Key off the ostree prepare-root config to require fsverity
on all objects.
As part of this:
- Add a dependency on composefs-rs just for the fsverity querying
APIs, and as prep for further integration.
- Add `bootc internals fsck`, which verifies the expected
fsverity state.
Signed-off-by: Colin Walters <walters@verbum.org>
This would be a nice thing to try to standardize, but let's just
keep track of this and use it in our CI install flow too. This
helps us be cross distribution a bit more.
Signed-off-by: Colin Walters <walters@verbum.org>
I think this got broken in a refactoring; add
test coverage. In general all the heavy
lifting should move out of `baseline.rs`; a
good way to do that is probably to take the
next step of making it its own crate that
doesn't depend on the bootc core logic perhaps.
Closes: https://github.com/containers/bootc/issues/570
Signed-off-by: Colin Walters <walters@verbum.org>
Previous work started moving our tests into an external binary;
this is just cleaner because it can test things how a user
would test. Also, we started using `libtest-mimic` to
have a "real" test scaffolding that e.g. allows selecting
individual tests to run, etc.
Complete the picture here by moving the remaining bits into
the tests-integration binary. We now run the `tests-integration`
binary in two ways in e.g. Github Actions:
- It's compiled directly on the Ubuntu runner, and orchestrates
things itself
- It's built in our default container image (Fedora) but as an external
`/usr/bin/bootc-integration-tests` binary
Also while we're here, drop the kola tests.
Signed-off-by: Colin Walters <walters@verbum.org>
We know we eventually want "day 2" management of kargs, but
supporting "install time" kargs in a somewhat container-native
way will let us more properly set up things like the `console=`
karg only for cloud images for example.
Signed-off-by: Colin Walters <walters@verbum.org>
This test will
- build a container image derived from FCOS, injecting bootc-under-test
into it
- Schedule a separate container derived from coreos-assembler
which has a reference to that container injected via
https://docs.ci.openshift.org/docs/architecture/ci-operator/#referring-to-images-in-tests
- Run the stable FCOS base image via kola (qemu), injecting the target oscontainer
- Execute a basic test that just verifies `status --json` today
However, in the future we can change the build system to generate
multiple container images, and test upgrades, rollbacks, etc.
Signed-off-by: Colin Walters <walters@verbum.org>
