Treefile reference Treefile 参考

A “treefile” is a made up term for a JSON-formatted specification used as input to rpm-ostree compose tree to bind “set of RPMs with configuration” to “OSTree commit”.
“树文件”是一个虚构的术语，用作输入 rpm-ostree compose tree 的 JSON 格式规范，将“一组带有配置的 RPM”绑定到“OSTree 提交”。

It’s recommended to keep them in git, and set up a CI system like Jenkins to operate on them as it changes.
建议将它们保存在 git 中，并设置一个类似 Jenkins 的 CI 系统来操作它们，因为它们会发生变化。

It supports the following parameters:
它支持以下参数：

ref: string, mandatory: Holds a string which will be the name of the branch for the content. This field supports variable substitution.
ref ：字符串，必填：保存一个字符串，该字符串将成为内容分支的名称。此字段支持变量替换。
Example: ref: "cool-os/${releasever}/${stream}" 示例: ref: "cool-os/${releasever}/${stream}"
metadata: Mapping of strings to values, optional. This can be used for other tools to insert arbitrary metadata into the treefile which they parse later, for example via rpm-ostree compose tree --print-metadata-json.
metadata ：字符串到值的映射，可选。这可用于其他工具将任意元数据插入到树文件中，稍后它们可以通过 rpm-ostree compose tree --print-metadata-json 进行解析。
gpg-key (or gpg_key): string, optional: Key ID for GPG signing; the secret key must be in the home directory of the building user. Defaults to none.
gpg-key （或 gpg_key ）：字符串，可选：用于 GPG 签名的密钥 ID；秘钥必须位于构建用户的主目录中。默认为无。
repos: array of strings, mandatory: Names of yum repositories to use, from any files that end in .repo, in the same directory as the treefile. rpm-ostree compose tree does not use the system /etc/yum.repos.d, because it’s common to want to compose a target system distinct from the one the host sytem is running.
repos ：字符串数组，必填：要使用的 yum 仓库的名称，来自以 .repo 结尾的任何文件，在与 treefile 相同的目录中。 rpm-ostree compose tree 不使用系统 /etc/yum.repos.d ，因为通常希望组合一个与主机系统不同的目标系统。
selinux: boolean, optional: Defaults to true. If false, then no SELinux labeling will be performed on the server side.
selinux ：布尔值，可选：默认为 true 。如果为 false ，则服务器端不会执行 SELinux 标记。
ima: boolean, optional: Defaults to false. Propagate any IMA signatures in input RPMs into the final OSTree commit.
ima ：布尔值，可选：默认为 false 。将输入的 RPM 中的任何 IMA 签名传播到最终的 OSTree 提交中。
boot-location (or boot_location): string, optional: There are 2 possible values:
boot-location （或 boot_location ）：字符串，可选：有 2 个可能的值：
- “new”: A misnomer, this value is no longer “new”. Kernel data goes in /usr/lib/ostree-boot in addition to /usr/lib/modules. This is the default; use it if you have a need to care about upgrading from very old versions of libostree.
  “new”：一个误称，这个值不再是“new”。内核数据除了 /usr/lib/modules 之外还会进入 /usr/lib/ostree-boot 。这是默认值；如果您需要关心从非常旧的 libostree 版本升级，请使用它。
- “modules”: Kernel data goes just in /usr/lib/modules. Use this for new systems, and systems that don’t need to be upgraded from very old libostree versions.
  “modules”: 内核数据仅放在 /usr/lib/modules 中。用于新系统和不需要从非常旧的 libostree 版本升级的系统。
etc-group-members: Array of strings, optional: Unix groups in this list will be stored in /etc/group instead of /usr/lib/group. Use this option for groups for which humans should be a member.
etc-group-members ：字符串数组，可选：此列表中的 Unix 组将存储在 /etc/group 而不是 /usr/lib/group 中。对于人类应该是成员的组，请使用此选项。
install-langs: Array of strings, optional. This sets the RPM _install_langs macro. Set this to e.g. ["en_US", "fr_FR"].
install-langs ：字符串数组，可选。这将设置 RPM _install_langs 宏。将其设置为例如 ["en_US", "fr_FR"] 。
mutate-os-release: String, optional. This causes rpm-ostree to change the VERSION and PRETTY_NAME fields to include the ostree version, and adds a specific OSTREE_VERSION key that can be easier for processes to query than looking via ostree. The actual value of this key represents the baked string that gets substituted out for the final OSTree version. This field supports variable substitution.
mutate-os-release ：字符串，可选。这会导致 rpm-ostree 更改 VERSION 和 PRETTY_NAME 字段以包含 ostree 版本，并添加一个特定的 OSTREE_VERSION 键，可以更容易地供进程查询，而不是通过 ostree 查找。此键的实际值表示用于最终 OSTree 版本替换的烘焙字符串。此字段支持变量替换。
Example: mutate-os-release: "${releasever}" 示例: mutate-os-release: "${releasever}"
documentation: boolean, optional. If this is set to false it sets the RPM transaction flag “nodocs” which makes yum/rpm not install files marked as documentation. The default is true.
