And add a single test which verifies that our internal `reboot`
code actually does what it should (via systemd-run etc.)
This took me way, way too long to do...there were so many missteps
and confusion. First of all, I kept trying to use `systemd.extra-unit`
from https://www.freedesktop.org/software/systemd/man/latest/systemd-debug-generator.html#
but that doesn't exist in stream9.
I spent way too long trying to debug the fact that switching from
`podman run <image> /sbin/init` to `podman run <image> /bin/sh -c '<stuff> && exec /sbin/init`
fails because in the latter case podman's auto-detection fails and
we need to explicitly say `--systemd=always`. In retrospect obvious...but oh well.
On the positive side, I think with some cleanup we could extend this model
and generalize it for "test running in a container with systemd" (with
a lot of cleanup really)
Signed-off-by: Colin Walters <walters@verbum.org>
I've come to the conclusion that Task isn't buying us much value
over Command.
I'd like to eventually drop it. This is just getting the ball
rolling.
Signed-off-by: Colin Walters <walters@verbum.org>
This moves all of the code related to handling decompression out of
container/unencapsulate.rs and into a new module `generic_decompress`.
The only exposed API is via the existing (relocated) `Decompressor`
type.
Internal to `generic_decompress` this adds a new trait
`ReadWithGetInnerMut`, which allows access to the original, inner,
un-decompressed stream. This is used when finishing the decompressor,
whether explicitly through calling its `finish()` method, or
implicitly by dropping it.
For things like GzDecoder, we don't want to read via the actual
decompression reader because we don't care about decompressing at this
point. Plus, the inner reader may have encountered an error partway
through, and trying to decode via decompression will error with
UnexpectedEof.
Instead, wrap a reader for each content type which implements
`ReadWithGetInnerMut`. When we finish decompressing, use the trait
method `get_inner_mut()` to read directly from inner stream to flush
any data.
Resolves: #1407
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
This is something that I've wanted many times. There's no easy way from
e.g. bash to convert an image ref into the escaped OSTree ref and so
it's always awkward to be able to tell what ref/commit was pulled down.
Let's just match podman here and add a `--digestfile` switch for this.
Filtered files are only determined at the time we import a layer.
So if that layer is already imported, we won't have that information
available. That in turn means that the metadata is state-dependent,
which in turn means that the commit digest is not reproducible.
We still want to provide the filtered files warning though. Just make
this information part of the LayeredImageState object instead. The
obvious downside of that is that now we only get that warning the first
time the layer is imported and it's no longer part of the commit object
itself.
One way to make this more sticky is to attach it to the individual
layers' commits instead, and then the merge commit can coalesce them.
Related: https://github.com/bootc-dev/bootc/issues/1346
`HashMap` is unordered which means that the conversion to GVariant
(and thus its serialization) is not reproducible since the conversion
basically just maps to an GVariant array. That in turns means the commit
hash itself is not reproducible.
All we really need to do is just swap it for a `BTreeMap` since all the
types involved here implement ordering.
When we do a reboot it is triggered inside the bootc namespace.
As we implement support for soft-reboots we need to make sure
that systemd has a view into the mounted /run/nextroot
to be able to act on doing a soft-reboot or a reboot.
By using systemd-run we avoid the limited view in the current
namespace.
Signed-off-by: Joseph Marrero Corchado <jmarrero@redhat.com>
- Note the existence of `/run` here
- Describe how to use `podman login --authfile` to write it
- Also describe the pattern of symlinking to keep things in sync
where desired
Signed-off-by: Colin Walters <walters@verbum.org>
This version is unused. At one time I accidentally bumped it
and then kept doing so occasionally. Fixate it so that doesn't
happen again.
The canonical version is in lib/Cargo.toml.
This introduces a GitHub workflow to periodically run `cargo xtask
update-generated` in order to keep the docs up-to-date with the
latest changes. It will create a PR if changes are detected.
Signed-off-by: Micah Abbott <miabbott@redhat.com>
Change the Repository::mount() API to return the mounted filesystem as
an fd rather than taking the mountpoint as an argument. Create a new
mount_at() API to replace the old one, replacing the canicalize() and
mount_at() calls that used to be in mount_composefs_at(), which we
remove.
Update the various users.
Making this change lets us simplify the logic in composefs-setup-root:
it no longer has to manually open the image in order to perform the
fsmount operation: it can use the new API on the repository.
This allows us to make Repository::open_image() private, so do that too.
Co-authored-by: Sanne Raymaekers <sanne.raymaekers@gmail.com>
Signed-off-by: Allison Karlitskaya <allison.karlitskaya@redhat.com>
Replace all serde_json::to_{string,vec,writer} with
equivalent canon_json::CanonJsonSerialize to make the
output stable / reproducible.
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
