The "install to-filesystem with separate /var mount" test was causing
disk space issues on GitHub Actions runners due to its large disk
image requirements (12GB for partitions with LVM). Moving it to a TMT
test allows it to run in a dedicated VM where disk space is not as
constrained.
The test verifies that bootc install to-filesystem correctly handles
scenarios where /var is on a separate filesystem, which is a common
production setup.
Changes:
- Remove the test from Rust integration tests (install.rs)
- Add new TMT test: test-32-install-to-filesystem-var-mount.sh
- Add package requirements (parted, lvm2, dosfstools, e2fsprogs)
- Update tests.fmf and integration.fmf with new test entry
Assisted-by: Claude Code (Opus 4.5)
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
This fixes a regression from https://github.com/bootc-dev/bootc/pull/1727
by removing the unnecessary mount point check prior to the recursive
function call. Also adds some tracing statements and updates the
integration test to validate the mount check works for this scenario:
/boot/efi mounted with contents in /boot/efi/EFI/firmware/foo
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
Migrate all crates from edition 2021 to 2024. This includes
updating Cargo.toml files and fixing code compatibility issues.
The MSRV is bumped to 1.85.0 to support edition 2024.
Note: global_init() requires #[allow(unsafe_code)] for
std::env::set_var which is now unsafe in edition 2024.
This is safe because the function is called early in main()
before any threads are spawned.
Closes: #1414
Signed-off-by: Daniele Guarascio <guarascio.daniele@gmail.com>
- status.rs: Use UnicodeWidthStr::width() for correct display alignment
- container.rs: Use as_bytes().len() for hex string length verification
- Add unicode-width dependency (already a transitive dep via comfy-table)
Assisted-by: Cursor (Auto)
Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
The container inspect command previously only supported JSON output.
This extends it to support human-readable output (now the default)
and YAML, matching the output format options available in other
bootc commands like status.
The --json flag provides backward compatibility for scripts that
expect JSON output, while --format allows explicit selection of
any supported format.
Assisted-by: OpenCode (Sonnet 4)
Signed-off-by: Colin Walters <walters@verbum.org>
The container-inspect command previously only reported kernel arguments.
Extend it to also report kernel information, including whether the image
contains a traditional kernel or a Unified Kernel Image (UKI).
This consolidates UKI detection logic previously in bootc_composefs::boot
into a new kernel module that can find kernels via either the traditional
/usr/lib/modules/<version>/vmlinuz path or UKI files in /boot/EFI/Linux/.
The ContainerInspect output now includes a "kernel" field with version
and unified (boolean) properties, enabling tooling to determine the
boot method before installation.
Assisted-by: OpenCode (Claude Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
Add a new `bootc container compute-composefs-digest` command that computes
the bootable composefs digest directly from a filesystem directory path,
defaulting to `/target`. This enables computing digests in container
environments without requiring access to container storage or a booted
host system.
The existing container-storage-based behavior is preserved and renamed
to `compute-composefs-digest-from-storage` (hidden). The `hack/compute-composefs-digest`
script is updated to use the renamed command.
The core digest computation logic is extracted into a new
`bootc_composefs::digest` module with:
- `new_temp_composefs_repo()` helper for DRY temp repository creation
- `compute_composefs_digest()` function with "/" path rejection
Unit tests and an integration test verify the command works correctly,
producing valid SHA-512 hex digests with consistent results across
multiple invocations. Exact digest values are not asserted due to
environmental variations (SELinux labels, timestamps, etc.).
Closes: https://github.com/bootc-dev/bootc/issues/1862
Assisted-by: OpenCode (Claude Opus 4.5)
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
The composefs-bcvk tests were a separate test path that ran integration
tests directly via bcvk. This functionality is now covered by the
tmt-based testing framework, so remove the redundant infrastructure.
Signed-off-by: Colin Walters <walters@verbum.org>
When performing a to-filesystem installation, the target directory may
contain pre-existing mount points for directories like /var, /var/lib/containers,
etc. These are legitimate in hybrid/existing filesystem scenarios where certain
directories are on separate partitions.
This change enhances the empty rootdir check to:
- Recursively detect directories that contain only mount points
- Skip directories that are themselves mount points
- Allow installation to proceed when mount hierarchies exist (e.g., /var
containing /var/lib which contains mounted /var/lib/containers)
Also adds integration test coverage for separate /var mount scenarios using LVM.
Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
Prints JSON of container metadata/attributes of interest.