documentation ：布尔值，可选。如果设置为 false，则设置 RPM 事务标志“nodocs”，使 yum/rpm 不安装标记为文档的文件。默认值为 true。
packages: Array of strings, mandatory: Each entry in this list should name a package; however, virtual provides are also supported. For convenience when writing YAML/JSON, entries in this list will also be split by whitespace. Finally, another syntax special case is that surrounding the entry with quotes ' will suppress this whitespace split, and that in turn makes it possible to use version query syntax such as 'podman >= 4.1'.
packages ：字符串数组，必填：此列表中的每个条目应命名一个软件包；但也支持虚拟提供。为了方便在编写 YAML/JSON 时，此列表中的条目也将通过空格分隔。最后，另一个语法特例是用引号 ' 包围条目将抑制此空格分隔，从而使得可以使用版本查询语法，例如 'podman >= 4.1' 。
packages-$basearch: Array of strings, optional: Set of installed packages, used only if $basearch matches the target architecture name.
packages-$basearch ：字符串数组，可选：已安装软件包的集合，仅在 $basearch 与目标架构名称匹配时使用。
exclude-packages: Array of strings, optional: Each entry in this list is a package name which will be filtered out. If a package listed in the manifest (“manifest package”) indirectly hard depends on one of these packages, it will be a fatal error. If a manifest package recommends one of these packages, the recommended package will simply be omitted. It is also a fatal error to include a package both as a manifest package and in the exclusion list.
exclude-packages ：字符串数组，可选：列表中的每个条目都是要过滤掉的软件包名称。如果清单中列出的软件包（“清单软件包”）间接地依赖于这些软件包之一，那么这将是一个致命错误。如果清单软件包推荐这些软件包中的一个，那么推荐的软件包将被简单地省略。将软件包同时包含为清单软件包和排除列表中的软件包也是一个致命错误。
An example use case for this is for Fedora CoreOS, which will exclude the python and python3 packages to ensure that nothing included in the OS starts depending on it in the future.
一个示例用例是 Fedora CoreOS，它将排除 python 和 python3 软件包，以确保将来操作系统中包含的任何内容都不会开始依赖它。
repo-packages: Array of objects, optional: Set of packages to install from specific repos. Each object in the array supports the following keys:
repo-packages ：对象数组，可选：要从特定仓库安装的软件包集。数组中的每个对象支持以下键：
- packages: Array of strings, required: List of packages to install.
  packages ：字符串数组，必需：要安装的软件包列表。
- repo: String, required: Name of the repo from which to fetch packages.
  repo ：字符串，必需：要获取软件包的仓库名称。
ostree-layers: Array of strings, optional: After all packages are unpacked, check out these OSTree refs, which must already be in the destination repository. Any conflicts with packages will be an error.
ostree-layers ：字符串数组，可选项：在解压所有软件包后，检查这些 OSTree 引用，这些引用必须已经存在于目标存储库中。与软件包冲突将导致错误。
ostree-override-layers: Array of strings, optional: Like above, but any files present in packages and prior layers will be silently overriden. This is useful for development builds to replace parts of the base tree.
ostree-override-layers ：字符串数组，可选项：与上述类似，但软件包和先前层中存在的任何文件将被静默覆盖。这对于开发构建来替换基本树的部分非常有用。
container-cmd: array of strings, optional: This maps to the CMD Dockerfile instruction, and is currently only meaningful when encapsulating/exporting an ostree commit as a Docker/OCI container.
container-cmd ：字符串数组，可选项：这映射到 CMD Dockerfile 指令，目前仅在将 ostree 提交封装/导出为 Docker/OCI 容器时才有意义。
bootstrap_packages: Array of strings, optional: Deprecated; you should now just include this set in the main packages array.
bootstrap_packages ：字符串数组，可选：已弃用；您现在应该将此集合直接包含在主 packages 数组中。
recommends: boolean, optional: Install Recommends, defaults to true.
recommends ：布尔值，可选：安装 Recommends ，默认为 true 。
units: Array of strings, optional: Systemd units to enable by default
units ：字符串数组，可选：默认启用的 Systemd 单元。
default-target (or default_target): String, optional: Set the default systemd target.
default-target （或 default_target ）：字符串，可选：设置默认的 systemd 目标。
initramfs-args: Array of strings, optional. Passed to the initramfs generation program (presently dracut). An example use case for this with Dracut is --filesystems xfs,ext4 to ensure specific filesystem drivers are included. If not specified, --no-hostonly will be used. Deprecated; you should place files in /etc/dracut.conf.d instead. This option is ignored when regenerating the initramfs in the container flow.
