update-generated-files/Cargo.toml

[workspace]
members = [
    "cli",
    "system-reinstall-bootc",
    "lib",
    "mount",
    "ostree-ext",
    "utils",
    "blockdev",
    "xtask",
    "tests-integration",
    "tmpfiles",
    "sysusers",
]
resolver = "2"

[profile.dev]
opt-level = 1 # No optimizations are too slow for us.

[profile.release]
lto = "thin"
# We use FFI so this is safest
panic = "abort"
# We assume we're being delivered via e.g. RPM which supports split debuginfo
debug = true

[profile.thin]
# drop bootc size when split debuginfo is not available and go a step
# further in size optimization (when tested from 140mb, to 12mb without 
# symbols/debuginfo, to 5.8mb with extra optimizations)
# https://github.com/johnthagen/min-sized-rust
# cargo build --profile=thin
inherits = "release"
debug = false       # Re-strip debug symbols
strip = true        # Strip symbols from binary
lto = true          # Use full lto to remove dead code
opt-level = 's'     # Optimize for size with vector vectorization
codegen-units = 1   # Reduce number of codegen units to increase optimizations

[profile.releaselto]
codegen-units = 1
inherits = "release"
lto = "yes"

[workspace.dependencies]
anstream = "0.6"
anyhow = "1.0.82"
camino = "1.1.6"
canon-json = "0.2.1"
cap-std-ext = "4.0.3"
chrono = { version = "0.4.38", default-features = false }
clap = "4.5.4"
clap_mangen = { version = "0.2.20" }
hex = "0.4.3"
indoc = "2.0.5"
indicatif = "0.17.0"
fn-error-context = "0.2.1"
libc = "0.2.154"
openssl = "0.10.72"
owo-colors = { version = "4" }
rustix = { "version" = "1", features = ["thread", "net", "fs", "system", "process", "mount"] }
serde = "1.0.199"
serde_json = "1.0.116"
similar-asserts = "1.5.0"
static_assertions = "1.1.0"
tempfile = "3.10.1"
tracing = "0.1.40"
thiserror = "2.0.11"
tokio = ">= 1.37.0"
tokio-util = { features = ["io-util"], version = "0.7.10" }

# See https://github.com/coreos/cargo-vendor-filterer
[workspace.metadata.vendor-filter]
# For now we only care about tier 1+2 Linux.  (In practice, it's unlikely there is a tier3-only Linux dependency)
platforms = ["*-unknown-linux-gnu"]
tier = "2"
all-features = true
exclude-crate-paths = [ { name = "libz-sys", exclude = "src/zlib" },
                        { name = "libz-sys", exclude = "src/zlib-ng" },
                        # rustix includes pre-generated assembly for linux_raw, which we don't use
                        { name = "rustix", exclude = "src/imp/linux_raw" },
                        # Test files that include binaries
                        { name = "system-deps", exclude = "src/tests" },
                        # This stuff is giant, trim unused versions
                        { name = "k8s-openapi", exclude = "src/v1_25" },
                        { name = "k8s-openapi", exclude = "src/v1_27" },
                      ]

# This is an made up key for external binary dependencies.
# setpriv is a proxy for util-linux, and systemctl is a proxy for systemd.
[workspace.metadata.binary-dependencies]
bins = ["skopeo", "podman", "ostree", "zstd", "setpriv", "systemctl", "chcon"]

[workspace.lints.rust]
# Require an extra opt-in for unsafe
unsafe_code = "deny"
# Absolutely must handle errors
unused_must_use = "forbid"
missing_docs = "deny"
missing_debug_implementations = "deny"
# Feel free to comment this one out locally during development of a patch.
dead_code = "deny"