For now this just renders out the kargs embedded in the container
under the kargs.d drop-in. Future ideas for enhancements would be to
include kernel version and whether or not the image uses a UKI.
Closes: #1827
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
This adds a simple integration test for
```
$ bootc install print-configuration --all
```
in the container tests.
Thanks to Colin for suggesting this.
Signed-off-by: Michael Vogt <michael.vogt@gmail.com>
This fixes bootc's use of the Discoverable Partition Specification (DPS)
to properly support systemd-gpt-auto-generator. Previously, bootc was
incorrectly setting filesystem UUIDs to the DPS partition type UUID value,
which caused UUID collisions and prevented proper DPS functionality.
It's still a TODO on our side to support systemd-repart in this flow.
Note we go back to using random filesystem UUIDs with this, but
per above we should likely reinitialize them on boot via repart.
Note we remove root= parameter from kernel cmdline for composefs sealed images,
allowing systemd-gpt-auto-generator to auto-discover the root partition
and we test this.
Fixes: #1771
Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
Part 1: Use bcvk
For local tests, right now testcloud+tmt doesn't support UEFI, see
https://github.com/teemtee/tmt/issues/4203
This is a blocker for us doing more testing with UKIs.
In this patch we switch to provisioning VMs with bcvk, which
fixes this - but beyond that a really compelling thing about
this is that bcvk is *also* designed to be ergonomic and efficient
beyond just being a test runner, with things like virtiofs
mounting of host container storage, etc.
In other words, bcvk is the preferred way to run local virt
with bootc, and this makes our TMT tests use it.
Now a major downside of this though is we're effectively
implementing a new "provisioner" for tmt (bypassing the
existing `virtual`). In the more medium term I think we
want to add `bcvk` as a provisioner option to tmt.
Anyways for now, this works by discovers test plans via `tmt plan ls`,
spawning a separate VM per test, and then using uses tmt's connect
provisioner to run tests targeting these externally provisioned
systems.
Part 2: Rework the Justfile and Dockerfile
This adds `base` and `variant` arguments which are propagated through
the system, and we have a new `variant` for sealed composefs.
The readonly tests now pass with composefs.
Drop the continuous repo tests...as while we could keep
that it's actually a whole *other* entry in this matrix.
Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
Check for verity inside the json returned by `bootc status --json`
and compare it with the compsefs digest from kernel cmdline
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
- Change the install logic to detect UKIs and automatically
enable composefs
- Change the install logic to detect absence of bootupd
and default to installing systemd-boot
- Move sealing bits to the toplevel
- Add Justfile entrypoints
- Add basic end-to-end CI coverage (install + run) using
our integration tests
- Change lints to ignore `/boot/EFI`
Signed-off-by: Colin Walters <walters@verbum.org>
The rationale for having c9s by default was that it's
a lower bound (which is still true). But our CI covers
that; I'd rather now have the default be c10s be the default
as it will be the focus of features going forward.
Signed-off-by: Colin Walters <walters@verbum.org>
I wanted to add a CLI option here to avoid the reboot, and
ran into the fact that our option parsing was suboptimal to
start with.
We never documented `BOOTC_REINSTALL_CONFIG` at all...I'm
kind of tempted to deprecate it.
Signed-off-by: Colin Walters <walters@verbum.org>
Right now this service fails in `bcvk run-ephemeral`, but
also likely fails in any non-bootc system that has `subscription-manager`
installed.
A problem is that dependencies of units are started even
if the dependee has a condition that disables it.
This basically the target and path depend on `/run/ostree-booted`
being present (which yes, won't work for composefs...)
Tests: Covered by extant `012-test-unit-status.nu`
Signed-off-by: Colin Walters <walters@verbum.org>
A key thing for me is that the `Justfile` should be a one-stop
shop for development of the project. It can't have everything but
it should answer the basic questions of "how do I build and test
this project".
This aligns the recently added tmt-on-GHA flow a *bit* more closely
with some of that. Biggest is to use the `just build-integration-test-image` as the canonical
way to build a container image with our testing stuff in it;
which uses our main Dockerfile
Other cleanups:
- Change test script to move into tests/tmt/ as a workaround for
https://github.com/teemtee/tmt/pull/3037#issuecomment-3259585271
- Change the qemu logic to use SMBIOS credentials so we don't
have to carry around both a disk image and a SSH key
- Change qemu to use `-snapshot` so we can reuse disks
- Change the scripts to accept data via argv[1] and not environment
- Drop the hardcoded testing directory and use `target/` as
a generic build artifact dir
Signed-off-by: Colin Walters <walters@verbum.org>