initramfs-args ：字符串数组，可选。传递给 initramfs 生成程序（目前为 dracut ）。一个与 Dracut 一起使用的示例用例是 --filesystems xfs,ext4 ，以确保包含特定的文件系统驱动程序。如果未指定，将使用 --no-hostonly 。已弃用；您应该将文件放在 /etc/dracut.conf.d 中。在容器流程中重新生成 initramfs 时，此选项将被忽略。
rpmdb: String, optional: The RPM database backend. Can be one of target (the default) or host. Legacy values bdb, ndb, and sqlite are treated as target. This option is a historical mistake; ultimately the only thing that really works is to write the rpmdb in the target format - the format that the librpm library in the target filesystem tree understands. However, this is a relatively new default, so the value host is provided as a fallback
rpmdb ：字符串，可选：RPM 数据库后端。可以是 target （默认值）或 host 之一。传统值 bdb 、 ndb 和 sqlite 将被视为 target 。此选项是一个历史错误；最终真正有效的是将 rpmdb 写入 target 格式 - 目标文件系统树中的 librpm 库理解的格式。然而，这是一个相对较新的默认值，因此提供值 host 作为备用。
rpmdb-normalize: boolean, optional. Defaults to false. If enabled, this will perform various manipulations of the RPM database to, as much as possible, guarantee a deterministic result for the on-disk RPM database. Requires the SOURCE_DATE_EPOCH environment variable to be set to the UNIX epoch time to be used as the build timestamp. Currently only fully supports the bdb backend. Somewhat experimental.
rpmdb-normalize ：布尔值，可选。默认为 false 。如果启用，这将对 RPM 数据库执行各种操作，尽可能地保证磁盘上 RPM 数据库的确定性结果。需要将 SOURCE_DATE_EPOCH 环境变量设置为要用作构建时间戳的 UNIX 纪元时间。目前仅完全支持 bdb 后端。有些实验性。
selinux-label-version: integer, optional: When set to 1, this will turn on an ostree flag which labels files in /usr/etc as if they were in /etc. This is important to aid in having a “transient” /etc.
selinux-label-version ：整数，可选：当设置为 1 时，这将打开一个 ostree 标志，将 /usr/etc 中的文件标记为如果它们在 /etc 中。这对于具有“瞬态” /etc 非常重要。
cliwrap: boolean, optional. Defaults to false. If enabled, rpm-ostree will replace binaries such as /usr/bin/rpm with wrappers that intercept unsafe operations, or adjust functionality.
cliwrap ：布尔值，可选。默认为 false 。如果启用，rpm-ostree 将用拦截不安全操作的包装器替换诸如 /usr/bin/rpm 之类的二进制文件，或者调整功能。
The default is false out of conservatism; you likely want to enable this.
保守起见，默认值为 false ；您可能希望启用此功能。
cliwrap-binaries: array of strings, optional. An explicit list of binaries to enable cliwrap. The current allowed set contains just one value: kernel-install.
cliwrap-binaries ：字符串数组，可选。一个明确的二进制文件列表，用于启用 cliwrap 。当前允许的集合仅包含一个值： kernel-install 。
readonly-executables: boolean, optional. Defaults to false (for backcompat). If enabled, rpm-ostree will remove the write bit from all executables.
readonly-executables ：布尔值，可选。默认为 false （用于向后兼容）。如果启用，rpm-ostree 将从所有可执行文件中删除写入位。
The default is false out of conservatism; you likely want to enable this.
为了保守起见，默认值为 false ；您可能希望启用此选项。
remove-files: Array of files to delete from the generated tree.
remove-files ：要从生成的树中删除的文件数组。
remove-from-packages: Array, optional: Delete from specified packages files which match the provided array of regular expressions. This is safer than remove-files as it allows finer grained control with less risk of too-wide regular expressions.
remove-from-packages ：数组，可选：从指定包中删除与提供的正则表达式数组匹配的文件。这比 remove-files 更安全，因为它允许更精细的控制，减少了过于宽泛的正则表达式的风险。
Each array element is an array, whose first member is a package name, and subsequent members are regular expressions (compatible with JavaScript).
每个数组元素都是一个数组，其第一个成员是包名称，后续成员是与 JavaScript 兼容的正则表达式。
Example: remove-from-packages: [["cpio", "/usr/share/.*"], ["dhclient", "/usr/lib/.*", "/usr/share/.*"]] 示例: remove-from-packages: [["cpio", "/usr/share/.*"], ["dhclient", "/usr/lib/.*", "/usr/share/.*"]]
Note this does not alter the RPM database, so rpm -V will complain.
