Split `dependencies` into three sections:
- Internal deps (crates in the same workspace)
- Workspace deps
- Deps only used by that sub-crate
Also make everything alphabetical.
Assisted-by: Claude Code
Signed-off-by: Colin Walters <walters@verbum.org>
Replace all serde_json::to_{string,vec,writer} with
equivalent canon_json::CanonJsonSerialize to make the
output stable / reproducible.
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
It seems the tracing crate is broken in this respect. Digging
through best practices, `anstream` is used by clap and looks sane.
We're basically just following their example.
Signed-off-by: Colin Walters <walters@verbum.org>
No major changes required; we get to drop one `unsafe` call
which is nice!
Looks like the ecosystem overall will need a fair bit of porting
before we can drop the 0.38 version though.
Signed-off-by: Colin Walters <walters@verbum.org>
# Background
The current usage instructions for bootc involve a long podman
invocation.
# Issue
It's hard to remember and type the long podman invocation, making the
usage of bootc difficult for users.
See https://issues.redhat.com/browse/BIFROST-610 and https://issues.redhat.com/browse/BIFROST-611
(Epic https://issues.redhat.com/browse/BIFROST-594)
# Solution
We want to make the usage of bootc easier by providing a new Fedora/RHEL
subpackage that includes a new binary `system-reinstall-bootc`. This binary
will simplify the usage of bootc by providing a simple command line
interface (configured either through CLI flags or a configuration file)
with an interactive prompt that allows users to reinstall the current
system using bootc.
The commandline will handle helping the user choose SSH keys / users,
warn the user about the destructive nature of the operation, and
eventually report issues they might run into in the various clouds (e.g.
missing cloud agent on the target image)
# Implementation
Added new system-reinstall-bootc crate that outputs the new
system-reinstall-bootc binary. This new crate depends on the existing utils crate.
Refactored the tracing initialization from the bootc binary into the
utils crate so that it can be reused by the new crate.
The new CLI can either be configured through commandline flags or
through a configuration file in a path set by the environment variable
`BOOTC_REINSTALL_CONFIG`.
The configuration file is a YAML file.
# Limitations
Only root SSH keys are supported. The multi user selection TUI is
implemented, but if you choose anything other than root you will get an
error.
# TODO
Missing docs, missing functionality. Everything is in alpha stage. User
choice / SSH keys / prompt disabling should also eventually be supported
to be configured through commandline arguments or the configuration
file.
Signed-off-by: Omer Tuchfeld <omer@tuchfeld.dev>
To make a bit clearer this is an internal-to-bootc thing; but also
because other projects like bootupd may start referencing it.
Signed-off-by: Colin Walters <walters@verbum.org>
This code has been forked between bootupd and coreos-installer
and here. This is prep for having bootupd pull it from bootc's
git so we can deduplicate.
Signed-off-by: Colin Walters <walters@verbum.org>
This would be a nice thing to try to standardize, but let's just
keep track of this and use it in our CI install flow too. This
helps us be cross distribution a bit more.
Signed-off-by: Colin Walters <walters@verbum.org>
When I was working on some column printing code
with Unicode I got bit by using `str::len`...and
digging in I found that clippy actually just
merged a lint to go the *other* way; more in
the link in the code.
Turning on a lint showed one place that should
have been using `chars().count()` and one that
should have been validating ASCII. Fix those.
Signed-off-by: Colin Walters <walters@verbum.org>
Ironically our support for `--replace-mode=alongside` breaks
when we're targeting an already extant ostree host, because when
we first blow away the `/boot` directory, this means the ostree
stack loses its knowledge that we're in a booted deployment,
and will attempt to GC it...
8fa019bfa8
is a key part of the fix for that.
However, a notable improvement we can do here is to grow this
whole thing into a real "factory reset" mode, and this will
be a compelling answer to
https://github.com/coreos/fedora-coreos-tracker/issues/399
To implement this though we need to support configuring the
stateroot and not just hardcode `default`.
