Preethi represents bootc in public forums like Kubecon,
RH Summit and our community meetings.
Signed-off-by: Joseph Marrero Corchado <jmarrero@redhat.com>
This just clarifies things in a few places to distinguish between a
UKI which has just a single path versus a traditional kernel with
separate vmlinuz and initramfs.
Also renames `find_uki_filename` to `find_uki_path` and updates the
return type to use `Utf8PathBuf` instead of just `String`.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
When `--src-imgref` is passed, the deployed systemd does not match the
running environnement. In this case, let's run bootupd from inside
the deployment. This makes sure we are using the binaries
shipped in the image (and relevant config files such as grub fragements).
We use bwrap to set up the chroot for a easier handling of the API
filesystems.
We could do that in all cases but i kept it behind the `--src-imgref`
option since when using the target container as the buildroot it will
have no impact, and we expect this scenario to be the most common.
In CoreOS we have a specific test that checks if the bootloader was
installed with the `grub2-install` of the image.
Fixes https://github.com/bootc-dev/bootc/issues/1559
Also see https://github.com/bootc-dev/bootc/issues/1455
Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: jbtrystram <jbtrystram@redhat.com>
Add a new subcommand that builds a Unified Kernel Image (UKI) by
computing the necessary arguments from a container image and invoking
ukify. This simplifies the sealed image build workflow by having bootc
internally compute:
- The composefs digest (via existing compute-composefs-digest logic)
- Kernel arguments from /usr/lib/bootc/kargs.d/*.toml files
- Paths to kernel, initrd, and os-release
Any additional arguments are passed through to ukify unchanged, allowing
full control over signing, output paths, and other ukify options.
The seal-uki script is updated to use this new command instead of
manually computing these values and invoking ukify directly.
Also adds kargs.d configuration files for the sealed UKI workflow:
- 10-rootfs-rw.toml: Mount root filesystem read-write
- 21-console-hvc0.toml: Console configuration for QEMU/virtio
Closes: #1955
Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
The composefs backend implementation has largely landed. Consolidate
tracking of known issues into the docs, categorized by severity:
- Deployment blockers: GC, SELinux enforcing=0, OCI registry install
- Important: Sealed image build UX, kargs.d support
- Long-term: Unified storage, UKI/systemd-boot improvements
This allows closing the original tracking issue #1190.
Assisted-by: OpenCode (Claude Sonnet 4)
Signed-off-by: Colin Walters <walters@verbum.org>
Document how container images are stored as ostree commits, including:
container/mod.rs:
- On-disk storage structure (ref namespace, layer storage, merge commit)
- Import flow from manifest fetch through merge commit creation
- Tar stream format and connection to deployments
- Signature verification options
- Key types and submodules
container/store.rs:
- Reference namespace constants and their purposes
- Three-step import process (create, prepare, execute)
- Layer types (commit, component, derived) and their handling
- Merge commit metadata keys
- Layer caching and deduplication strategy
- Garbage collection behavior
- Example usage
lib.rs:
- Add key modules section highlighting container, tar, sysroot, chunking
This complements the recent installation documentation by explaining how
container images are actually stored on disk in the ostree repository.
Assisted-by: OpenCode (Claude Sonnet 4)
Signed-off-by: Colin Walters <walters@verbum.org>
Wrap bare URLs in angle brackets to make them proper hyperlinks,
escape angle brackets in doc comments that look like HTML tags,
and fix broken intra-doc links.
Assisted-by: OpenCode (Sonnet 4)
Signed-off-by: Colin Walters <walters@verbum.org>
Move `cargo build --release -p tests-integration` to run before
`sudo podman build` to avoid cargo registry permission issues.
The tests-integration binary doesn't depend on the fsverity image,
so this reordering has no functional impact on the test flow.
Signed-off-by: Xiaofeng Wang <henrywangxf@me.com>
The install-tests CI job was failing because running `cargo xtask`
as root (via sudojust) modified ~/.cargo files with root ownership,
causing later cargo commands to fail with permission errors.
This change builds container images as the regular user and copies
them to root's podman storage using `podman save | sudo podman load`.
This avoids cargo cache permission issues while still making images
available for privileged tests.