请注意，这不会更改 RPM 数据库，因此 rpm -V 会抱怨。
preserve-passwd: boolean, optional: Defaults to true. If enabled, and check-passwd has a type other than file, copy the /etc/passwd (and /usr/lib/passwd) files from the previous commit if they exist. If check-passwd has the file type, then the data is preserved from that file to /usr/lib/passwd. This helps ensure consistent uid/gid allocations across builds. However, it does mean that removed users will exist in the passwd database forever.
preserve-passwd ：布尔值，可选：默认为 true 。如果启用，并且 check-passwd 的类型不是文件，则从上一个提交复制 /etc/passwd （和 /usr/lib/passwd ）文件（如果存在）。如果 check-passwd 具有文件类型，则数据将从该文件保留到 /usr/lib/passwd 。这有助于确保构建过程中一致的 uid/gid 分配。但是，这意味着已删除的用户将永远存在于 passwd 数据库中。
check-passwd: Object, optional: Checks to run against the new passwd file before accepting the tree. All the entries specified should exist (unless ignored) and have the same values or the compose will fail. There are four types: none (for no checking), previous (to check against the passwd file in the previous commit), file (to check against another passwd file), and data to specify the relevant passwd data in the json itself. Note that if you choose file, and preserve-passwd is true then the data will be copied from the referenced file and not the previous commit.
check-passwd ：对象，可选项：在接受树之前针对新的 passwd 文件运行的检查。所有指定的条目应存在（除非被忽略），并且具有相同的值，否则组合将失败。有四种类型：none（用于不进行检查），previous（针对以前提交的 passwd 文件进行检查），file（针对另一个 passwd 文件进行检查），以及 data 以在 json 本身中指定相关的 passwd 数据。请注意，如果选择 file，并且 preserve-passwd 为 true，则数据将从引用的文件复制，而不是从以前的提交复制。
Example: check-passwd: { "type": "none" } Example: check-passwd: { "type": "previous" } Example: check-passwd: { "type": "file", "filename": "local-passwd" } Example: check-passwd: { "type": "data", "entries": { "bin": 1, "adm": [3, 4] } } See also: ignore-remove-users
示例： check-passwd: { "type": "none" } 示例： check-passwd: { "type": "previous" } 示例： check-passwd: { "type": "file", "filename": "local-passwd" } 示例： check-passwd: { "type": "data", "entries": { "bin": 1, "adm": [3, 4] } } 另请参阅： ignore-remove-users
check-groups: Object, optional: Checks to run against the new group file before accepting the tree. All the entries specified should exist (unless ignored) and have the same values or the compose will fail. There are four types: none (for no checking), previous (to check against the group file in the previous commit), file (to check against another group file), and data to specify the relevant group data in the json itself. Note that if you choose file, and preserve-passwd is true then the data will be copied from the referenced file and not the previous commit.
check-groups ：对象，可选项：在接受树之前针对新组文件运行的检查。所有指定的条目应存在（除非被忽略），并且具有相同的值，否则合成将失败。有四种类型：none（用于不进行检查），previous（针对上一个提交中的组文件进行检查），file（针对另一个组文件进行检查），以及 data 以指定 json 本身中相关的组数据。请注意，如果选择 file，并且 preserve-passwd 为 true，则数据将从引用的文件复制，而不是从上一个提交复制。
Example: check-groups: { "type": "none" } Example: check-groups: { "type": "previous" } Example: check-groups: { "type": "file", "filename": "local-group" } Example: check-groups: { "type": "data", "entries": { "bin": 1, "adm": 4 } } See also: ignore-remove-groups
示例： check-groups: { "type": "none" } 示例： check-groups: { "type": "previous" } 示例： check-groups: { "type": "file", "filename": "local-group" } 示例： check-groups: { "type": "data", "entries": { "bin": 1, "adm": 4 } } 另请参阅： ignore-remove-groups
ignore-removed-users: Array, optional: Users to ignore if they are missing in the new passwd file. If an entry of * is specified then any user can be removed without failing the compose.
ignore-removed-users ：数组，可选项：如果在新的 passwd 文件中缺少用户，则要忽略的用户。如果指定了 * 的条目，则可以删除任何用户而不会导致合成失败。
Example: ignore-removed-users: ["avahi-autoipd", "tss"] 示例: ignore-removed-users: ["avahi-autoipd", "tss"]
ignore-removed-groups: Array, optional: Groups to ignore if they are missing in the new group file. If an entry of * is specified then any group can be removed without failing the compose.
ignore-removed-groups ：数组，可选：如果在新的组文件中缺少这些组，则要忽略的组。如果指定了 * 的条目，则可以删除任何组而不会导致构建失败。
Example: ignore-removed-groups: ["avahi"] 示例: ignore-removed-groups: ["avahi"]
releasever: String or integer, optional: Used to set the librepo $releasever variable, commonly used in yum repo files.
releasever ：字符串或整数，可选：用于设置 librepo $releasever 变量，通常在 yum 仓库文件中使用。
Example: releasever: "26" Example: releasever: 35
示例： releasever: "26" 示例： releasever: 35
When defined, it is automatically also added to the variable map described below. Thus, it can be used for substitutions and conditional includes.
