GitHub Actions runners are nested VMs, and bcvk's use of virtiofs
causes systemd-journald to enter a livelock when writing to persistent
storage in nested virtualization environments.
Add the kernel argument systemd.journald.storage=volatile to force
journald to use tmpfs instead, which avoids the livelock.
This workaround is needed until bcvk issue #90 is fully resolved
upstream.
Fixes: https://github.com/bootc-dev/bootc/pull/1708#issuecomment-2494643831
Related: https://github.com/bootc-dev/bcvk/issues/90
Assisted-by: Claude Code (Sonnet 4.5)
- Change the install logic to detect UKIs and automatically
enable composefs
- Change the install logic to detect absence of bootupd
and default to installing systemd-boot
- Move sealing bits to the toplevel
- Add Justfile entrypoints
- Add basic end-to-end CI coverage (install + run) using
our integration tests
- Change lints to ignore `/boot/EFI`
Signed-off-by: Colin Walters <walters@verbum.org>
Make builds unprivileged by default and start using bcvk in
our own CI, the same way we expect people to do so locally
now.
Signed-off-by: Colin Walters <walters@verbum.org>
This drains nontrivial logic out GHA and into something
isolated via containers and driven via `Justfile` and
easily replicable locally too.
Signed-off-by: Colin Walters <walters@verbum.org>
The emphasis here is on trying to have
the `Justfile` be the default entrypoint,
wrapping other tools.
- Replace mentions of podman-bootc with bcvk
since I hope the latter supercedes the former
- Unify the unit test entrypoint
- Set up /var/tmp as a tmpdir to fix the etc merge
test (otherwise, selinux failures w/tmp)
- Run the unit+container tests in integration.yml
- Have `just validate` run in a container
Signed-off-by: Colin Walters <walters@verbum.org>
First change `.dockerignore` to be an allowlist.
This avoids spurious rebuilds when touching e.g. `tmt/`, and
also crucially we don't leak `.git/` into the sources which
can easily change as one makes commits/branches.
This also requires touching the `hack/` directory which
is now fully self contained.
While we're here, make clear the roles of Justfile vs Makefile.
Remove the `make test`.
Signed-off-by: Colin Walters <walters@verbum.org>
A key thing for me is that the `Justfile` should be a one-stop
shop for development of the project. It can't have everything but
it should answer the basic questions of "how do I build and test
this project".
This aligns the recently added tmt-on-GHA flow a *bit* more closely
with some of that. Biggest is to use the `just build-integration-test-image` as the canonical
way to build a container image with our testing stuff in it;
which uses our main Dockerfile
Other cleanups:
- Change test script to move into tests/tmt/ as a workaround for
https://github.com/teemtee/tmt/pull/3037#issuecomment-3259585271
- Change the qemu logic to use SMBIOS credentials so we don't
have to carry around both a disk image and a SSH key
- Change qemu to use `-snapshot` so we can reuse disks
- Change the scripts to accept data via argv[1] and not environment
- Drop the hardcoded testing directory and use `target/` as
a generic build artifact dir
Signed-off-by: Colin Walters <walters@verbum.org>
See the updates to `Justfile` for how to use this.
Closes: #1428
Assisted-By: Claude Code (opus + sonnet)
Signed-off-by: Colin Walters <walters@verbum.org>
And add a single test which verifies that our internal `reboot`
code actually does what it should (via systemd-run etc.)
This took me way, way too long to do...there were so many missteps
and confusion. First of all, I kept trying to use `systemd.extra-unit`
from https://www.freedesktop.org/software/systemd/man/latest/systemd-debug-generator.html#
but that doesn't exist in stream9.
I spent way too long trying to debug the fact that switching from
`podman run <image> /sbin/init` to `podman run <image> /bin/sh -c '<stuff> && exec /sbin/init`
fails because in the latter case podman's auto-detection fails and
we need to explicitly say `--systemd=always`. In retrospect obvious...but oh well.
On the positive side, I think with some cleanup we could extend this model
and generalize it for "test running in a container with systemd" (with
a lot of cleanup really)
Signed-off-by: Colin Walters <walters@verbum.org>
This is aligning with what I did in https://github.com/ostreedev/ostree/pull/3439
- What gets invoked in e.g. GHA should ideally most be `just` commands
that are easy to run locally too (with sudo in GHA, without sudo locally)
- Move the "core build" to the toplevel so that one can just `podman build`
directly too (without the Justfile) and have it do something useful
- The "always build and test in a container" helps for LLM-assisted coding
because what they can do is inherently sandboxed
Signed-off-by: Colin Walters <walters@verbum.org>
