This suddenly started in our RPM (COPR/mock) builds, my suspicion
is that seccomp got turned on inadvertently, but let's
add some error context here on general principle.
```
thread 'boundimage::tests::test_parse_spec_dir' panicked at crates/lib/src/boundimage.rs:290:49:
called `Result::unwrap()` on an `Err` value: Querying bound images
Caused by:
Function not implemented (os error 38)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```
Signed-off-by: Colin Walters <walters@verbum.org>
Claude pointed this out while I was working on something else
completely unrelated. But it looks like somewhere along the way
114800 snuck its way in and probably got copy/pasted into a few
places. The maximum baud rate is 115200[1], and that is the more
typical usage.
[1] https://www.kernel.org/doc/html/latest/admin-guide/serial-console.html
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
This avoids warnings from `bootctl install` for good reasons.
Visible from `bootc install` using systemd-boot.
Signed-off-by: Colin Walters <walters@verbum.org>
Instead of storing the source imgref in the .origin file, we store the
target imgref
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
We were using composefs-native and composefs-backend interchangeably.
Replace all instances of `composefs-native` with `composefs-backend`
Move all composefs-backend options to a single struct so that we can
test for boolean instead of testing for Some/None for composefs-backend
options
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
- Change the install logic to detect UKIs and automatically
enable composefs
- Change the install logic to detect absence of bootupd
and default to installing systemd-boot
- Move sealing bits to the toplevel
- Add Justfile entrypoints
- Add basic end-to-end CI coverage (install + run) using
our integration tests
- Change lints to ignore `/boot/EFI`
Signed-off-by: Colin Walters <walters@verbum.org>
The rationale for having c9s by default was that it's
a lower bound (which is still true). But our CI covers
that; I'd rather now have the default be c10s be the default
as it will be the focus of features going forward.
Signed-off-by: Colin Walters <walters@verbum.org>
Add #[context()] attribute macro to all functions that return Result
to improve error reporting. This includes adding the fn-error-context
dependency and importing the context macro in all relevant modules.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
If the system has a swap partition (or any other volume which is not
currently mounted) the `findmnt` command will (expectedly) fail to
find it. Don't early exit in this case, instead just ignore that
volume. If it wasn't mounted in the first place, we don't need to
warn about it being unmounted after the reinstall operation is
complete.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Closes: #1659
I wanted to add a CLI option here to avoid the reboot, and
ran into the fact that our option parsing was suboptimal to
start with.
We never documented `BOOTC_REINSTALL_CONFIG` at all...I'm
kind of tempted to deprecate it.
Signed-off-by: Colin Walters <walters@verbum.org>
Use UTF8Path in BLSConfig
Use `ok_or_else` so error objects are lazily evaluated
Add tests for `get_imgref`
Update UKI path for systemd-boot to `EFI/Linux/bootc`
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
skopeo (in composefs-rs) doesn't understand the transport "registry:",
so we convert it to "docker://" when passing it to skopeo
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
Allows installing only some of the addons depending upon the list
of addons passed in as cli options.
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
Add logic for upgrading/switching to a deployment with systemd-boot as
the bootloader. Also update finalize-staged service to handle
systemd-boot bootloader entries for UKIs
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
We did not have config files for systemd-boot and were only using UKIs
which did not allow proper sorting of the UKIs. This adds .conf files
to `$ESP/loader/entries`
Also, preserves UKI addons' names so we don't overwrite previously added
addon
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
This is in prep for adding config files for BLS compliant bootloaders
booting via UKI.
Adds a field `cfg_type` to BLSConfig which will contain either of the
following sets of keys:
cfg_type - NonEFI
- linux
- initrd
- options
or
cfg_type - EFI
- efi
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
Right now this service fails in `bcvk run-ephemeral`, but
also likely fails in any non-bootc system that has `subscription-manager`
installed.
A problem is that dependencies of units are started even
if the dependee has a condition that disables it.
This basically the target and path depend on `/run/ostree-booted`
being present (which yes, won't work for composefs...)
Tests: Covered by extant `012-test-unit-status.nu`
Signed-off-by: Colin Walters <walters@verbum.org>
We weren't checking if the deleted path is a file or a directory and
were calling `remove_file` unconditionally. Update to check for
file/directory first
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
The emphasis here is on trying to have
the `Justfile` be the default entrypoint,
wrapping other tools.
- Replace mentions of podman-bootc with bcvk
since I hope the latter supercedes the former
- Unify the unit test entrypoint
- Set up /var/tmp as a tmpdir to fix the etc merge
test (otherwise, selinux failures w/tmp)
- Run the unit+container tests in integration.yml
- Have `just validate` run in a container
Signed-off-by: Colin Walters <walters@verbum.org>
- Use &Path and not &PathBuf per general style
- Include info about which xattr failed
- Consistently use with_context + format!
Signed-off-by: Colin Walters <walters@verbum.org>
For Type1 boot entries, get the version and title from /usr/lib/os-release
only defaulting to "sort_key" and "verity hash" respectively if we fail
to find them in the file.
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
For BLS complaint bootloaders, just systemd for now, we were still
looking for entries in `boot/loader/entries` which was failing as
entries for these bootloaders will be stored in the ESP.
Also, refactor to use `TempMount::mount_dev` for mounting ESP
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
We already required at least 1.83.0 since we're using `Option::unwrap`
in const context in a few places, but rust-1.90 now correctly points
this out and emits an error.
RHEL 9.6 is on 1.84.0 so bump to match that.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
- Remove duplicated logic between xtask and makefile
for converting markdown; it needs to be in xtask
as we handle the version substitution there and
some other tweaks
- Really just make the developer entrypoint `just update-generated`
in general
- Fix the rendering of booleans
- Remove unnecessary emoji from prints
Signed-off-by: Colin Walters <walters@verbum.org>
A key thing for me is that the `Justfile` should be a one-stop
shop for development of the project. It can't have everything but
it should answer the basic questions of "how do I build and test
this project".
This aligns the recently added tmt-on-GHA flow a *bit* more closely
with some of that. Biggest is to use the `just build-integration-test-image` as the canonical
way to build a container image with our testing stuff in it;
which uses our main Dockerfile
Other cleanups:
- Change test script to move into tests/tmt/ as a workaround for
https://github.com/teemtee/tmt/pull/3037#issuecomment-3259585271
- Change the qemu logic to use SMBIOS credentials so we don't
have to carry around both a disk image and a SSH key
- Change qemu to use `-snapshot` so we can reuse disks
- Change the scripts to accept data via argv[1] and not environment
- Drop the hardcoded testing directory and use `target/` as
a generic build artifact dir
Signed-off-by: Colin Walters <walters@verbum.org>
We don't need to write Grub menuentries for systemd-boot. For now the
operation is a no-op, but later we would want to have .conf files in
`ESP/loader/entries` so we can control the order of entries.
Regarding that, we would also need to place the UKIs in a separate
directory and not inside `ESP/EFI/Linux`, if we don't want duplicate
entries, as systemd-boot will simply list all .efi files placed in
EFI/Linux unconditionally
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
I was hitting a compliation error which *looks*
like it was actaully an incremental compilation bug?
Or it might have been rust-analyzer and local builds
fighting over enabled features.
Anyways, this ensures that we're gating on the composefs
backend compiling.
Signed-off-by: Colin Walters <walters@verbum.org>