当定义时，它也会自动添加到下面描述的 variable 映射中。因此，它可用于替换和条件包含。

automatic-version-prefix (or automatic_version_prefix): String, optional: Set the prefix for versions on the commits. The idea is that if the previous commit on the branch to the doesn’t match the prefix, or doesn’t have a version, then the new commit will have the version as specified. If the prefix matches exactly, then we append “.1”. Otherwise we parse the number after the prefix and increment it by one and then append that to the prefix.
automatic-version-prefix （或 automatic_version_prefix ）：字符串，可选：设置提交版本的前缀。理念是，如果分支上的前一个提交与前缀不匹配，或者没有版本，则新提交将具有指定的版本。如果前缀完全匹配，则我们追加“.1”。否则，我们解析前缀后的数字，将其递增一并追加到前缀后面。

A current date/time may also be passed through automatic-version-prefix, by including a date tag in the prefix as such: <date:format>, where format is a string with date formats such as %Y (year), %m (month), etc. The full list of supported formats is found in the GLib API. Including a date/time format will automatically append a .0 to the version, if not present in the prefix, which resets to .0 if the date (or prefix) changes.
当前日期/时间也可以通过 automatic-version-prefix 传递，通过在前缀中包含日期标签，如： <date:format> ，其中 format 是一个包含日期格式的字符串，如 %Y （年）、 %m （月）等。支持的格式完整列表可在 GLib API 中找到。包含日期/时间格式将自动在版本后追加一个 .0 ，如果前缀中不存在，则会重置为 .0 ，如果日期（或前缀）发生变化。

This means that on an empty branch with an automatic-version-prefix of "22" the first three commits would get the versions: “22”, “22.1”, “22.2”. Some example progressions are shown:
这意味着在一个空分支上，初始版本为 "22" ，前三个提交的版本号将分别为“22”，“22.1”，“22.2”。以下是一些示例进展：

`automatic-version-prefix`	version progression 版本进展
`22`	22, 22.1, 22.2, …
`22.1`	22.1.1, 22.1.2, 22.1.3, …
`22.<date:%Y>`	22.2019.0, 22.2019.1, 22.2020.0, …
`22.<date:%Y>.1`	22.2019.1.0, 22.2019.1.1, 22.2020.1.0, …

This field supports variable substitution.
此字段支持变量替换。

Example: automatic-version-prefix: "22.0" Example: automatic-version-prefix: "${releasever}.<date:%Y%m%d>.dev"
例子: automatic-version-prefix: "22.0" 例子: automatic-version-prefix: "${releasever}.<date:%Y%m%d>.dev"

automatic-version-suffix: String, optional: This must be a single ASCII character. The default value is .. Used by automatic-version-prefix. For example, if you set this to - then 22 will become 22-1, 22-2 etc.
automatic-version-suffix : 字符串，可选: 必须是单个 ASCII 字符。默认值为 . 。由 automatic-version-prefix 使用。例如，如果您将其设置为 - ，那么 22 将变为 22-1 ， 22-2 等。
add-commit-metadata: Map<String, Object>, optional: Metadata to inject as part of composed commits. Keys inserted here can still be overridden at the command line with --add-metadata-string or --add-metadata-from-json. All objects of type string support variable substitution.
add-commit-metadata ：Map，可选：作为组合提交的一部分注入的元数据。在此处插入的键仍然可以在命令行中使用 --add-metadata-string 或 --add-metadata-from-json 进行覆盖。所有字符串类型的对象都支持变量替换。
Example: 例子:
```
add-commit-metadata:
  cool-os.is-production: false
  cool-os.git-snapshot: "${git_snapshot}"
```
postprocess-script: String, optional: Full filesystem path to a script that will be executed in the context of the target tree. The script will be copied into the target into /tmp, and run as a container (a restricted chroot, with no network access). After execution is complete, it will be deleted.
postprocess-script ：String，可选：要执行的脚本的完整文件系统路径，该脚本将在目标树的上下文中执行。脚本将被复制到目标中 /tmp ，并作为容器运行（受限制的 chroot，无网络访问）。执行完成后，它将被删除。
It is strongly recommended to avoid using this except as a last resort. Having the system generated through RPMs allows administrators to understand the inputs to the system. Any new files created through this mechanism will not have the versioning inherent in RPM.
强烈建议除非万不得已，否则避免使用此功能。通过 RPM 生成系统可以让管理员了解系统的输入。通过此机制创建的任何新文件都不具有 RPM 中固有的版本控制。
Only the script file will be copied in; thus if it has any dependencies, on data beyond what is in the target tree, you must embed them in the binary itself.
