We were using composefs-native and composefs-backend interchangeably.
Replace all instances of `composefs-native` with `composefs-backend`
Move all composefs-backend options to a single struct so that we can
test for boolean instead of testing for Some/None for composefs-backend
options
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
Ensure that if a custom policy is added in a
Containerfile, the resulting deployment has the expected
labels as well.
Assisted by Claude Code
Signed-off-by: Joseph Marrero Corchado <jmarrero@redhat.com>
Since we're running this under tmt, the "system" bootc binaries were
built from source and injected into the integration disk image. No
need to rebuild these inside of the test job itself.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Doing this as a distinct commit so as to not conflate future
modifications with the bulk code movement.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Add test-26-examples-build to validate that the bootc-bls and bootc-uki
example build scripts work correctly.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
A key thing for me is that the `Justfile` should be a one-stop
shop for development of the project. It can't have everything but
it should answer the basic questions of "how do I build and test
this project".
This aligns the recently added tmt-on-GHA flow a *bit* more closely
with some of that. Biggest is to use the `just build-integration-test-image` as the canonical
way to build a container image with our testing stuff in it;
which uses our main Dockerfile
Other cleanups:
- Change test script to move into tests/tmt/ as a workaround for
https://github.com/teemtee/tmt/pull/3037#issuecomment-3259585271
- Change the qemu logic to use SMBIOS credentials so we don't
have to carry around both a disk image and a SSH key
- Change qemu to use `-snapshot` so we can reuse disks
- Change the scripts to accept data via argv[1] and not environment
- Drop the hardcoded testing directory and use `target/` as
a generic build artifact dir
Signed-off-by: Colin Walters <walters@verbum.org>
This change updates the /run/reboot-required file to include information
about the staged bootc image. This will provide users with information
about what bootc image will be effective after the system has been
rebooted.
Fixes #1574
Signed-off-by: Brendan Shephard <bshephar@bne-home.net>
We debugged https://github.com/ostreedev/ostree/issues/3503 and
it's basically a systemd/Anaconda bug. So we can consider
soft reboots an available feature from our end (as systemd
does), but certainly one that will require integration testing on
the OS/distro side.
If you're building a system and you don't want to enable
soft reboots, just `rm /usr/lib/systemd/system/soft-reboot.target`
or so should do the trick.
Signed-off-by: Colin Walters <walters@verbum.org>
The previous locking code was just wrong; my bad for not stress
testing it.
Fix it an add a test too.
Signed-off-by: Colin Walters <walters@verbum.org>
This commit adds --soft-reboot=required|auto to the
cli which uses the ostree api's to setup soft-reboots
during switch, update and rollback operations.
Co-authored-by: Colin Walters <walters@verbum.org>
Signed-off-by: Joseph Marrero Corchado <jmarrero@redhat.com>
Signed-off-by: Colin Walters <walters@verbum.org>
This adds scaffolding to install a stub binary which can
optionally be added into the initramfs;
prep for us doing real work during setup as we aim
to move to the native composefs backend.
The binary is *built* but is only installed by a
new `Makefile` target, so existing build system
users won't pick it up. Our development-only
`Dockerfile` gains a build option to use it
(and also ensures the initramfs is regenerated).
However previously we also discussed moving the fstab
logic into the initramfs:
https://github.com/bootc-dev/bootc/pull/1113
I might try doing that once this lands.
One notable thing is that even this trivial nearly-no-op
binary is still 4MB which I think is mostly due
to linking in a whole copy of prebuilt rust `std`.
In theory we could try going to `#[no_std]` but I
don't think it'll be viable once we start doing more here.
Probably most practical thing re size is `-Z build-std` + LTO.
Signed-off-by: Colin Walters <walters@verbum.org>
This exposes the current functionality of the cfsctl binary.
It's not a crate right now, and it's not a lot of code, so we just
fork it.
I did take the effort to use `git subtree merge` to do the import.
For the record, here's how I did it:
- In composefs-rs: git subtree split --prefix=crates/cfsctl
- In bootc: git subtree add --prefix=crates/lib/cfsctl ../../containers/composefs-rs/ <git sha1 from above>
In cfsctl I also:
- Adjusted it to accept the bootc-configured composefs repo
(which note is right now hardcoded to sha512, not sha256)
- Dropped the http stuff since I don't think it really makes
sense vs OCI
Signed-off-by: Colin Walters <walters@verbum.org>
This is prep for wider usage of it in this project.
Like the containers-image: storage, it is only initialized
on demand right now.
(An obvious next step is to redo things so the ostree storage is also on-demand)
- This is hardcoded to SHA512 right now...but we clearly want
a way to configure that or maybe we just really default to 512?
- We explicitly bridge between the ostree fsverity enablement
to the composefs verity enablement
- Right now the usage is just a stub but I plan to expose
more here
Signed-off-by: Colin Walters <walters@verbum.org>
When staging a new deployment, create /run/reboot-required to signal that
a reboot is needed. This file is monitored by kured (Kubernetes Reboot
Daemon) and other tools to detect when a system needs to be rebooted.
This makes it easier to integrate bootc with kured and similar tools
without requiring manual configuration or bridging.
Signed-off-by: Colin Walters <walters@verbum.org>
This is aligning with what I did in https://github.com/ostreedev/ostree/pull/3439
- What gets invoked in e.g. GHA should ideally most be `just` commands
that are easy to run locally too (with sudo in GHA, without sudo locally)
- Move the "core build" to the toplevel so that one can just `podman build`
directly too (without the Justfile) and have it do something useful
- The "always build and test in a container" helps for LLM-assisted coding
because what they can do is inherently sandboxed
Signed-off-by: Colin Walters <walters@verbum.org>
It seems the tracing crate is broken in this respect. Digging
through best practices, `anstream` is used by clap and looks sane.
We're basically just following their example.
Signed-off-by: Colin Walters <walters@verbum.org>
As we head towards factory reset work, this will be of critical
importance.
For now this only shows up in the API, not in human readable
status.
Signed-off-by: Colin Walters <walters@verbum.org>
In the test suite, pass the --acknowledge-destructive flag to `bootc
install to-existing-root` to avoid the 20 second timer.
Signed-off-by: Evan Goode <mail@evangoo.de>
