examples: Add bootc UKI & BLS examples #1533
Conversation
Signed-off-by: Pragyan Poudyal <[email protected]> Signed-off-by: Colin Walters <[email protected]>
Signed-off-by: Colin Walters <[email protected]>
Parse the Grub menuentry file, `boot/grub2/user.cfg` to get a list of bootable UKIs and figure out if a rollback is currently queued. Signed-off-by: Johan-Liebert1 <[email protected]>
Returning a local reference to a `&str` is quite tricky with rust. Update `title` and `chainloader`, the two dynamic fields in the grub menuentry, to be `String` instead of `&str` Signed-off-by: Johan-Liebert1 <[email protected]>
We parse the grub menuentries, get the rollback deployment then perform the rollback, which basically consists of writing a new .staged menuentry file then atomically swapping the staged and the current menuentry. Rollback while there is a staged deployment is still to be handled. Signed-off-by: Johan-Liebert1 <[email protected]>
…iles Signed-off-by: Johan-Liebert1 <[email protected]>
If two deployments have the same VMLinuz + Initrd then, we can use the same binaries for both the deployments. Before writing the BLS entries to disk we calculate the SHA256Sum of VMLinuz + Initrd combo, then test if any other deployment has the same SHA256Sum for the binaries. Store the hash in the origin file under `boot -> hash` for future lookups. Signed-off-by: Johan-Liebert1 <[email protected]>
Signed-off-by: Johan-Liebert1 <[email protected]>
Centralize all constants in a separate file Signed-off-by: Johan-Liebert1 <[email protected]>
Instead of `/sysroot/state/os/fedora` use `/sysroot/state/os/default` as the default state directory. Signed-off-by: Johan-Liebert1 <[email protected]>
Signed-off-by: Johan-Liebert1 <[email protected]>
Instaed of writing all present menuentries, only write the menuentry for switch/upgrade and the menuentry for the currently booted deployment. Signed-off-by: Johan-Liebert1 <[email protected]>
Signed-off-by: Johan-Liebert1 <[email protected]>
This allows for easier testing Signed-off-by: Pragyan Poudyal <[email protected]>
Add tests for functions `get_sorted_bls_boot_entries` and `get_sorted_uki_boot_entries` Signed-off-by: Pragyan Poudyal <[email protected]>
Just reducing code here.
Signed-off-by: Timothée Ravier <[email protected]>
Signed-off-by: Timothée Ravier <[email protected]>
Signed-off-by: Timothée Ravier <[email protected]>
|
|
||
| cargo build --release --features=pre-6.15 --bin cfsctl --bin composefs-setup-root | ||
|
|
||
| cp ../../target/release/cfsctl . |
There was a problem hiding this comment.
Should use bootc internals cfs instead
| cargo build --release --features=pre-6.15 --bin cfsctl --bin composefs-setup-root | ||
|
|
||
| cp ../../target/release/cfsctl . | ||
| cp ../../target/release/composefs-setup-root extra/usr/lib/dracut/modules.d/37composefs/ |
There was a problem hiding this comment.
Hmm, what to do about this? Fold it into bootc internals as well? We had discussion recently re: binary size but I can't find it offhand...
There was a problem hiding this comment.
oh right this is #1500
There was a problem hiding this comment.
Yes I commented on that in https://github.com/containers/composefs-rs/pull/143/files#r2269645005
| sudo podman build \ | ||
| -t quay.io/fedora/fedora-bootc-bls:42 \ | ||
| -f Containerfile \ | ||
| --iidfile=tmp/iid \ |
There was a problem hiding this comment.
This command seems to be cut off. Missing a .
examples/bootc-bls/Containerfile
Outdated
There was a problem hiding this comment.
Would it be possible to start with a quay.io/fedora/fedora image? Or can we remove the ostree "bits" from the image within the Containerfile so we're certain it's not being relied on (e.g. /ostree)?
Or maybe longer term, there will be a separate Fedora image dedicated for bootc with cfs?
There was a problem hiding this comment.
Dropping /ostree is tracked at https://gitlab.com/fedora/bootc/base-images/-/issues/58
That said though note today the https://docs.fedoraproject.org/en-US/bootc/building-from-scratch/ already produces images without it, but that flow has the downside of producing a single large layer, which leads to coreos/rpm-ostree#5383
|
Instead of two containerfiles, we can have a two stage build in a single Containerfile; similar to what the UKI build examples in |
| mkdir -p tmp/efi | ||
| ./cfsctl --repo tmp/sysroot/composefs oci pull containers-storage:"${IMAGE_ID}" | ||
| ./cfsctl --repo tmp/sysroot/composefs oci compute-id --bootable "${IMAGE_ID}" | ||
| ./cfsctl --repo tmp/sysroot/composefs oci prepare-boot "${IMAGE_ID}" --bootdir tmp/efi |
There was a problem hiding this comment.
These use IMAGE_ID from above but (if I'm following correctly) we should re-compute IMAGE_ID based on tmp/iid2 above and use that instead?
There was a problem hiding this comment.
The verity for both iid1 and iid2 should be identical, as they both (essentially) have the same contents. The only difference is that in the second step, we build the UKI and put it inside /boot which is ignored by composefs-rs while creating the EROFS image.
Actually, building the UKI might introduce some artifacts which we do not want to take into account
jeckersb
force-pushed
the
composefs-backend
branch
from
54e254c to
f10ec34
Compare
Johan-Liebert1
force-pushed
the
composefs-backend
branch
2 times, most recently
from
67c4e8d to
b45ef30
Compare
This is a 1-for-1 copy of https://github.com/containers/composefs-rs/pull/143/files, re: #1498 (comment) I'm posting this here as a draft so we have somewhere to add public comments so we can discuss where this needs to change.