只有脚本文件会被复制进去；因此，如果它有任何依赖项，超出目标树中的内容，您必须将它们嵌入到二进制文件中。
An example use for this is working around bugs in the input RPMs that are hard to fix in stable releases.
这样做的一个示例用途是解决输入 RPM 中难以在稳定版本中修复的错误。
Note this does not alter the RPM database, so rpm -V will complain.
请注意，这不会更改 RPM 数据库，因此 rpm -V 会抱怨。
If you want to depend on network access, or tools not in the target host, you can use the split-up rpm-ostree compose install and rpm-ostree compose postprocess/commit commands.
如果您想依赖网络访问或目标主机中没有的工具，您可以使用分割的 rpm-ostree compose install 和 rpm-ostree compose postprocess/commit 命令。
postprocess: array of string, optional: This is an inline script variant of postprocess-script that is also an array, so it works correctly with inheritance. If both postprocess-script and postprocess are provided, then postprocess-script will be executed after all other postprocess.
postprocess ：字符串数组，可选：这是 postprocess-script 的内联脚本变体，也是一个数组，因此它可以正确地与继承一起使用。如果同时提供 postprocess-script 和 postprocess ，那么 postprocess-script 将在所有其他 postprocess 之后执行。
When combined with includes, the order in which these scripts are executed are dictated by the following two rules:
与包含结合使用时，这些脚本的执行顺序由以下两个规则决定：
- postprocess scripts in a manifest are executed after postprocess scripts contained in any included manifests
  在清单中的 postprocess 脚本在任何 include 的清单中包含的 postprocess 脚本之后执行
- if multiple manifests are included, postprocess scripts in the latter manifests are executed before earlier ones
  如果多个清单被 include ，则后面的清单中的 postprocess 脚本会在先前的清单之前执行
For example, given the following manifests:
例如，给定以下清单：
```
# manifest.yaml
include:
  - manifests/kernel.yaml
  - manifests/bootupd.yaml
postprocess:
  - echo foo

# manifests/kernel.yaml
postprocess:
  - echo bar

# manifests/bootupd.yaml
postprocess:
  - echo baz
```
Postprocess scripts will be executed in the following order:
后处理脚本将按以下顺序执行：
- manifests/bootupd.yaml
- manifests/kernel.yaml
- manifest.yaml
(I.e. it will echo in this order: baz, bar, then foo.)
(即按照这个顺序回显: baz , bar , 然后 foo .)
include: string or array of string, optional: Path(s) to treefiles which will be used as an inheritance base. The semantics for inheritance are: Non-array values in child values override parent values. Array values are concatenated. Filenames will be resolved relative to the including treefile. Since rpm-ostree 2019.5, this value may also be an array of strings. Including the same file multiple times is an error.
include : 字符串或字符串数组，可选: 用作继承基础的树文件的路径。继承的语义是: 子值中的非数组值会覆盖父值。数组值会被连接。文件名将相对于包含树文件解析。自 rpm-ostree 2019.5 起，此值也可以是字符串数组。多次包含相同文件将导致错误。
arch-include: object (Map<String,include>), optional: Each member of this object should be the name of a base architecture ($basearch), and the include value functions the same as the include key above - it can be either a single string, or an array of strings - and it has the same semantics. Entries which match arch-include are processed after include.
arch-include ：对象（ Map<String,include> ），可选：此对象的每个成员应为基本架构的名称（ $basearch ），而 include 值的功能与上面的 include 键相同 - 它可以是单个字符串，也可以是字符串数组 - 并且具有相同的语义。与 arch-include 匹配的条目在 include 之后处理。
Example (in YAML): 示例（在 YAML 中）：
```
arch-include:
  x86_64: bootloader-x86_64.yaml
  s390x:
    - bootloader-s390x.yaml
    - tweaks-s390x.yaml
```
conditional-include: array of objects, optional: This is like include, but supports conditions based on variables defined in variables. The syntax is:
conditional-include ：对象数组，可选：这类似于 include ，但支持基于 variables 中定义的变量的条件。语法是：
```
 conditional-include:
   - if: <var> <op> <value>
     include: <include>
```
<var> is a variable name previously defined via variables. <op> must be one of ==, !=, <, <=, >, >=. <value> has the same sematics as variable values: it can be a boolean, number, or string (in quotes). <include> functions the same as the include key above - it can be either a string or an array of strings.
<var> 是之前通过 variables 定义的变量名。 <op> 必须是 == 、 != 、 < 、 <= 、 > 、 >= 中的一个。 <value> 具有与变量值相同的语义：它可以是布尔值、数字或字符串（带引号）。 <include> 的功能与上面的 include 键相同 - 它可以是字符串或字符串数组。
Multiple conditions may be provided:
可以提供多个条件：
```
 conditional-include:
   - if:
     - <var> <op> <value>
     - <var> <op> <value>
     - <var> <op> <value>
     include: <include>
```
In that case, all conditions must be met for the inclusion to happen.
