5d6dd67276
Add a new subcommand that builds a Unified Kernel Image (UKI) by computing the necessary arguments from a container image and invoking ukify. This simplifies the sealed image build workflow by having bootc internally compute: - The composefs digest (via existing compute-composefs-digest logic) - Kernel arguments from /usr/lib/bootc/kargs.d/*.toml files - Paths to kernel, initrd, and os-release Any additional arguments are passed through to ukify unchanged, allowing full control over signing, output paths, and other ukify options. The seal-uki script is updated to use this new command instead of manually computing these values and invoking ukify directly. Also adds kargs.d configuration files for the sealed UKI workflow: - 10-rootfs-rw.toml: Mount root filesystem read-write - 21-console-hvc0.toml: Console configuration for QEMU/virtio Closes: #1955 Assisted-by: OpenCode (Opus 4.5) Signed-off-by: John Eckersberg <jeckersb@redhat.com>
bootc
Transactional, in-place operating system updates using OCI/Docker container images.
Motivation
The original Docker container model of using "layers" to model applications has been extremely successful. This project aims to apply the same technique for bootable host systems - using standard OCI/Docker containers as a transport and delivery format for base operating system updates.
The container image includes a Linux kernel (in e.g. /usr/lib/modules),
which is used to boot. At runtime on a target system, the base userspace is
not itself running in a "container" by default. For example, assuming
systemd is in use, systemd acts as pid1 as usual - there's no "outer" process.
More about this in the docs; see below.
Status
The CLI and API are considered stable. We will ensure that every existing system can be upgraded in place seamlessly across any future changes.
Documentation
See the project documentation.
Versioning
Although bootc is not released to crates.io as a library, version numbers are expected to follow semantic versioning standards. This practice began with the release of version 1.2.0; versions prior may not adhere strictly to semver standards.
Adopters (base and end-user images)
The bootc CLI is just a client system; it is not tied to any particular operating system or Linux distribution. You very likely want to actually start by looking at ADOPTERS.md.
Community discussion
- Github discussion forum for async discussion
- #bootc-dev on CNCF Slack for live chat
- Recurring live meeting hosted on CNCF Zoom each Friday at 15:30 UTC.
This project is also tightly related to the previously mentioned Fedora/CentOS bootc project, and many developers monitor the relevant discussion forums there. In particular there's a Matrix channel and a weekly video call meeting for example: https://docs.fedoraproject.org/en-US/bootc/community/.
Developing bootc
Are you interested in working on bootc? Great! See our CONTRIBUTING.md guide. There is also a list of MAINTAINERS.md.
Governance
See GOVERNANCE.md for project governance details.
Badges
Code of Conduct
The bootc project is a Cloud Native Computing Foundation (CNCF) Sandbox project and adheres to the CNCF Community Code of Conduct.
The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see Trademark Usage.