Motivation is faster provisioning and easier to debug
when something goes wrong.
Also cleanup the codeql cache.
Signed-off-by: Colin Walters <walters@verbum.org>
Instead of storing the source imgref in the .origin file, we store the
target imgref
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
We were using composefs-native and composefs-backend interchangeably.
Replace all instances of `composefs-native` with `composefs-backend`
Move all composefs-backend options to a single struct so that we can
test for boolean instead of testing for Some/None for composefs-backend
options
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
- Change the install logic to detect UKIs and automatically
enable composefs
- Change the install logic to detect absence of bootupd
and default to installing systemd-boot
- Move sealing bits to the toplevel
- Add Justfile entrypoints
- Add basic end-to-end CI coverage (install + run) using
our integration tests
- Change lints to ignore `/boot/EFI`
Signed-off-by: Colin Walters <walters@verbum.org>
- Use bash strict mode more consistently
- Drop the error redirections which can mask problems as
recommended by AI
Signed-off-by: Colin Walters <walters@verbum.org>
Make builds unprivileged by default and start using bcvk in
our own CI, the same way we expect people to do so locally
now.
Signed-off-by: Colin Walters <walters@verbum.org>
We shouldn't support specifying *arbitrary* versions to try
to release, only bump the minor or patch from what's there.
This avoids any ability to mess things up.
Signed-off-by: Colin Walters <walters@verbum.org>
Move libvirt installation into a parameterized input in the
bootc-ubuntu-setup action, allowing workflows to opt-in via
`libvirt: true`. This consolidates installation logic and makes
workflows cleaner by removing duplicate package installation steps.
Assisted-by: Claude Code
Signed-off-by: Colin Walters <walters@verbum.org>
The rationale for having c9s by default was that it's
a lower bound (which is still true). But our CI covers
that; I'd rather now have the default be c10s be the default
as it will be the focus of features going forward.
Signed-off-by: Colin Walters <walters@verbum.org>
Add #[context()] attribute macro to all functions that return Result
to improve error reporting. This includes adding the fn-error-context
dependency and importing the context macro in all relevant modules.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
If the system has a swap partition (or any other volume which is not
currently mounted) the `findmnt` command will (expectedly) fail to
find it. Don't early exit in this case, instead just ignore that
volume. If it wasn't mounted in the first place, we don't need to
warn about it being unmounted after the reinstall operation is
complete.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Closes: #1659
I wanted to add a CLI option here to avoid the reboot, and
ran into the fact that our option parsing was suboptimal to
start with.
We never documented `BOOTC_REINSTALL_CONFIG` at all...I'm
kind of tempted to deprecate it.
Signed-off-by: Colin Walters <walters@verbum.org>
Ensure that if a custom policy is added in a
Containerfile, the resulting deployment has the expected
labels as well.
Assisted by Claude Code
Signed-off-by: Joseph Marrero Corchado <jmarrero@redhat.com>
Since we're running this under tmt, the "system" bootc binaries were
built from source and injected into the integration disk image. No
need to rebuild these inside of the test job itself.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
By default bootc will enable fsverity when ext4 is the chosen
filesystem, and we need fsverity to do composefs testing.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
As we progress the composefs work along this is becoming more of a
general requirement. I think it still makes sense to leave it as
optional for now, but I think for the bulk of the cases we'll want to
go ahead and build the initramfs support in.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Doing this as a distinct commit so as to not conflate future
modifications with the bulk code movement.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Add test-26-examples-build to validate that the bootc-bls and bootc-uki
example build scripts work correctly.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Update bootc examples to use the new unified bootc command interface:
- Replace cfsctl binary with bootc and use 'bootc internals cfs' subcommands
- Rename composefs-setup-root to bootc-initramfs-setup
- Update dracut module from 37composefs to 37bootc
- Remove sudo requirement from podman build commands
- Update service and module configuration files accordingly
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Use UTF8Path in BLSConfig
Use `ok_or_else` so error objects are lazily evaluated
Add tests for `get_imgref`
Update UKI path for systemd-boot to `EFI/Linux/bootc`
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
skopeo (in composefs-rs) doesn't understand the transport "registry:",
so we convert it to "docker://" when passing it to skopeo
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
Allows installing only some of the addons depending upon the list
of addons passed in as cli options.
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