[workspace.lints.clippy]
disallowed_methods = "deny"
# These should only be in local code
dbg_macro = "deny"
todo = "deny"
# These two are in my experience the lints which are most likely
# to trigger, and among the least valuable to fix.
needless_borrow = "allow"
needless_borrows_for_generic_args = "allow"
Initial code split from https://github.com/ostreedev/ostree-rs-ext/pull/412 Prep for potentially moving to github.com/containers/bootc 2022-11-30 13:18:17 -05:00			`[workspace]`
build-sys: Split workspace members to multiple lines To lessen the chance of future conflicts when changing things here. Signed-off-by: Colin Walters <walters@verbum.org> 2025-01-24 13:11:10 -05:00			`members = [`
			`"cli",`
cli: add `system-reinstall-bootc` binary # Background The current usage instructions for bootc involve a long podman invocation. # Issue It's hard to remember and type the long podman invocation, making the usage of bootc difficult for users. See https://issues.redhat.com/browse/BIFROST-610 and https://issues.redhat.com/browse/BIFROST-611 (Epic https://issues.redhat.com/browse/BIFROST-594) # Solution We want to make the usage of bootc easier by providing a new Fedora/RHEL subpackage that includes a new binary `system-reinstall-bootc`. This binary will simplify the usage of bootc by providing a simple command line interface (configured either through CLI flags or a configuration file) with an interactive prompt that allows users to reinstall the current system using bootc. The commandline will handle helping the user choose SSH keys / users, warn the user about the destructive nature of the operation, and eventually report issues they might run into in the various clouds (e.g. missing cloud agent on the target image) # Implementation Added new system-reinstall-bootc crate that outputs the new system-reinstall-bootc binary. This new crate depends on the existing utils crate. Refactored the tracing initialization from the bootc binary into the utils crate so that it can be reused by the new crate. The new CLI can either be configured through commandline flags or through a configuration file in a path set by the environment variable `BOOTC_REINSTALL_CONFIG`. The configuration file is a YAML file. # Limitations Only root SSH keys are supported. The multi user selection TUI is implemented, but if you choose anything other than root you will get an error. # TODO Missing docs, missing functionality. Everything is in alpha stage. User choice / SSH keys / prompt disabling should also eventually be supported to be configured through commandline arguments or the configuration file. Signed-off-by: Omer Tuchfeld <omer@tuchfeld.dev> 2025-01-25 14:20:22 +01:00			`"system-reinstall-bootc",`
build-sys: Split workspace members to multiple lines To lessen the chance of future conflicts when changing things here. Signed-off-by: Colin Walters <walters@verbum.org> 2025-01-24 13:11:10 -05:00			`"lib",`
Split mount code into separate helper crate Prep for using this elsewhere via git dependency, like we're doing now with bootupd for example. Signed-off-by: Colin Walters <walters@verbum.org> 2025-04-27 13:29:56 -04:00			`"mount",`
build-sys: Split workspace members to multiple lines To lessen the chance of future conflicts when changing things here. Signed-off-by: Colin Walters <walters@verbum.org> 2025-01-24 13:11:10 -05:00			`"ostree-ext",`
Rename internal blockdev crate to bootc-blockdev To make a bit clearer this is an internal-to-bootc thing; but also because other projects like bootupd may start referencing it. Signed-off-by: Colin Walters <walters@verbum.org> 2025-01-24 13:13:52 -05:00			`"utils",`
build-sys: Split workspace members to multiple lines To lessen the chance of future conflicts when changing things here. Signed-off-by: Colin Walters <walters@verbum.org> 2025-01-24 13:11:10 -05:00			`"blockdev",`
			`"xtask",`
tmpfiles: New crate This adapts code rewritten from rpm-ostree to synthesize tmpfiles.d entries. Signed-off-by: Colin Walters <walters@verbum.org> 2025-02-09 10:52:01 -05:00			`"tests-integration",`
sysusers: New stub crate Signed-off-by: Colin Walters <walters@verbum.org> 2025-02-12 19:21:00 -05:00			`"tmpfiles",`
			`"sysusers",`
build-sys: Split workspace members to multiple lines To lessen the chance of future conflicts when changing things here. Signed-off-by: Colin Walters <walters@verbum.org> 2025-01-24 13:11:10 -05:00			`]`
build-sys: Opt in to resolver = 2 This silences a warning from newer Rust. Signed-off-by: Colin Walters <walters@verbum.org> 2023-08-29 17:51:12 -04:00			`resolver = "2"`
Initial code split from https://github.com/ostreedev/ostree-rs-ext/pull/412 Prep for potentially moving to github.com/containers/bootc 2022-11-30 13:18:17 -05:00
			`[profile.dev]`
			`opt-level = 1 # No optimizations are too slow for us.`

