Suggested by Gemini
Accept a param `boot_dir`, fd to the boot directory, in function
`rollback_grub_uki_entries`.
Removes hardcoded paths and makes the code a tiny bit cleaner.
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
This fleshes out what we had with a more rigorous
binding to the spec.
As part of this though, the ESP constant we had here was uppercase,
but the spec version uses lowercase. Add APIs to find a partition
by type, comparing case insensitively.
Assisted-by: Claude Code
Signed-off-by: Colin Walters <walters@verbum.org>
This more closely aligns with how kernel-uki-virt is signed today, and
eliminates the requirement to use Fedora for the UKI toolchain.
Subsequently, this also switches the UKI toolchain to use c10s.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
This suddenly started in our RPM (COPR/mock) builds, my suspicion
is that seccomp got turned on inadvertently, but let's
add some error context here on general principle.
```
thread 'boundimage::tests::test_parse_spec_dir' panicked at crates/lib/src/boundimage.rs:290:49:
called `Result::unwrap()` on an `Err` value: Querying bound images
Caused by:
Function not implemented (os error 38)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```
Signed-off-by: Colin Walters <walters@verbum.org>
Claude pointed this out while I was working on something else
completely unrelated. But it looks like somewhere along the way
114800 snuck its way in and probably got copy/pasted into a few
places. The maximum baud rate is 115200[1], and that is the more
typical usage.
[1] https://www.kernel.org/doc/html/latest/admin-guide/serial-console.html
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
This avoids warnings from `bootctl install` for good reasons.
Visible from `bootc install` using systemd-boot.
Signed-off-by: Colin Walters <walters@verbum.org>
Motivation is faster provisioning and easier to debug
when something goes wrong.
Also cleanup the codeql cache.
Signed-off-by: Colin Walters <walters@verbum.org>
Instead of storing the source imgref in the .origin file, we store the
target imgref
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
We were using composefs-native and composefs-backend interchangeably.
Replace all instances of `composefs-native` with `composefs-backend`
Move all composefs-backend options to a single struct so that we can
test for boolean instead of testing for Some/None for composefs-backend
options
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Signed-off-by: Colin Walters <walters@verbum.org>
- Change the install logic to detect UKIs and automatically
enable composefs
- Change the install logic to detect absence of bootupd
and default to installing systemd-boot
- Move sealing bits to the toplevel
- Add Justfile entrypoints
- Add basic end-to-end CI coverage (install + run) using
our integration tests
- Change lints to ignore `/boot/EFI`
Signed-off-by: Colin Walters <walters@verbum.org>
- Use bash strict mode more consistently
- Drop the error redirections which can mask problems as
recommended by AI
Signed-off-by: Colin Walters <walters@verbum.org>
Make builds unprivileged by default and start using bcvk in
our own CI, the same way we expect people to do so locally
now.
Signed-off-by: Colin Walters <walters@verbum.org>
We shouldn't support specifying *arbitrary* versions to try
to release, only bump the minor or patch from what's there.
This avoids any ability to mess things up.
Signed-off-by: Colin Walters <walters@verbum.org>
Move libvirt installation into a parameterized input in the
bootc-ubuntu-setup action, allowing workflows to opt-in via
`libvirt: true`. This consolidates installation logic and makes
workflows cleaner by removing duplicate package installation steps.
Assisted-by: Claude Code
Signed-off-by: Colin Walters <walters@verbum.org>
The rationale for having c9s by default was that it's
a lower bound (which is still true). But our CI covers
that; I'd rather now have the default be c10s be the default
as it will be the focus of features going forward.
Signed-off-by: Colin Walters <walters@verbum.org>
Add #[context()] attribute macro to all functions that return Result
to improve error reporting. This includes adding the fn-error-context
dependency and importing the context macro in all relevant modules.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
If the system has a swap partition (or any other volume which is not
currently mounted) the `findmnt` command will (expectedly) fail to
find it. Don't early exit in this case, instead just ignore that
volume. If it wasn't mounted in the first place, we don't need to
warn about it being unmounted after the reinstall operation is
complete.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Closes: #1659
I wanted to add a CLI option here to avoid the reboot, and
ran into the fact that our option parsing was suboptimal to
start with.
We never documented `BOOTC_REINSTALL_CONFIG` at all...I'm
kind of tempted to deprecate it.
Signed-off-by: Colin Walters <walters@verbum.org>
Ensure that if a custom policy is added in a
Containerfile, the resulting deployment has the expected
labels as well.
Assisted by Claude Code
Signed-off-by: Joseph Marrero Corchado <jmarrero@redhat.com>
