Add a new subcommand that builds a Unified Kernel Image (UKI) by
computing the necessary arguments from a container image and invoking
ukify. This simplifies the sealed image build workflow by having bootc
internally compute:
- The composefs digest (via existing compute-composefs-digest logic)
- Kernel arguments from /usr/lib/bootc/kargs.d/*.toml files
- Paths to kernel, initrd, and os-release
Any additional arguments are passed through to ukify unchanged, allowing
full control over signing, output paths, and other ukify options.
The seal-uki script is updated to use this new command instead of
manually computing these values and invoking ukify directly.
Also adds kargs.d configuration files for the sealed UKI workflow:
- 10-rootfs-rw.toml: Mount root filesystem read-write
- 21-console-hvc0.toml: Console configuration for QEMU/virtio
Closes: #1955
Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Now that we're doing a "from scratch" build we don't
have the mtime issue, and so we can change our build system
to do everything in a single step.
Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
When rpm -qa returns no packages, xargs would still invoke
rpm -e with no arguments, causing failure with "no packages
given for erase" (exit code 123).
Add -r flag to xargs to skip execution when input is empty.
Signed-off-by: Xiaofeng Wang <henrywangxf@me.com>
The base image may be built from a compose that has newer packages
than what's available on the public mirrors. This causes version skew
where packages like bootupd have different versions between the base
image and our built image.
For example, bootupd 0.2.32 changed the EFI file layout from
/usr/lib/bootupd/updates/EFI/ to /usr/lib/efi/, and if we build
with an older bootupd from mirrors while the target image has
the newer layout, bootloader installation fails.
Enable the CentOS Stream compose repos with higher priority to ensure
we get matching versions.
xref https://gitlab.com/redhat/centos-stream/containers/bootc/-/issues/1174
Signed-off-by: Colin Walters <walters@verbum.org>
Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
Pass SOURCE_DATE_EPOCH from git commit timestamp through to rpmbuild,
enabling bit-for-bit reproducible RPM builds. This is useful for
verification and caching.
Then fix the idempotency of the default `just build` to ensure
we're not incorrectly invalidating caches.
Add `just check-buildsys` command that builds packages twice and
verifies checksums match, confirming reproducibility. The CI package
job now uses this to catch regressions.
Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
Main goal is to reduce signing logic duplication between the systemd-boot
and UKI generation.
However, this quickly snowballed into wanting to actually verify
by providing a custom secure boot keys to bcvk that things worked.
This depends on https://github.com/bootc-dev/bcvk/pull/170
Now as part of that, I ran into what I think are bugs in pesign;
this cuts things back over to using sbsign. I'll file a tracker for that
separately.
Finally as part of this, just remove the TMT example that builds
a sealed image but doesn't actually verify it works - it's already
drifted from what we do outside here. Ultimately what we need
is to shift some of this into the Fedora examples and we just
fetch it here anyways.
Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
This splits the RPM package building into a separate CI job that runs
before the integration tests. The built packages are then downloaded
and used by the integration test jobs, avoiding redundant builds.
Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
The rhsm feature was not being propagated from the CLI crate to the
lib crate, causing `bootc internals publish-rhsm-facts` to never be
compiled in even when building with CARGO_FEATURES=rhsm.
I think this was broken when I refactored the build recently.
Change things so we build the manpages before the production
binary, ensuring the production binary always ends up with
the right feature flags.
Fixes: https://issues.redhat.com/browse/RHEL-130799
Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
In order to debug failures more reliably we really always want a virtual
console.
It turns out the Fedora kernel configs for a while have done
9a0d7ce2af
which means hvc0 is available from very early boot.
I am probably going to argue to do this in all Fedora derivatives by
default soon but let's start here.
Signed-off-by: Colin Walters <walters@verbum.org>
Now that we've cut over to always building + installing via
an (RPM) package in our build system, we need to always install
the dracut module.
Signed-off-by: Colin Walters <walters@verbum.org>
We were bit before by just doing a `COPY` of our binaries overtop of
the base image because that doens't remove old files.
Replace the pre-build approach with rpmbuild, and then change to
do an rpm-based upgrade so that we fix that problem.
Note that we still preserve incremental rebuilds by overriding
some of the RPM build process.
Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
This landed downstream in 3d4f302c50
but some CI flows build from this spec, so do the change
here too.
Signed-off-by: Colin Walters <walters@verbum.org>
The emphasis here is on trying to have
the `Justfile` be the default entrypoint,
wrapping other tools.
- Replace mentions of podman-bootc with bcvk
since I hope the latter supercedes the former
- Unify the unit test entrypoint
- Set up /var/tmp as a tmpdir to fix the etc merge
test (otherwise, selinux failures w/tmp)
- Run the unit+container tests in integration.yml
- Have `just validate` run in a container
Signed-off-by: Colin Walters <walters@verbum.org>
See the updates to `Justfile` for how to use this.
Closes: #1428
Assisted-By: Claude Code (opus + sonnet)
Signed-off-by: Colin Walters <walters@verbum.org>
Literally just find and replace github.com/containers/bootc with
github.com/bootc-dev/bootc
We have the redirect in place so none of this is really important, but
I figure removing as many instances of the old repo and replacing them
with the current can't hurt for things like search engine
optimization. Plus some non-zero number of people might assume one is
a fork of the other or something.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
When set, the bootc-destructive-cleanup flag is added to /sysroot/etc
which enables the bootc-destructive-cleanup systemd service to remove
the previous installation's rpm packages and podman containers/images.