			`[profile.release]`
Cargo.toml: Update release profile, add releaselto - `release` should use `panic=abort` by default because we make heavy use of FFI and this is safest, and I don't think we need unwinding anyways - The `releaselto` produces smallest binaries Signed-off-by: Colin Walters <walters@verbum.org> 2023-08-22 09:33:30 -04:00			`lto = "thin"`
			`# We use FFI so this is safest`
			`panic = "abort"`
			`# We assume we're being delivered via e.g. RPM which supports split debuginfo`
Add `cargo xtask` and packaging infrastructure First, this adds `cargo xtask` following https://github.com/matklad/cargo-xtask/ We use this to write "external glue scripts" in Rust, not bash. Specifically we now have e.g. `cargo xtask vendor` which just wraps running `cargo vendor-filterer`. Then build on that and add `cargo xtask package-srpm` which generates a `.src.rpm`. And build on that by adding the requisite glue to have Fedora's COPR be able to understand it, so that we can get auto-built and shipped packages there. This will make trying out bootc a bit easier. Signed-off-by: Colin Walters <walters@verbum.org> 2023-01-18 17:39:03 -05:00			`debug = true`

feat: add thin build profile Signed-off-by: Antheas Kapenekakis <git@antheas.dev> 2024-12-01 15:45:16 +01:00			`[profile.thin]`
			`# drop bootc size when split debuginfo is not available and go a step`
			`# further in size optimization (when tested from 140mb, to 12mb without`
			`# symbols/debuginfo, to 5.8mb with extra optimizations)`
			`# https://github.com/johnthagen/min-sized-rust`
			`# cargo build --profile=thin`
			`inherits = "release"`
			`debug = false # Re-strip debug symbols`
			`strip = true # Strip symbols from binary`
			`lto = true # Use full lto to remove dead code`
			`opt-level = 's' # Optimize for size with vector vectorization`
			`codegen-units = 1 # Reduce number of codegen units to increase optimizations`

Cargo.toml: Update release profile, add releaselto - `release` should use `panic=abort` by default because we make heavy use of FFI and this is safest, and I don't think we need unwinding anyways - The `releaselto` produces smallest binaries Signed-off-by: Colin Walters <walters@verbum.org> 2023-08-22 09:33:30 -04:00			`[profile.releaselto]`
			`codegen-units = 1`
			`inherits = "release"`
			`lto = "yes"`

