Bump our composefs-rs version and adjust to the API changes there.
Also, add "BSL-1.0" (Boost Software Licence, OSI/FSF approved) to our
allowed licence lists: it's used by xxhash-rust.
Signed-off-by: Allison Karlitskaya <allison.karlitskaya@redhat.com>
This modifies the existing check for an extant stateroot dir to check if
the pending stateroot is the same as the booted deployment. Also only
run init_osname if there is not an existing stateroot dir.
fixes #1246
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
Prior to this, get_ensure_imgstore would fail when run from a non-bootc
system. Instead, in an attempt to make this function idempotent, let's
fallback to the container root sepolicy instead of failing. This should
only happen when running cleanup() during a to-existing install (i.e.
there is not yet a bootc system).
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
This deprecates skip-fetch-check in favor of the inverse,
run-fetch-check. Updates docs and tests to reflect the change.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
Right now the `utf8` lint does a tree walk. I want
to add more, but it'd be good to avoid walking
the whole filesystem multiple times.
In paticular I wanted to add a check for `ostree.usermeta`
should never be present.
Signed-off-by: Colin Walters <walters@verbum.org>
In preparation for reading the image size of the pulled image from it's
digest, this splits out the prepare logic into a separate function. This
will allow callers to call prepare(), run some logic based on the digest
values, then optionally pull the image.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
We have a few code paths which are doing a recursive filesystem
walk and it's much easier with an API like this, especially
when one wants to keep track of the full relative path.
Signed-off-by: Colin Walters <walters@verbum.org>
No major changes required; we get to drop one `unsafe` call
which is nice!
Looks like the ecosystem overall will need a fair bit of porting
before we can drop the 0.38 version though.
Signed-off-by: Colin Walters <walters@verbum.org>
The argument here is twofold:
- We used to show it with ostree refs because ostree doesn't have manifest lists,
and people may have gotten used to seeing it in e.g. bug reports
- Highlight that the digest of the image is always
the digest of the per-arch image; we currently peel and discard manifest
lists, which may not be obvious.
Closes: https://github.com/bootc-dev/bootc/issues/1238
Signed-off-by: Colin Walters <walters@verbum.org>
Got a report over private chat of
```
ERROR Installing to filesystem: Removing boot directory content: Removing entries (noxdev): Removing entries (noxdev): Removing entries (noxdev): Read-only file system (os error 30)
```
That's ugly, we don't want a context per recursive directory entry.
Only add a context at the toplevel invokers.
Signed-off-by: Colin Walters <walters@verbum.org>
The previous work here wasn't quite right in a few ways.
Our LSM/SELinux code is a bit complex and under-tested.
Here we:
First, refactor some of the labeling bits so we have a clean
"relabel this file" API.
For the bootc-owned containers-storage we don't want
"recursive create dir and relabel" in the general case - we
need to handle upgrades, where there are definitely
non-directories too.
Hence rework the API to just be a clean recursive
relabeling pass, don't attempt to create anything
on our own.
The install path hence changes to let podman create
the dirs first, then we relabel.
While we're here:
- Rework the recursive traversal to operate on shared
single `&mut` path buffers to avoid a heap alloc per directory.
- Add a `bootc internals relabel` CLI verb that
makes it easy to test this code both interactively
and in integration testing.
- Add a test case
Closes: https://github.com/bootc-dev/bootc/issues/1219
Signed-off-by: Colin Walters <walters@verbum.org>
The existing code didn't take into account the --booted options, so always
showed the staged, current and rollback deployments. This correctly
wires through the --booted option to only show that deployment.
Stubs have been left in the code should we wish to enable options to show
only the rollback or staged options (--rollback / --staged).
No docs changes were required since the flag is already present.
Closes #465
Signed-off-by: Robert Sturla <robertsturla@outlook.com>
This will depend on https://github.com/coreos/bootupd/pull/839
And cleans up our bootloader code; move the bootloader
partition definitions back to `install/baseline`. Conceptually
now it's just the `to-disk` flow and bootupd that
know about bootloader partition GUIDs which is how I think
it should be - the bootc core is agnostic to bootloaders.
Signed-off-by: Colin Walters <walters@verbum.org>
Running some containers (e.g. mssql) requires the imgstorage labels to
be identical to the /var/lib/containers/storage. So, this code
recursively sets the labels for the bootc storage directory to mimic
/var/lib/containers/storage. This operation is done once, then a
.bootc_labeled file is created to signify the directory was labeled.
This operation could be done anytime the storage is
accessed, i.e. on installation, upgrade, or running a `bootc image`
command.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
Key off the ostree prepare-root config to require fsverity
on all objects.
As part of this:
- Add a dependency on composefs-rs just for the fsverity querying
APIs, and as prep for further integration.
- Add `bootc internals fsck`, which verifies the expected
fsverity state.
Signed-off-by: Colin Walters <walters@verbum.org>
Adds an --apply flag to the `bootc rollback` command to implement
automated restarts.
Have confirmed this works by building the bootc binary and running
`bootc rollback --apply` on my host. This restarted the machine
into the new (rollback) image.
Closes #1029
Signed-off-by: Robert Sturla <robertsturla@outlook.com>
Saw in the wild that someone accidentally did an
`rm -rf /var`, and that only fails pretty late in the process.
Add a lint that hard requires the "API filesystem" directory
mount points, plus `/var` - that one is a requirement for
ostree right now.
Signed-off-by: Colin Walters <walters@verbum.org>
On ostree systems, the boot directory already has our desired format, we
should only remove the bootupd-state.json file to avoid bootupctl
complaining about it already existing.
The motivation is that this will preserve the boot entry for the
original deployment, allowing the user to boot into it if they want to.
This also makes sure `ostree admin status` continues working - since if
we're in a booted ostree system but `ostree` can't find its physically
(through boot entries) it complains.
Split this out of the fsverity PR.
We obviously want a `fsck` command. This starts by doing
just two checks:
- A verification of `etc/resolv.conf`; this tests
98995f662b
- Just run `ostree fsck`
But obvious things we should be adding here are:
- Verifying kargs
- Verifying LBIs
etc.
Signed-off-by: Colin Walters <walters@verbum.org>
This is just irrelevant noise; nanoseconds never matter for container
builds. Motivated by just making this look visually nicer.
In the future I'd like to look at rendering this how e.g. systemd
does it also including a "; 1 day ago" humantime suffix.
Signed-off-by: Colin Walters <walters@verbum.org>
Basically I want to get Anaconda to run this, then we
can perform arbitrary fixups on whatever it did
between the install and reboot without changing Anaconda's
code.
This also applies to user `%post` scripts for example;
maybe those break the bootloader entries in /boot;
we have the opportunity to catch such things here.
Or we may choose to start forcibly relabeling the target
`/etc`.
Signed-off-by: Colin Walters <walters@verbum.org>
We have two patterns to initialize a lint:
- Bare struct init
- A helper function
This changes to just one path: A helper function, plus setters
for the optional fields.
Prep for adding a new lint option, which would otherwise
require changes to everything using the bare struct init.
Signed-off-by: Colin Walters <walters@verbum.org>
std::env::set_var is unsafe in 2024 edition, and upon looking into
that this use in the kargs test came up. We don't need to set the
environment variable here, in fact I don't think this ever worked in
the first place.
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
This is not exhaustive yet, but catches things that invoke
`useradd` (whether a dpkg/rpm `%post` or just a plain `RUN useradd` in a container)
that don't have a sysusers.d entry.
Signed-off-by: Colin Walters <walters@verbum.org>