The service is only installed on fedora based systems.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
Previously this was just running a "normal" `cargo build` a second
time, and overwriting the rhsm feature flags in the main bootc binary
Resolves: BIFROST-658
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Fixes #1104
Make the podman dependency of system-reinstall-bootc optional
* Change the spec file to recommend podman instead of requiring it (this
will make it more palatable to have this package included in distros
by default)
* Now that podman is only recommended, the system-reinstall-bootc binary
must check whether podman is installed and try to install it. This is
done by launching the install-podman script that is included with the
system-reinstall-bootc RPM. The exact location where
system-reinstall-bootc will look for this script is defined in the
build environment variable `SYSTEM_REINSTALL_BOOTC_INSTALL_PODMAN_PATH`
Signed-off-by: Omer Tuchfeld <omer@tuchfeld.dev>
The subpackage name was left to be bootc-reinstall even though we
decided on a name change.
This commit changes the package name to match the binary name which is `system-reinstall-bootc`
# Implementation
By default .spec files will prepend the main package name to the
subpackage name, the `-n` flag of the `%package` directive prevents that
(this is also needed in the %files and %description directives)
Signed-off-by: Omer Tuchfeld <omer@tuchfeld.dev>
Modified the bootc.spec file to generate a new subpackage which includes
the new system-reinstall-bootc binary.
# Try
Try out instructions:
```bash
# Make srpm
cargo xtask package-srpm
# Mock group
sudo usermod -a -G mock $(whoami)
newgrp mock
# Build RPM for RHEL
mock --rebuild -r rhel+epel-9-x86_64 --rebuild target/bootc-*.src.rpm
```
Then install the RPM (`/var/lib/mock/rhel+epel-9-x86_64/result/bootc-reinstall-2*.el9.x86_64.rpm`) on [a rhel9 gcp vm](https://console.cloud.google.com/compute/instanceTemplates/details/rhel9-dev-1?project=bifrost-devel&authuser=1&inv=1&invt=Abn-jg) instance template
Signed-off-by: Omer Tuchfeld <omer@tuchfeld.dev>
In preparation for vendoring composefs-rs from git.
Basically before, things work fine when we're just vendoring
from crates.io, but fall over when we add a git dependency.
The Fedora `cargo_prep` macro writes a hardcoded `.cargo/config.toml`
which only has a replacement for `crates.io`, but we need
the generated replacement for git too which is output by
`cargo vendor-filterer` - which previously we were
discarding.
This was surprisingly difficult!
- Capture the output of `vendor-filterer`
- Work around a bug where it puts a broken `directory` path in
the generated TOML
- Insert that as a new `vendor-config.toml` in our source
- Do use `cargo_prep` to init the RPM config in the spec,
but re-inject our vendor config appended to that one.
Signed-off-by: Colin Walters <walters@verbum.org>
The Go macros for Fedora, RHEL 10, and ELN (the future RHEL 11) are all in
sync; only RHEL 9 and earlier need the old syntax.
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
This directory will contain expected files in the base image.
That said, I may change the container import path to auto-create
at least the sysroot dir and symlink at some point and these
can just be dropped.
And for that matter after
9a0acd7249
"libostree/deploy: enable composefs by default"
we can likely just drop the prepare-root bit too.
But for now this is needed.
Motivated by improving base image generation from
https://gitlab.com/fedora/bootc/tracker/-/issues/32
Signed-off-by: Colin Walters <walters@verbum.org>
This is a giant and hacky workaround for
https://github.com/ostreedev/ostree/issues/3193
The better real fix is probably in either systemd or anaconda
(more realistically both) but let's paper over things here for now.
Having code to run as a generator will likely be useful in the
future anyways.
Signed-off-by: Colin Walters <walters@verbum.org>
The release process has drifted with xtask; I forget exactly
why but I ended up with `.zstd`, not `.zst` in the tarballs
and I've been hand-hacking that manually.
Fix things up so that `cargo xtask package` generates the source
snapshot and the vendor tarball named exactly how we release
them now.
Signed-off-by: Colin Walters <walters@verbum.org>
I decided to just do a release anyways, so we don't need to track
git.
This (effectively) reverts commit 79295cedaf.
Signed-off-by: Colin Walters <walters@verbum.org>
- Inject pre-generated manpages into the source tarball we make
- Ensure we use the git tag for version if there is one
Immediate motivation is making sure man pages end up in e.g.
RPM builds.
Signed-off-by: Colin Walters <walters@verbum.org>
First, this adds `cargo xtask` following
https://github.com/matklad/cargo-xtask/
We use this to write "external glue scripts" in Rust, not bash.
Specifically we now have e.g. `cargo xtask vendor` which just
wraps running `cargo vendor-filterer`.
Then build on that and add `cargo xtask package-srpm` which generates
a `.src.rpm`.
And build on that by adding the requisite glue to have Fedora's COPR
be able to understand it, so that we can get auto-built and shipped
packages there.
This will make trying out bootc a bit easier.
Signed-off-by: Colin Walters <walters@verbum.org>