build-sys: Switch to workspace dependencies Prep for addding another crate, where I want to avoid duplicating all the versions again. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-16 09:03:21 -04:00			`[workspace.dependencies]`
cli: Don't emit ANSI codes to stderr It seems the tracing crate is broken in this respect. Digging through best practices, `anstream` is used by clap and looks sane. We're basically just following their example. Signed-off-by: Colin Walters <walters@verbum.org> 2025-05-29 13:20:30 -04:00			`anstream = "0.6"`
build-sys: Switch to workspace dependencies Prep for addding another crate, where I want to avoid duplicating all the versions again. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-16 09:03:21 -04:00			`anyhow = "1.0.82"`
			`camino = "1.1.6"`
lib,ostree-ext: use canon-json Replace all serde_json::to_{string,vec,writer} with equivalent canon_json::CanonJsonSerialize to make the output stable / reproducible. Signed-off-by: Etienne Champetier <e.champetier@ateme.com> 2025-06-24 07:54:43 -04:00			`canon-json = "0.2.1"`
Add support for `--replace-mode=alongside` for ostree target Ironically our support for `--replace-mode=alongside` breaks when we're targeting an already extant ostree host, because when we first blow away the `/boot` directory, this means the ostree stack loses its knowledge that we're in a booted deployment, and will attempt to GC it... https://github.com/ostreedev/ostree-rs-ext/pull/550/commits/8fa019bfa821303cfb7a7f069ae2320f4c3800fa is a key part of the fix for that. However, a notable improvement we can do here is to grow this whole thing into a real "factory reset" mode, and this will be a compelling answer to https://github.com/coreos/fedora-coreos-tracker/issues/399 To implement this though we need to support configuring the stateroot and not just hardcode `default`. Signed-off-by: Omer Tuchfeld <omer@tuchfeld.dev> 2023-09-30 15:39:08 -04:00			`cap-std-ext = "4.0.3"`
build-sys: Switch to workspace dependencies Prep for addding another crate, where I want to avoid duplicating all the versions again. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-16 09:03:21 -04:00			`chrono = { version = "0.4.38", default-features = false }`
			`clap = "4.5.4"`
Move more dependencies to workspace There's a lot shared between bootc and ostree-rs-ext. Signed-off-by: Colin Walters <walters@verbum.org> 2024-11-07 13:55:29 -05:00			`clap_mangen = { version = "0.2.20" }`
			`hex = "0.4.3"`
build-sys: Move a few dev-deps to workspace deps Just to increase sharing. Signed-off-by: Colin Walters <walters@verbum.org> 2024-08-15 14:44:29 -04:00			`indoc = "2.0.5"`
Move more dependencies to workspace There's a lot shared between bootc and ostree-rs-ext. Signed-off-by: Colin Walters <walters@verbum.org> 2024-11-07 13:55:29 -05:00			`indicatif = "0.17.0"`
build-sys: Switch to workspace dependencies Prep for addding another crate, where I want to avoid duplicating all the versions again. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-16 09:03:21 -04:00			`fn-error-context = "0.2.1"`
			`libc = "0.2.154"`
build(deps): bump openssl to 0.10.72 2025-04-07 15:49:34 -04:00			`openssl = "0.10.72"`
cli: Don't emit ANSI codes to stderr It seems the tracing crate is broken in this respect. Digging through best practices, `anstream` is used by clap and looks sane. We're basically just following their example. Signed-off-by: Colin Walters <walters@verbum.org> 2025-05-29 13:20:30 -04:00			`owo-colors = { version = "4" }`
Update to rustix 1.0 No major changes required; we get to drop one `unsafe` call which is nice! Looks like the ecosystem overall will need a fair bit of porting before we can drop the 0.38 version though. Signed-off-by: Colin Walters <walters@verbum.org> 2025-03-30 16:42:12 +00:00			`rustix = { "version" = "1", features = ["thread", "net", "fs", "system", "process", "mount"] }`
build-sys: Switch to workspace dependencies Prep for addding another crate, where I want to avoid duplicating all the versions again. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-16 09:03:21 -04:00			`serde = "1.0.199"`
			`serde_json = "1.0.116"`
build-sys: Move a few dev-deps to workspace deps Just to increase sharing. Signed-off-by: Colin Walters <walters@verbum.org> 2024-08-15 14:44:29 -04:00			`similar-asserts = "1.5.0"`
			`static_assertions = "1.1.0"`