Add two new Justfile recipes:
- copy-to-rootful: Copy a single image from user to root storage
- copy-lbi-to-rootful: Copy all bound images (LBI) to root storage
Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
bootc images have /home as a symlink to /var/home, but /var/home
may not exist in the base container image. When local-rust-deps
outputs bind mount arguments for paths under /home/..., crun fails
to create the mount destination because it can't create /var/home.
Fix by mapping /home/... paths to /var/home/... for the container
destination. Cargo inside the container can still access the files
via /home/... since the symlink works once /var/home exists.
Assisted-by: OpenCode (Claude Sonnet 4)
Signed-off-by: Colin Walters <walters@verbum.org>
This allows registries to distinguish "image pulls for bootc client
runs" from other skopeo/containers-image users. The user agent will
be in the format "bootc/<version> skopeo/<version>".
All places in bootc that create ImageProxyConfig now use a new helper
function that sets the user_agent_prefix field.
Closes: https://github.com/bootc-dev/bootc/issues/1686
Assisted-by: OpenCode (Sonnet 4)
Signed-off-by: Colin Walters <walters@verbum.org>
Add `cargo xtask local-rust-deps` which uses `cargo metadata` to find
local path dependencies outside the workspace (e.g., from [patch] sections)
and outputs podman bind mount arguments.
This enables a cleaner workflow for local development against modified
dependencies like composefs-rs:
1. Add a [patch] section to Cargo.toml with real local paths
2. Run `just build` - the Justfile auto-detects and bind-mounts them
Benefits over the previous BOOTC_extra_src approach:
- No manual env var needed
- Paths work for both local `cargo build` and container builds
- No /run/extra-src indirection or Cargo.toml path munging required
- Auto-detection means it Just Works™
The Justfile's build target now calls `cargo xtask local-rust-deps` to
get bind mount args, falling back gracefully if there are no external deps.
The old BOOTC_extra_src mechanism is still supported for backwards compat.
Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
I want to be able to write build rules in Rust that may be
invoked from outside of a container build, but in the default
GHA runners Rust is installed via `rustup` which lives just in
the `runner` user's homedir.
When using `sudo` it resets `$PATH` so we lose access to it.
Fix this by passing `$PATH` in.
Assisted-by: OpenCode (claude-sonnet-4-20250514)
Signed-off-by: Colin Walters <walters@verbum.org>
Until now while checking if a deployment is capable of being soft
rebooted, we were not taking into account any differences in SELinux
policies between the two deployments. This commit adds such a check
We only check for policy diff if SELinux is enabled
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
composefs: Refactor
Add doc comments for StagedDeployment struct
Use `serde_json::to_writer` to prevent intermediate string allocation
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
composefs/selinux: More refactor
Move SELinux realted oprations to a separate module
Minor refactoring and add some comments
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
When `--download-only` is passed, only download the image into the
composefs repository but don't finalize it.
Conver the /run/composefs/staged-deployment to a JSON file and Add a
finalization_locked field depending upon which the finalize service will
either finalize the staged deployment or leave it as is for garbage
collection (even though GC is not fully implemented right now).
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
After bootc/commit/49d753f996747a9b1f531abf35ba4e207cf4f020,
composefs-rs saves config in the format `oci-config-sha256:`.
Update to match the same
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Aligning with ostree API, now we only initiate soft-reboot if `--apply`
is passed to `bootc update`, `bootc switch`, else we only prepare the
soft reboot
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Allow configuring the root and boot filesystem mount
specs via the install configuration file under [install].
As for other options, CLI arguments take precedence.
For the to-existing-root flow, mount specs from config are ignored.
Example configuration:
```
[install]
root-mount-spec = "LABEL=rootfs"
boot-mount-spec = "UUID=abcd-1234"
```
Fixes https://github.com/bootc-dev/bootc/issues/1939
Assisted-by: Opencode (Claude Opus 4.5)
Signed-off-by: jbtrystram <jbtrystram@redhat.com>
Support for configuring the stateroot name through the install
configuration file under `[install.ostree]`.
The CLI flag will override config file values, as for other options.
