL can use the `http://`, `https://`, `tftp://`, `s3://`, or `gs://` schemes to specify a remote config or the `oem://` scheme to specify a local config, rooted in `/usr/share/oem`.
+@@ -16,6 +16,7 @@ Ignition is currently supported for the following platforms:
+ * PXE - Use the `ignition.config.url` and first boot kernel parameters to provide a URL to the configuration. The URL can use the `http://`, `https://`, `tftp://`, or `s3://` schemes to specify a remote config or the `oem://` scheme to specify a local config, rooted in `/usr/share/oem`.
  * [Brightbox] (`brightbox`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
  * [CloudStack] (`cloudstack`) - Ignition will read its configuration from the instance userdata via either metadata service or config drive. Cloud SSH keys are handled separately.
 +* `cloudsigma` - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
  * [DigitalOcean] (`digitalocean`) - Ignition will read its configuration from the droplet userdata. Cloud SSH keys and network configuration are handled separately.
  * [Exoscale] (`exoscale`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
  * [Google Cloud] (`gcp`) - Ignition will read its configuration from the instance metadata entry named "user-data". Cloud SSH keys are handled separately.
-@@ -30,6 +31,9 @@ Ignition is currently supported for the following platforms:
+@@ -31,6 +32,9 @@ Ignition is currently supported for the following platforms:
  * [Equinix Metal] (`packet`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
  * [IBM Power Systems Virtual Server] (`powervs`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
  * [QEMU] (`qemu`) - Ignition will read its configuration from the 'opt/com.coreos/config' key on the QEMU Firmware Configuration Device (available in QEMU 2.4.0 and higher).
@@ -32,5 +32,5 @@ index f8e1d3ae..0a30664c 100644
  * [UpCloud] (`upcloud`) - Ignition will read its configuration from the instance userdata fetched from the metadata service (which is NOT enabled by default, make sure you enable it if you use custom images). Cloud SSH keys are handled separately.
  * [VirtualBox] (`virtualbox`) - Use the VirtualBox guest property `/Ignition/Config` to provide the config to the virtual machine.
 -- 
-2.51.0
+2.53.0