在这种情况下，所有条件必须满足才能进行包含。
Example: 例子:
```
variables:
  devpackages: true
  stream: "development"
releasever: 35
conditional-include:
  - if: devpackages == true
    include: dev-packages.yaml
conditional-include:
  - if: stream != "development"
    include: delete-dev-files.yaml
conditional-include:
  - if: releasever >= 35
    include: f35-selinux-workaround.yaml
```
container: boolean, optional: Defaults to false. If true, then rpm-ostree will not do any special handling of kernel, initrd or the /boot directory. This is useful if the target for the tree is some kind of container which does not have its own kernel. This also implies several other options, such as tmp-is-dir: true and selinux: false.
container ：布尔值，可选：默认为 false 。如果 true ，则 rpm-ostree 将不会对内核、initrd 或 /boot 目录进行任何特殊处理。如果树的目标是某种不具有自己内核的容器，则这很有用。这也意味着其他几个选项，比如 tmp-is-dir: true 和 selinux: false 。
add-files: Array, optional: Copy external files to the rootfs.
add-files ：数组，可选：将外部文件复制到 rootfs。
Each array element is an array, whose first member is the source file name, and the second element is the destination name. The source file must be in the same directory as the treefile.
每个数组元素都是一个数组，其第一个成员是源文件名，第二个成员是目标名称。源文件必须与 treefile 相同目录中。
Example: "add-files": [["bar", "/usr/share/bar"], ["foo", "/lib/foo"]] 示例: "add-files": [["bar", "/usr/share/bar"], ["foo", "/lib/foo"]]
Note that in the OSTree model, not all directories are managed by OSTree. In short, only files in /usr (or UsrMove symlinks into /usr) and /etc are supported. For more details, see the OSTree manual: https://ostreedev.github.io/ostree/deployment/
请注意，在 OSTree 模型中，并非所有目录都由 OSTree 管理。简而言之，仅支持 /usr 中的文件（或 UsrMove 符号链接到 /usr ）和 /etc 。有关更多详细信息，请参阅 OSTree 手册：https://ostreedev.github.io/ostree/deployment/
tmp-is-dir: boolean, optional: Defaults to false. By default, rpm-ostree creates symlink /tmp → sysroot/tmp. When set to true, /tmp will be a regular directory, which allows the systemd unit tmp.mount to mount it as tmpfs. It’s more flexible to leave it as a directory, and further, we don’t want to encourage /sysroot to be writable. For host system composes, we recommend turning this on; it’s left off by default to ease the transition.
tmp-is-dir ：布尔值，可选：默认为 false 。默认情况下，rpm-ostree 创建符号链接 /tmp → sysroot/tmp 。当设置为 true 时， /tmp 将成为一个常规目录，这允许 systemd 单元 tmp.mount 将其挂载为 tmpfs 。将其保留为目录更加灵活，而且我们不希望鼓励将 /sysroot 设置为可写。对于主机系统组合，我们建议打开此选项；默认情况下关闭以便于过渡。
machineid-compat: boolean, optional: Defaults to true. By default, rpm-ostree creates /usr/etc/machine-id as an empty file for historical reasons. Set this to false to ensure it’s not present at all. This will cause systemd to execute ConditionFirstBoot=, which implies running systemctl preset-all for example. This requires booting the system with rw so that systemd can properly populate /etc/machine-id and execute the presets at switchroot. When this is enabled, the units directive will no longer function. Instead, create a /usr/lib/systemd/system-presets/XX-example.preset file as part of a package or in the postprocess script.
machineid-compat ：布尔值，可选项：默认为 true 。出于历史原因，默认情况下，rpm-ostree 会创建 /usr/etc/machine-id 为空文件。将其设置为 false 以确保根本不存在。这将导致 systemd 执行 ConditionFirstBoot= ，从而意味着运行 systemctl preset-all 等。这需要使用 rw 引导系统，以便 systemd 可以正确填充 /etc/machine-id 并在 switchroot 时执行预设。启用此功能后， units 指令将不再起作用。而是创建一个 /usr/lib/systemd/system-presets/XX-example.preset 文件作为软件包的一部分或在后处理脚本中创建。
platform-module: string, optional. For the very rare case where you need to either provide or override the platform module. When using RPM modules libdnf will attempt to derive the appropriate platform module by inspecting various virtual provide entries on the available packages. If this fails it will fall back to parsing /etc/os-release or /usr/lib/os-release in that order. If the first mechanism fails and we are running a compose, we will not have the necessary files to allow the fall back to work. If you find yourself in this situation you can provide the platform module name yourself using this option. You can also use this to override the platform module if needed. This field supports variable substitution.
