GitHub Actions runners are nested VMs, and bcvk's use of virtiofs
causes systemd-journald to enter a livelock when writing to persistent
storage in nested virtualization environments.
Add the kernel argument systemd.journald.storage=volatile to force
journald to use tmpfs instead, which avoids the livelock.
This workaround is needed until bcvk issue #90 is fully resolved
upstream.
Fixes: https://github.com/bootc-dev/bootc/pull/1708#issuecomment-2494643831
Related: https://github.com/bootc-dev/bcvk/issues/90
Assisted-by: Claude Code (Sonnet 4.5)
The v3 version does not exist, causing CI failures. The correct version
is v1 as documented in the action's README.
Assisted-by: Claude Code (Sonnet 4.5)
Temporarily limit CI matrix to only run centos-9 job to debug
the build-integration hang that has been occurring for 40+ minutes.
Added upterm action before the build step to allow interactive SSH
debugging of the issue.
This will enable us to investigate why the bcvk disk image build
is hanging specifically on C9S while other distros pass.
Assisted-by: Claude Code (Sonnet 4.5)
While composefs is still experimental, after looking at this
I think the feature gating we're doing has a pretty high "pain:gain"
ratio - in other words, the risk we're mitigating by having it
off is very low.
Since composefs is a focus of development, let's just remove
the feature gate. We have good CI coverage for the non-composefs
case.
Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
Suggested by Gemini
Accept a param `boot_dir`, fd to the boot directory, in function
`rollback_grub_uki_entries`.
Removes hardcoded paths and makes the code a tiny bit cleaner.
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
This fleshes out what we had with a more rigorous
binding to the spec.
As part of this though, the ESP constant we had here was uppercase,
but the spec version uses lowercase. Add APIs to find a partition
by type, comparing case insensitively.
Assisted-by: Claude Code
Signed-off-by: Colin Walters <walters@verbum.org>
This more closely aligns with how kernel-uki-virt is signed today, and
eliminates the requirement to use Fedora for the UKI toolchain.
Subsequently, this also switches the UKI toolchain to use c10s.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
This suddenly started in our RPM (COPR/mock) builds, my suspicion
is that seccomp got turned on inadvertently, but let's
add some error context here on general principle.
```
thread 'boundimage::tests::test_parse_spec_dir' panicked at crates/lib/src/boundimage.rs:290:49:
called `Result::unwrap()` on an `Err` value: Querying bound images
Caused by:
Function not implemented (os error 38)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```
Signed-off-by: Colin Walters <walters@verbum.org>
Claude pointed this out while I was working on something else
completely unrelated. But it looks like somewhere along the way
114800 snuck its way in and probably got copy/pasted into a few
places. The maximum baud rate is 115200[1], and that is the more
typical usage.
[1] https://www.kernel.org/doc/html/latest/admin-guide/serial-console.html
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
This avoids warnings from `bootctl install` for good reasons.
Visible from `bootc install` using systemd-boot.
Signed-off-by: Colin Walters <walters@verbum.org>
Motivation is faster provisioning and easier to debug
when something goes wrong.
Also cleanup the codeql cache.
Signed-off-by: Colin Walters <walters@verbum.org>
Instead of storing the source imgref in the .origin file, we store the
target imgref
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
We were using composefs-native and composefs-backend interchangeably.
Replace all instances of `composefs-native` with `composefs-backend`
Move all composefs-backend options to a single struct so that we can
test for boolean instead of testing for Some/None for composefs-backend
options
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
- Change the install logic to detect UKIs and automatically
enable composefs
- Change the install logic to detect absence of bootupd
and default to installing systemd-boot
- Move sealing bits to the toplevel
- Add Justfile entrypoints
- Add basic end-to-end CI coverage (install + run) using
our integration tests
- Change lints to ignore `/boot/EFI`
Signed-off-by: Colin Walters <walters@verbum.org>
- Use bash strict mode more consistently
- Drop the error redirections which can mask problems as
recommended by AI
Signed-off-by: Colin Walters <walters@verbum.org>
Make builds unprivileged by default and start using bcvk in
our own CI, the same way we expect people to do so locally
now.
Signed-off-by: Colin Walters <walters@verbum.org>
We shouldn't support specifying *arbitrary* versions to try
to release, only bump the minor or patch from what's there.
This avoids any ability to mess things up.
Signed-off-by: Colin Walters <walters@verbum.org>
Move libvirt installation into a parameterized input in the
bootc-ubuntu-setup action, allowing workflows to opt-in via
`libvirt: true`. This consolidates installation logic and makes
workflows cleaner by removing duplicate package installation steps.
Assisted-by: Claude Code
Signed-off-by: Colin Walters <walters@verbum.org>
The rationale for having c9s by default was that it's
a lower bound (which is still true). But our CI covers
that; I'd rather now have the default be c10s be the default
as it will be the focus of features going forward.
Signed-off-by: Colin Walters <walters@verbum.org>
Add #[context()] attribute macro to all functions that return Result
to improve error reporting. This includes adding the fn-error-context
dependency and importing the context macro in all relevant modules.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
If the system has a swap partition (or any other volume which is not
currently mounted) the `findmnt` command will (expectedly) fail to
find it. Don't early exit in this case, instead just ignore that
volume. If it wasn't mounted in the first place, we don't need to
warn about it being unmounted after the reinstall operation is
complete.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Closes: #1659