build-sys: Switch to workspace dependencies Prep for addding another crate, where I want to avoid duplicating all the versions again. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-16 09:03:21 -04:00			`tempfile = "3.10.1"`
			`tracing = "0.1.40"`
tmpfiles: New crate This adapts code rewritten from rpm-ostree to synthesize tmpfiles.d entries. Signed-off-by: Colin Walters <walters@verbum.org> 2025-02-09 10:52:01 -05:00			`thiserror = "2.0.11"`
build-sys: Switch to workspace dependencies Prep for addding another crate, where I want to avoid duplicating all the versions again. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-16 09:03:21 -04:00			`tokio = ">= 1.37.0"`
Move more dependencies to workspace There's a lot shared between bootc and ostree-rs-ext. Signed-off-by: Colin Walters <walters@verbum.org> 2024-11-07 13:55:29 -05:00			`tokio-util = { features = ["io-util"], version = "0.7.10" }`
build-sys: Switch to workspace dependencies Prep for addding another crate, where I want to avoid duplicating all the versions again. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-16 09:03:21 -04:00
Add `cargo xtask` and packaging infrastructure First, this adds `cargo xtask` following https://github.com/matklad/cargo-xtask/ We use this to write "external glue scripts" in Rust, not bash. Specifically we now have e.g. `cargo xtask vendor` which just wraps running `cargo vendor-filterer`. Then build on that and add `cargo xtask package-srpm` which generates a `.src.rpm`. And build on that by adding the requisite glue to have Fedora's COPR be able to understand it, so that we can get auto-built and shipped packages there. This will make trying out bootc a bit easier. Signed-off-by: Colin Walters <walters@verbum.org> 2023-01-18 17:39:03 -05:00			`# See https://github.com/coreos/cargo-vendor-filterer`
			`[workspace.metadata.vendor-filter]`
build: use new `tier = 2` from cargo-vendor-filterer This is nicer than having a hardcoded list. 2023-05-23 16:05:55 -04:00			`# For now we only care about tier 1+2 Linux. (In practice, it's unlikely there is a tier3-only Linux dependency)`
			`platforms = ["*-unknown-linux-gnu"]`
			`tier = "2"`
Add `cargo xtask` and packaging infrastructure First, this adds `cargo xtask` following https://github.com/matklad/cargo-xtask/ We use this to write "external glue scripts" in Rust, not bash. Specifically we now have e.g. `cargo xtask vendor` which just wraps running `cargo vendor-filterer`. Then build on that and add `cargo xtask package-srpm` which generates a `.src.rpm`. And build on that by adding the requisite glue to have Fedora's COPR be able to understand it, so that we can get auto-built and shipped packages there. This will make trying out bootc a bit easier. Signed-off-by: Colin Walters <walters@verbum.org> 2023-01-18 17:39:03 -05:00			`all-features = true`
			`exclude-crate-paths = [ { name = "libz-sys", exclude = "src/zlib" },`
			`{ name = "libz-sys", exclude = "src/zlib-ng" },`
			`# rustix includes pre-generated assembly for linux_raw, which we don't use`
			`{ name = "rustix", exclude = "src/imp/linux_raw" },`
			`# Test files that include binaries`
			`{ name = "system-deps", exclude = "src/tests" },`
build-sys: Trim k8s-openapi some This drops ~40M uncompressed from the vendor set. Signed-off-by: Colin Walters <walters@verbum.org> 2023-09-26 10:30:40 -04:00			`# This stuff is giant, trim unused versions`
Deps: Bump to latest kube/k8s-openapi On general principle; they trimmed their supported version set which reduces dep size. But it also drops out some old things like `base64@0.13.1` (how many times does a base64 library really need to break semver?). Signed-off-by: Colin Walters <walters@verbum.org> 2023-09-08 13:03:56 -04:00			`{ name = "k8s-openapi", exclude = "src/v1_25" },`
			`{ name = "k8s-openapi", exclude = "src/v1_27" },`
Add `cargo xtask` and packaging infrastructure First, this adds `cargo xtask` following https://github.com/matklad/cargo-xtask/ We use this to write "external glue scripts" in Rust, not bash. Specifically we now have e.g. `cargo xtask vendor` which just wraps running `cargo vendor-filterer`. Then build on that and add `cargo xtask package-srpm` which generates a `.src.rpm`. And build on that by adding the requisite glue to have Fedora's COPR be able to understand it, so that we can get auto-built and shipped packages there. This will make trying out bootc a bit easier. Signed-off-by: Colin Walters <walters@verbum.org> 2023-01-18 17:39:03 -05:00			`]`