platform-module ：字符串，可选。对于非常罕见的情况，您需要提供或覆盖平台模块。当使用 RPM 模块时，libdnf 将尝试通过检查可用软件包上的各种虚拟提供条目来推导适当的平台模块。如果这种方法失败，它将按顺序回退到解析 /etc/os-release 或 /usr/lib/os-release 。如果第一种机制失败并且我们正在运行一个组合，我们将没有必要的文件来允许回退工作。如果您发现自己处于这种情况，您可以使用此选项自己提供平台模块名称。您还可以使用此选项在需要时覆盖平台模块。此字段支持变量替换。
variables: object (Map<String, value>), optional: Define new variables which could then be substituted into the value of various fields and used in conditional includes described above. Supported value types are booleans, numbers, and strings.
variables ：对象（ Map<String, value> ），可选：定义新变量，然后可以将其替换为各种字段的值，并在上述条件包含中使用。支持的值类型为布尔值、数字和字符串。
The releasever variable is reserved and automatically populated to the same value as the releasever key. The basearch variable is reserved and automatically populated to the base architecture of the compose.
releasever 变量已保留，并自动填充为与 releasever 键相同的值。 basearch 变量已保留，并自动填充为组合的基本架构。
Example: 例子:
```
variables:
  devpackages: true
  stream: "development"
releasever: 35
ref: "cool-os/${releasever}/${stream}"
conditional-include:
  - if: devpackages == true
    include: dev-packages.yaml
```
repo_metadata: String, optional: Can be one of inline (the default), detached or disabled. If set to inline, parts of the RPM repository metadata are added to the OSTree commit metadata under the rpmostree.rpmmd-repos key. Setting this to detached also adds the information but puts it in the detached metadata of the commit, preventing it from affecting the commit checksum. Setting it to disabled will prevent the metadata from being added at all.
repo_metadata ：字符串，可选：可以是 inline （默认值）， detached 或 disabled 之一。如果设置为 inline ，则将 RPM 存储库元数据的部分添加到 OSTree 提交元数据中的 rpmostree.rpmmd-repos 键下。将其设置为 detached 也会添加信息，但将其放在提交的分离元数据中，从而防止其影响提交校验和。将其设置为 disabled 将阻止添加元数据。

Experimental options 实验性选项

All options listed here are subject to change or removal in a future version of rpm-ostree.
此处列出的所有选项都可能在将来的 rpm-ostree 版本中更改或删除。

lockfile-repos: array of strings, optional: Semantically similar to repo, but these repos will only be used to fetch packages locked via lockfiles. This is useful when locked packages are kept separately from the primary repos and one wants to ensure that rpm-ostree will otherwise not select unlocked packages from them.
lockfile-repos ：字符串数组，可选：在语义上类似于 repo ，但这些存储库仅用于获取通过锁定文件锁定的软件包。当锁定软件包与主要存储库分开保存并且希望确保 rpm-ostree 否则不会从中选择未锁定软件包时，这将非常有用。
modules: Object, optional: Describes RPM modules to enable or install. Two keys are supported:
modules ：对象，可选：描述要启用或安装的 RPM 模块。支持两个键：
- enable: Array of strings, required: Set of RPM module specs to enable (the same formats as dnf are supported, e.g. NAME[:STREAM]). One can then cherry-pick specific packages from the enabled modules via packages.
  enable ：字符串数组，必需：要启用的 RPM 模块规范集（支持与 dnf 相同的格式，例如 NAME[:STREAM] ）。然后可以通过 packages 从启用的模块中挑选特定软件包。
- install: Array of strings, required: Set of RPM module specs to install (the same formats as dnf are supported, e.g. NAME[:STREAM][/PROFILE]).
  install ：字符串数组，必填：要安装的 RPM 模块规范集（支持与 dnf 相同的格式，例如 NAME[:STREAM][/PROFILE] ）。
repovars: object (Map<String, String>), optional: yum repository variable names to use when substituting variables in yum repo files. The releasever variable name is invalid. Use the releasever key instead. The basearch name is invalid; it is filled in automatically.
repovars ：对象（ Map<String, String> ），可选：在 yum 存储库文件中替换变量时要使用的 yum 存储库变量名称。 releasever 变量名称无效。请改用 releasever 键。 basearch 名称无效；它会自动填充。
opt-usrlocal: enum, optional: Defaults to var. There are two possible behaviors:
opt-usrlocal ：枚举，可选：默认为 var 。有两种可能的行为：
- var: /opt and /usr/local are symlinks to subdirectories in /var and are purely machine-local state.
  var ： /opt 和 /usr/local 是 /var 中子目录的符号链接，纯粹是机器本地状态。
- root: These are plain directories; only use this with composefs enabled!
  root ：这些是普通目录；只有在启用 composefs 时才使用这个！