Signed-off-by: Omer Tuchfeld <omer@tuchfeld.dev>
Add `dead_code = "deny"` to our default lints; we had
a compiler warning for this in main.
Fix the warning by moving the human readable test code into
`#[cfg(test)]`.
While we're here, move the other lib.rs lints into the crate;
enforcing docs for *everything* at first I thought might be heavy
handed but actually is fine as it only applies to things that
are `pub`, of which we don't actually have that much so it
mainly forced me to add some stub docs for the modules, which
is probably a good idea.
Signed-off-by: Colin Walters <walters@verbum.org>
A new instance of this snuck in under xtask, this will make sure it's
covered everywhere going forward.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
In relatively recent rust there's a nice way to globally
configure clippy lints for the whole workspace. We can
kill the `custom-lints` target because relatively
recently clippy has a lint for `todo!` and `dbg!` itself.
Signed-off-by: Colin Walters <walters@verbum.org>
A few things going on here:
- Rewrite logic from shell script into Rust (using xshell, so
it's still convenient to fork commands)
- Make the test logic take an externally-built container image
instead of using a `-v bootc:/usr/bin/bootc` bind mount
- Build the container image using our stock hack/Containerfile
in Github Actions instead of building for c9s in GHA
- This all hence starts to make the logic reusable outside
of Github Actions too; the container build is a known standard thing.
Signed-off-by: Colin Walters <walters@verbum.org>
On general principle; they trimmed their supported version set
which reduces dep size. But it also drops out some old things like
`base64@0.13.1` (how many times does a base64 library really need
to break semver?).
Signed-off-by: Colin Walters <walters@verbum.org>
There's a warning in newer Rust 1.72 about this, we do want the v2
resolver.
And adjust our build/CI configuration to explicitly enable
`internal-testing-api` when building our binary in CI.
- `release` should use `panic=abort` by default because we make
heavy use of FFI and this is safest, and I don't think we need
unwinding anyways
- The `releaselto` produces smallest binaries
Signed-off-by: Colin Walters <walters@verbum.org>
- `release` should use `panic=abort` by default because we make
heavy use of FFI and this is safest, and I don't think we need
unwinding anyways
- The `releaselto` produces smallest binaries
First, this adds `cargo xtask` following
https://github.com/matklad/cargo-xtask/
We use this to write "external glue scripts" in Rust, not bash.
Specifically we now have e.g. `cargo xtask vendor` which just
wraps running `cargo vendor-filterer`.
Then build on that and add `cargo xtask package-srpm` which generates
a `.src.rpm`.
And build on that by adding the requisite glue to have Fedora's COPR
be able to understand it, so that we can get auto-built and shipped
packages there.
This will make trying out bootc a bit easier.
Signed-off-by: Colin Walters <walters@verbum.org>
Closes: https://github.com/ostreedev/ostree-rs-ext/issues/6
We want to honor things like mirroring set up in `/etc/containers` and ideally
things like signature verification too. Plus we need to support the Docker
registry API, not pure OCI.
So depending on `oci-distribution` isn't a viable plan from that perspective.
We're not a Go project, so depending on github.com/containers/image directly
is out, plus even if we were vendoring all that is just a bad idea. So
let's use skopeo as a subprocess.
I originally wrote this to use skopeo via a pipe like:
`skopeo copy docker://quay.io/exampleos/exampleos oci-archive:///proc/self/fd/5`
where fd `5` is a pipe, but the first blocker is that containers/image barfs
if the destination is a pipe.
But even more importantly, the `oci-archive://` backend just
spools everything to a temporary directory and then tars it
back up, entirely obviating the point of streaming.
So here we do the tempdir dance ourself for now.
I just split them out, but I think there's a decent argument
for keeping them together. We'd likely just want the container
bits under a feature flag.
TODO:
- feature flag
- CLI `ostree-ext-cli container import|export`
