When we do a reboot it is triggered inside the bootc namespace.
As we implement support for soft-reboots we need to make sure
that systemd has a view into the mounted /run/nextroot
to be able to act on doing a soft-reboot or a reboot.
By using systemd-run we avoid the limited view in the current
namespace.
Signed-off-by: Joseph Marrero Corchado <jmarrero@redhat.com>
Replace all serde_json::to_{string,vec,writer} with
equivalent canon_json::CanonJsonSerialize to make the
output stable / reproducible.
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
When staging a new deployment, create /run/reboot-required to signal that
a reboot is needed. This file is monitored by kured (Kubernetes Reboot
Daemon) and other tools to detect when a system needs to be rebooted.
This makes it easier to integrate bootc with kured and similar tools
without requiring manual configuration or bridging.
Signed-off-by: Colin Walters <walters@verbum.org>
Literally just find and replace github.com/containers/bootc with
github.com/bootc-dev/bootc
We have the redirect in place so none of this is really important, but
I figure removing as many instances of the old repo and replacing them
with the current can't hurt for things like search engine
optimization. Plus some non-zero number of people might assume one is
a fork of the other or something.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Useful when running automatic reports and analyses
where all issues need to be visible at once without truncation.
To do this we needed to add a LintExecutionConfig to
propagate configuration through the lint system.
Also, refactor how we print things so there's a
shared helper functions for consistent formatting with and without truncation.
Closes: https://github.com/bootc-dev/bootc/issues/1260
Signed-off-by: Colin Walters <walters@verbum.org>
Prep for lint truncation improvement.
- Kill the handling of the "max 0" case, it's pathological; this
requires passing NonZeroUsize
- Drop the requirement for the iterator to be clonable as it
improves ergonomics, and return a vector of the collected elements
instead
Signed-off-by: Colin Walters <walters@verbum.org>
For historical reasons the ostree sepolicy API can exist as a
no-op even if it didn't find a policy, one has to query `.csum()`
or `.name()` to verify it's present.
In our code just map that case to None.
Followup to 99d30dfd55
to ensure we consistently handle this case.
Signed-off-by: Colin Walters <walters@verbum.org>
Part of #904
Displays pinned deployments as part of "bootc status".
Includes unit tests to ensure correct parsing of the
pinned deployments, and that they are displayed in
human readable formats correctly.
Signed-off-by: Robert Sturla <robertsturla@outlook.com>
Check for the policy csum to make sure there is actually a policy
available to lookup when trying to label the bootc container storage.
Fixes #1303
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
As we head towards factory reset work, this will be of critical
importance.
For now this only shows up in the API, not in human readable
status.
Signed-off-by: Colin Walters <walters@verbum.org>
The previous code in trying to parse `oci` was wrong; the syntax
for an `oci` transport is the same as oci-archive, which
includes a file path (and there's no mechanism to quote `:` note).
The canonical logic for all of this stuff is in Go, there's
no canonical Rust library (yet, though I did think about putting
this in oci-spec).
Previous to this attempt to handle tagged+digested, we weren't
parsing image references at all.
First, factor out a `canonicalize_reference` helper since that's
what we're really doing here, it's independent of the *transport*.
Fix the canonicalize function to drop out trying to parse `oci`.
Add a separate test case that incorrectly passes just so it's
a bit more obvious to fix this later.
Note that today at least `skopeo` rejects trying to fetch
via tagged+digested form from an `oci:` so it's fine if
we don't canonicalize here yet, even though it could confuse
someone.
Signed-off-by: Colin Walters <walters@verbum.org>
Fixes #1308
Introduced in 10b66fb was a bug where oci-archive and dir image ref formats
were attempted to be parsed, to which an error was returned. This changes
the behaviour to only attempt to parse image refs from an allowlisted
selection of transports.
Signed-off-by: Robert Sturla <robertsturla@outlook.com>
Closes #1165
Performs tag-stripping when the image reference contains both
a tag and digest. This allows Skopeo to pull the image
successfully, while still displaying both the tag + digest inside
bootc status.
Signed-off-by: Robert Sturla <robertsturla@outlook.com>
Closes: https://github.com/bootc-dev/bootc/issues/1292
Basically we were doing the `/proc/1/root/var/tmp` trick for
`/var/tmp` because we didn't have the dynamic bind mount infrastructure
before. Now we do, so use it instead.
The specific motivation is that Go in some cases uses `EvalSymlinks`
which gets confused by the `/proc/<pid>/root` magic links.
Also, this deletes a lot of code.
Signed-off-by: Colin Walters <walters@verbum.org>
When set, the bootc-destructive-cleanup flag is added to /sysroot/etc
which enables the bootc-destructive-cleanup systemd service to remove
the previous installation's rpm packages and podman containers/images.
The service is only installed on fedora based systems.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
I guess this got misplaced somewhere along the way while reorganizing
the lint code, but I just now noticed it while browsing the code.
Also removed bit about "if it does not exist error", because that's
not accurate with the present behavior of the lint.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Bump our composefs-rs version and adjust to the API changes there.
Also, add "BSL-1.0" (Boost Software Licence, OSI/FSF approved) to our
allowed licence lists: it's used by xxhash-rust.
Signed-off-by: Allison Karlitskaya <allison.karlitskaya@redhat.com>
This modifies the existing check for an extant stateroot dir to check if
the pending stateroot is the same as the booted deployment. Also only
run init_osname if there is not an existing stateroot dir.
fixes #1246
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
Prior to this, get_ensure_imgstore would fail when run from a non-bootc
system. Instead, in an attempt to make this function idempotent, let's
fallback to the container root sepolicy instead of failing. This should
only happen when running cleanup() during a to-existing install (i.e.
there is not yet a bootc system).
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
This deprecates skip-fetch-check in favor of the inverse,
run-fetch-check. Updates docs and tests to reflect the change.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
Right now the `utf8` lint does a tree walk. I want
to add more, but it'd be good to avoid walking
the whole filesystem multiple times.
In paticular I wanted to add a check for `ostree.usermeta`
should never be present.
Signed-off-by: Colin Walters <walters@verbum.org>