build: Use workspace global lints In relatively recent rust there's a nice way to globally configure clippy lints for the whole workspace. We can kill the `custom-lints` target because relatively recently clippy has a lint for `todo!` and `dbg!` itself. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-17 13:31:07 -04:00
build-sys: Add made up `binary-dependencies` key This would be a nice thing to try to standardize, but let's just keep track of this and use it in our CI install flow too. This helps us be cross distribution a bit more. Signed-off-by: Colin Walters <walters@verbum.org> 2025-01-03 13:08:06 -05:00			`# This is an made up key for external binary dependencies.`
			`# setpriv is a proxy for util-linux, and systemctl is a proxy for systemd.`
			`[workspace.metadata.binary-dependencies]`
packaging/rpm: Be sure we pull in chcon (and util-linux) We execute it, and Anaconda was somehow omitting this. Also pull in util-linux-core because we also depend on that. https://github.com/bootc-dev/bootc/discussions/1383#discussioncomment-13585806 Signed-off-by: Colin Walters <walters@verbum.org> 2025-06-30 13:40:36 -04:00			`bins = ["skopeo", "podman", "ostree", "zstd", "setpriv", "systemctl", "chcon"]`
build-sys: Add made up `binary-dependencies` key This would be a nice thing to try to standardize, but let's just keep track of this and use it in our CI install flow too. This helps us be cross distribution a bit more. Signed-off-by: Colin Walters <walters@verbum.org> 2025-01-03 13:08:06 -05:00
build: Use workspace global lints In relatively recent rust there's a nice way to globally configure clippy lints for the whole workspace. We can kill the `custom-lints` target because relatively recently clippy has a lint for `todo!` and `dbg!` itself. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-17 13:31:07 -04:00			`[workspace.lints.rust]`
			`# Require an extra opt-in for unsafe`
			`unsafe_code = "deny"`
			`# Absolutely must handle errors`
			`unused_must_use = "forbid"`
Make lints stricter, apply crate wide Add `dead_code = "deny"` to our default lints; we had a compiler warning for this in main. Fix the warning by moving the human readable test code into `#[cfg(test)]`. While we're here, move the other lib.rs lints into the crate; enforcing docs for everything at first I thought might be heavy handed but actually is fine as it only applies to things that are `pub`, of which we don't actually have that much so it mainly forced me to add some stub docs for the modules, which is probably a good idea. Signed-off-by: Colin Walters <walters@verbum.org> 2024-09-18 11:33:00 -04:00			`missing_docs = "deny"`
			`missing_debug_implementations = "deny"`
			`# Feel free to comment this one out locally during development of a patch.`
			`dead_code = "deny"`
build: Use workspace global lints In relatively recent rust there's a nice way to globally configure clippy lints for the whole workspace. We can kill the `custom-lints` target because relatively recently clippy has a lint for `todo!` and `dbg!` itself. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-17 13:31:07 -04:00
			`[workspace.lints.clippy]`
clippy: Deny `str::len` When I was working on some column printing code with Unicode I got bit by using `str::len`...and digging in I found that clippy actually just merged a lint to go the other way; more in the link in the code. Turning on a lint showed one place that should have been using `chars().count()` and one that should have been validating ASCII. Fix those. Signed-off-by: Colin Walters <walters@verbum.org> 2024-11-18 23:16:57 +00:00			`disallowed_methods = "deny"`
build: Use workspace global lints In relatively recent rust there's a nice way to globally configure clippy lints for the whole workspace. We can kill the `custom-lints` target because relatively recently clippy has a lint for `todo!` and `dbg!` itself. Signed-off-by: Colin Walters <walters@verbum.org> 2024-07-17 13:31:07 -04:00			`# These should only be in local code`
			`dbg_macro = "deny"`
			`todo = "deny"`
build: move needless_borrow lint allows to be global A new instance of this snuck in under xtask, this will make sure it's covered everywhere going forward. Signed-off-by: John Eckersberg <jeckersb@redhat.com> 2024-07-24 12:18:53 -04:00			`# These two are in my experience the lints which are most likely`
			`# to trigger, and among the least valuable to fix.`
			`needless_borrow = "allow"`
			`needless_borrows_for_generic_args = "allow"`