Skip to content

lib: Add --download-only flag for upgrade (ostree backend) #1831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cgwalters merged 1 commit into from
Dec 10, 2025
Merged

lib: Add --download-only flag for upgrade (ostree backend) #1831

cgwalters merged 1 commit into from
Dec 10, 2025

Conversation

@shi2wei3
Copy link
Contributor

@shi2wei3 shi2wei3 commented Dec 5, 2025
edited
Loading

Resolve #1320 for the ostree backend

Add support for downloading and staging updates without automatic application on reboot. This allows users to prepare updates and apply them at a controlled time.

User-facing changes:

  • Add --download-only flag to bootc upgrade command
  • bootc upgrade --download-only: locks staged deployment
  • bootc upgrade (no flags): unlocks locked staged deployment
  • bootc upgrade --apply: unlocks and immediately reboots
  • bootc upgrade --check: read-only, doesn't change lock state
  • bootc status --verbose: shows "Locked: yes/no" for staged deployments

Implementation details:

  • Internally uses OSTree finalization locking APIs
  • Sets opts.locked in SysrootDeployTreeOpts when staging deployments
  • Added change_finalization() method to SysrootLock wrapper
  • Handles lock state transitions for existing staged deployments
  • Field name in BootEntry is finalization_locked for clarity
  • Display name is shortened to "Locked" for user convenience
  • Uses deployment.is_finalization_locked() API (OSTree v2023.8+)

Testing and documentation:

  • Added TMT integration test (test-upgrade-download-only.nu)
  • Test verifies 3-boot workflow: lock, reboot (stays old), unlock, reboot (applies)
  • Updated docs/src/upgrades.md with comprehensive workflow examples
  • Generated man pages and JSON schemas updated

The download-only flag is only available for upgrade, not switch. The implementation is designed to support future composefs backend.

Assisted-by: Claude Code (Sonnet 4.5)

@github-actions github-actions bot added area/install Issues related to `bootc install` area/ostree Issues related to ostree area/documentation Updates to the documentation labels Dec 5, 2025
@bootc-bot bootc-bot bot requested a review from jmarrero December 5, 2025 12:54
gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 5, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a --download-only flag for the bootc upgrade command, allowing users to download and stage updates without automatic application on reboot. This is implemented using OSTree's finalization locking mechanism. The changes are comprehensive, touching the CLI, deployment logic, status reporting, and adding necessary bindings for the ostree library. Documentation, man pages, and JSON schemas have been updated accordingly, and a new integration test validates the core functionality. The implementation appears solid. My review includes a couple of suggestions to enhance the new integration test to be more explicit and robust.

@shi2wei3 shi2wei3 force-pushed the add-lock-finalization-flag branch from aff0e03 to fe7dae7 Compare December 5, 2025 15:35
cgwalters
cgwalters requested changes Dec 5, 2025
View reviewed changes
Copy link
Collaborator

@cgwalters cgwalters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! This all looks pretty good to me at a high level

@shi2wei3 shi2wei3 force-pushed the add-lock-finalization-flag branch from fe7dae7 to 84a2837 Compare December 8, 2025 13:59
@shi2wei3 shi2wei3 requested a review from cgwalters December 8, 2025 13:59
@shi2wei3 shi2wei3 force-pushed the add-lock-finalization-flag branch from 84a2837 to f9a4ba9 Compare December 8, 2025 14:53
cgwalters
cgwalters approved these changes Dec 8, 2025
View reviewed changes
@shi2wei3
lib: Add --download-only flag for upgrade
b023059 
Add support for downloading and staging updates without automatic
application on reboot. This allows users to prepare updates and apply
them at a controlled time.

User-facing changes:
- Add --download-only flag to bootc upgrade command
- bootc upgrade --download-only: stages deployment in download-only mode
- bootc upgrade (no flags): clears download-only mode if present
- bootc upgrade --apply: clears download-only mode and immediately reboots
- bootc upgrade --check: read-only, doesn't change download-only state
- bootc status shows "Download-only: yes/no" for staged deployments in verbose mode
- Garbage collection automatically cleans up unreferenced images after staging

Implementation details:
- Internally uses OSTree finalization locking APIs
- Sets opts.locked in SysrootDeployTreeOpts when staging deployments
- Added change_finalization() method to SysrootLock wrapper
- Tracks lock state changes separately from image digest changes
- Field name in BootEntry is download_only (Rust), downloadOnly (JSON)
- Verbose status display uses "Download-only" label (matches Soft-reboot pattern)
- Uses deployment.is_finalization_locked() API (OSTree v2023.8+)
- Always emits downloadOnly field in JSON output for consistency

Testing and documentation:
- New dedicated test: test-25-download-only-upgrade.nu (4-boot workflow)
- Test verifies: switch → upgrade --download-only → reboot (stays old) →
  re-stage → upgrade (clear) → reboot (applies)
- Updated docs/src/upgrades.md with comprehensive workflow examples
- Includes notes about reboot behavior and image switching
- Generated man pages and JSON schemas updated
- All test fixtures updated with downloadOnly field

The download-only flag is only available for upgrade, not switch.
The implementation is designed to support future composefs backend.

Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Wei Shi <wshi@redhat.com>
@shi2wei3 shi2wei3 force-pushed the add-lock-finalization-flag branch from f9a4ba9 to b023059 Compare December 8, 2025 15:37
@shi2wei3 shi2wei3 marked this pull request as ready for review December 8, 2025 15:37
@bootc-bot bootc-bot bot requested a review from ckyrouac December 8, 2025 15:37
@shi2wei3 shi2wei3 changed the title lib: Add --download-only flag for upgrade lib: Add --download-only flag for upgrade (ostree backend) Dec 8, 2025
@shi2wei3
Copy link
Contributor Author

shi2wei3 commented Dec 10, 2025

@cgwalters I still cannot find a good solution to integrate this upgrade-download-only test into the existing image-upgrade-reboot test, that's because image-upgrade-reboot design to work both ways (the upgrade image is pre-built and passthough via bcvk --bind-storage-ro, or the upgrade image is built locally from copy-to-storage), the existing image-upgrade-reboot test use bootc switch to simulate the bootc upgrade (I didn't find a way to switch the imgref w/o pull and stage, --mutate-in-place won't work for this case) to avoid do another newer pre-built upgrade image to facilitate the real bootc upgrade operation (I cannot find a way to build this newer upgrade image from the host after the testcase run bootc switch)
So I tend to treat the existing image-upgrade-reboot test as what it is, mainly for this pre-built mode, and the upgrade-download-only test just for local upgrade image build mode.

Let me know if anything else need to be done to get this PR merged.

cgwalters
cgwalters approved these changes Dec 10, 2025
View reviewed changes
Copy link
Collaborator

@cgwalters cgwalters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@cgwalters cgwalters merged commit c325582 into bootc-dev:main Dec 10, 2025
46 of 47 checks passed
@shi2wei3 shi2wei3 deleted the add-lock-finalization-flag branch December 10, 2025 23:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cgwalters cgwalters cgwalters approved these changes

@jmarrero jmarrero Awaiting requested review from jmarrero

@ckyrouac ckyrouac Awaiting requested review from ckyrouac

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area/documentation Updates to the documentation area/install Issues related to `bootc install` area/ostree Issues related to ostree

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

download without applying (finalization locking)

2 participants

@shi2wei3 @cgwalters