Partial fix for https://github.com/bootc-dev/bootc/issues/1939
Assisted-by: Opencode (Claude Opus 4.5)
Signed-off-by: jbtrystram <jbtrystram@redhat.com>
This is useful when debugging issues with stale cached layers,
such as package version skew between base images and repos.
Signed-off-by: Colin Walters <walters@verbum.org>
Justfile changes:
- Organize targets into groups (core, testing, docs, debugging, maintenance)
- Add `list-variants` target to show available build variants
- Simplify comments to be concise single-line descriptions
- Move composefs targets (build-sealed, test-composefs) into core group
CONTRIBUTING.md changes:
- Reference `just --list` and `just list-variants` instead of duplicating
- Remove tables that duplicate Justfile information
- Fix broken link to cli.rs
The Justfile is now self-documenting via `just --list` (grouped targets)
and `just list-variants` (build configuration options).
Assisted-by: OpenCode (Claude Sonnet 4)
Signed-off-by: Colin Walters <walters@verbum.org>
Add comprehensive documentation for building sealed bootc images,
focusing on the core concepts and the key command:
`bootc container compute-composefs-digest`.
Key additions:
- Document how sealed images work (UKI + composefs digest + Secure Boot)
- Explain the build workflow abstractly without distribution-specific details
- Document the compute-composefs-digest command and its options
- Add section on generating/signing UKIs with ukify
- Document developer testing commands (just variant=composefs-sealeduki-sdboot)
- Add validation tooling documentation
This provides the foundation for distribution-specific documentation
to build upon with concrete Containerfile examples.
Assisted-by: OpenCode (Claude Sonnet 4)
Signed-off-by: Colin Walters <walters@verbum.org>
We changed how composefs digests are computed to ensure that
mounted filesystem via --mount=type=image and install-time view
(OCI tar layer processing from containers-storage) match.
There were various problems like differing metadata for `/`
among other things.
Signed-off-by: Colin Walters <walters@verbum.org>
The composefs-rs PR 209 has been merged to main. This updates
bootc to use the containers/composefs-rs repository at the
merge commit.
Key API changes:
- Directory::default() -> Directory::new(Stat::uninitialized())
- read_filesystem() no longer takes stat_root parameter
- New read_container_root() for OCI containers (propagates /usr metadata to root)
- stat_root CLI flag renamed to no_propagate_usr_to_root with inverted logic
See https://github.com/containers/composefs-rs/pull/209
Signed-off-by: Colin Walters <walters@verbum.org>
Add support for bind-mounting an extra source directory into container
builds, primarily for developing against a local composefs-rs checkout.
Usage:
BOOTC_extra_src=$HOME/src/composefs-rs just build
The directory is mounted at /run/extra-src inside the container. When
using this, also patch Cargo.toml to use path dependencies pointing to
/run/extra-src/crates/....
Signed-off-by: Colin Walters <walters@verbum.org>
Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
Now that we're doing a "from scratch" build we don't
have the mtime issue, and so we can change our build system
to do everything in a single step.
Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
Add a TMT test that exercises the mount point check fix from PR #1904.
The test builds a container image with an embedded disk.yaml that creates
a partition layout WITHOUT a separate /boot partition - just root (/)
with /boot/efi as a separate mount point.
This partition layout triggers the bug from issue #1907 where bootc's
empty rootfs verification would fail with:
"Found entry in boot: efi"
The issue was that when /boot is a directory on the root filesystem
(not a separate partition), but /boot/efi IS a mount point on a different
device, the old code incorrectly saw "efi" as a regular directory entry
rather than recognizing it was a mount point boundary.
Verified that temporarily reverting the fix from PR #1904 causes this
test to fail with the expected error message.
This was already fixed by ab65078675
but we didn't realize at the time the scope.
Closes: https://github.com/bootc-dev/bootc/issues/1907
Signed-off-by: Colin Walters <walters@verbum.org>
Document the bootc-destructive-cleanup.service systemd unit that runs
on first boot after an alongside installation with --cleanup. The man
page explains how the service is enabled via the systemd generator,
what the Fedora cleanup script does, and how distributions can
customize the cleanup behavior.
Resolves: https://issues.redhat.com/browse/RHEL-131317
Assisted-by: OpenCode (Claude Sonnet 4)
Signed-off-by: Colin Walters <walters@verbum.org>
