From bce962f583292456c9073e3595183870f1f077aa Mon Sep 17 00:00:00 2001 From: Omer Tuchfeld Date: Tue, 10 Dec 2024 21:13:52 +0100 Subject: [PATCH 1/4] donotmerge: IBX changes Some (trash, temporary) changes I had to perform on bootc to get IBX to work - `./Containerfile` builds a bootable image from an existing normal IBX seed - `./build_seed.sh` is just a helper script To install on recipient ``` sudo podman run --privileged -v $PWD/authkeys:/authkeys --env RUST_LOG=trace -v /var/tmp:/var/tmp -v /var/lib/containers/storage:/var/lib/containers/storage --pid=host -it quay.io/otuchfel/bootc:seed bootc install to-existing-root --acknowledge-destructive --stateroot omeroot --root-ssh-authorized-keys /authkeys --bound-images pull ``` This PR only exists to start discussions around concrete issues, it's not meant to be merged. --- .dockerignore | 2 ++ Containerfile | 25 +++++++++++++++++++++++++ Makefile | 4 ++-- build_seed.sh | 9 +++++++++ hack/Containerfile | 6 +++--- lib/src/install.rs | 4 ++-- 6 files changed, 43 insertions(+), 7 deletions(-) create mode 100644 Containerfile create mode 100755 build_seed.sh diff --git a/.dockerignore b/.dockerignore index 697adc052..4c029068b 100644 --- a/.dockerignore +++ b/.dockerignore @@ -4,3 +4,5 @@ target # These directories don't contribute to our container build docs/ plans/ +Containerfile +build_seed.sh diff --git a/Containerfile b/Containerfile new file mode 100644 index 000000000..ef75123a5 --- /dev/null +++ b/Containerfile @@ -0,0 +1,25 @@ +FROM quay.io/centos/centos:stream9 as build +COPY hack/build.sh /build.sh +RUN /build.sh && rm -v /build.sh +COPY . /build +WORKDIR /build +RUN mkdir -p /build/target/dev-rootfs # This can hold arbitrary extra content +# See https://www.reddit.com/r/rust/comments/126xeyx/exploring_the_problem_of_faster_cargo_docker/ +# We aren't using the full recommendations there, just the simple bits. +RUN --mount=type=cache,target=/build/target --mount=type=cache,target=/var/roothome make test-bin-archive && mkdir -p /out && cp target/bootc.tar /out +RUN mkdir -p /build/target/dev-rootfs # This can hold arbitrary extra content + +FROM quay.io/otuchfel/ostbackup:serv1 as seed + +# ____________________________________________________________________________ + +FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b1124faf4b73753b4679085604dd8cb810c4a7a2e659978f5c80183bb165f94 + +LABEL com.openshift.lifecycle-agent.seed_format_version=3 + +RUN mkdir -p /usr/lib/bootc/install + +COPY --from=seed --exclude=ostree.tgz / /var/tmp/seed + +COPY --from=build /out/bootc.tar /tmp +RUN tar -C / -xvf /tmp/bootc.tar && rm -vrf /tmp/* diff --git a/Makefile b/Makefile index 8d515eb89..a87d46b20 100644 --- a/Makefile +++ b/Makefile @@ -51,10 +51,10 @@ install-all: install install-ostree-hooks install -D -m 0755 target/release/tests-integration $(DESTDIR)$(prefix)/bin/bootc-integration-tests bin-archive: all - $(MAKE) install DESTDIR=tmp-install && $(TAR_REPRODUCIBLE) --zstd -C tmp-install -cf target/bootc.tar.zst . && rm tmp-install -rf + $(MAKE) install DESTDIR=tmp-install && $(TAR_REPRODUCIBLE) -C tmp-install -cf target/bootc.tar . && rm tmp-install -rf test-bin-archive: all - $(MAKE) install-all DESTDIR=tmp-install && $(TAR_REPRODUCIBLE) --zstd -C tmp-install -cf target/bootc.tar.zst . && rm tmp-install -rf + $(MAKE) install-all DESTDIR=tmp-install && $(TAR_REPRODUCIBLE) -C tmp-install -cf target/bootc.tar . && rm tmp-install -rf test-tmt: cargo xtask test-tmt diff --git a/build_seed.sh b/build_seed.sh new file mode 100755 index 000000000..4f113a9f4 --- /dev/null +++ b/build_seed.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +SCRIPT_DIR=$(dirname $0) + +cd $SCRIPT_DIR + +podman build -t bootcseed -f Containerfile . +podman tag bootcseed:latest quay.io/otuchfel/bootc:seed +podman push quay.io/otuchfel/bootc:seed diff --git a/hack/Containerfile b/hack/Containerfile index 41eea1dad..e23d90651 100644 --- a/hack/Containerfile +++ b/hack/Containerfile @@ -17,7 +17,7 @@ WORKDIR /build RUN mkdir -p /build/target/dev-rootfs # This can hold arbitrary extra content # See https://www.reddit.com/r/rust/comments/126xeyx/exploring_the_problem_of_faster_cargo_docker/ # We aren't using the full recommendations there, just the simple bits. -RUN --mount=type=cache,target=/build/target --mount=type=cache,target=/var/roothome make test-bin-archive && mkdir -p /out && cp target/bootc.tar.zst /out +RUN --mount=type=cache,target=/build/target --mount=type=cache,target=/var/roothome make test-bin-archive && mkdir -p /out && cp target/bootc.tar /out FROM $base # We support e.g. adding cloud-init @@ -29,8 +29,8 @@ COPY hack/install-test-configs/* /usr/lib/bootc/install/ # And some test kargs COPY hack/test-kargs /usr/lib/bootc/kargs.d/ # Inject our built code -COPY --from=build /out/bootc.tar.zst /tmp -RUN tar -C / --zstd -xvf /tmp/bootc.tar.zst && rm -vrf /tmp/* +COPY --from=build /out/bootc.tar /tmp +RUN tar -C / -xvf /tmp/bootc.tar && rm -vrf /tmp/* # Also copy over arbitrary bits from the target root COPY --from=build /build/target/dev-rootfs/ / # Test our own linting diff --git a/lib/src/install.rs b/lib/src/install.rs index 5004bd72d..c3a615384 100644 --- a/lib/src/install.rs +++ b/lib/src/install.rs @@ -1112,8 +1112,8 @@ fn ensure_var() -> Result<()> { /// will traverse the link. #[context("Linking tmp mounts to host")] pub(crate) fn setup_tmp_mounts() -> Result<()> { - let st = rustix::fs::statfs("/tmp")?; - if st.f_type == libc::TMPFS_MAGIC { + let slash_tmp_statfs = rustix::fs::statfs("/tmp")?; + if slash_tmp_statfs.f_type == libc::TMPFS_MAGIC { tracing::trace!("Already have tmpfs /tmp") } else { // Note we explicitly also don't want a "nosuid" tmp, because that From 01030403e85a15f59dfa6d2633eefd6dba618d08 Mon Sep 17 00:00:00 2001 From: Omer Tuchfeld Date: Fri, 24 Jan 2025 16:36:32 +0100 Subject: [PATCH 2/4] Change seed location --- Containerfile | 11 ++++++++--- build_seed.sh | 6 ++++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Containerfile b/Containerfile index ef75123a5..5b41e8cc0 100644 --- a/Containerfile +++ b/Containerfile @@ -1,5 +1,6 @@ FROM quay.io/centos/centos:stream9 as build COPY hack/build.sh /build.sh +COPY ./contrib/packaging/bootc.spec ./contrib/packaging/bootc.spec RUN /build.sh && rm -v /build.sh COPY . /build WORKDIR /build @@ -9,17 +10,21 @@ RUN mkdir -p /build/target/dev-rootfs # This can hold arbitrary extra content RUN --mount=type=cache,target=/build/target --mount=type=cache,target=/var/roothome make test-bin-archive && mkdir -p /out && cp target/bootc.tar /out RUN mkdir -p /build/target/dev-rootfs # This can hold arbitrary extra content -FROM quay.io/otuchfel/ostbackup:serv1 as seed +FROM quay.io/otuchfel/bootc:seed2 as seed # ____________________________________________________________________________ FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b1124faf4b73753b4679085604dd8cb810c4a7a2e659978f5c80183bb165f94 -LABEL com.openshift.lifecycle-agent.seed_format_version=3 +LABEL com.openshift.lifecycle-agent.seed_format_version=4 RUN mkdir -p /usr/lib/bootc/install -COPY --from=seed --exclude=ostree.tgz / /var/tmp/seed +COPY --from=seed --exclude=ostree.tgz / /usr/lib/openshift/seed COPY --from=build /out/bootc.tar /tmp + +COPY baseimage/base/usr/lib/ostree/prepare-root.conf /usr/lib/ostree/prepare-root.conf + RUN tar -C / -xvf /tmp/bootc.tar && rm -vrf /tmp/* +RUN sed -i '/PermitRootLogin no/d' /etc/ssh/sshd_config.d/40-rhcos-defaults.conf diff --git a/build_seed.sh b/build_seed.sh index 4f113a9f4..07cac81a6 100755 --- a/build_seed.sh +++ b/build_seed.sh @@ -2,8 +2,10 @@ SCRIPT_DIR=$(dirname $0) +set -euxo pipefail + cd $SCRIPT_DIR podman build -t bootcseed -f Containerfile . -podman tag bootcseed:latest quay.io/otuchfel/bootc:seed -podman push quay.io/otuchfel/bootc:seed +podman tag bootcseed:latest quay.io/otuchfel/bootc:seed5 +podman push quay.io/otuchfel/bootc:seed5 From 8ae8b1e903c3140021431eb5aee9998e0f1ed376 Mon Sep 17 00:00:00 2001 From: Omer Tuchfeld Date: Mon, 10 Mar 2025 02:27:21 +0100 Subject: [PATCH 3/4] /target --- build_seed.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build_seed.sh b/build_seed.sh index 07cac81a6..ba94301e8 100755 --- a/build_seed.sh +++ b/build_seed.sh @@ -7,5 +7,5 @@ set -euxo pipefail cd $SCRIPT_DIR podman build -t bootcseed -f Containerfile . -podman tag bootcseed:latest quay.io/otuchfel/bootc:seed5 -podman push quay.io/otuchfel/bootc:seed5 +podman tag bootcseed:latest quay.io/otuchfel/bootc:seed6 +podman push quay.io/otuchfel/bootc:seed6 From dab7b361302fde53fdd06894464924a6ce7d72ed Mon Sep 17 00:00:00 2001 From: Omer Tuchfeld Date: Thu, 17 Apr 2025 09:36:24 +0200 Subject: [PATCH 4/4] ocpver --- Containerfile | 5 +++-- build_seed.sh | 4 ++-- lib/src/install.rs | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Containerfile b/Containerfile index 5b41e8cc0..17028971e 100644 --- a/Containerfile +++ b/Containerfile @@ -10,11 +10,12 @@ RUN mkdir -p /build/target/dev-rootfs # This can hold arbitrary extra content RUN --mount=type=cache,target=/build/target --mount=type=cache,target=/var/roothome make test-bin-archive && mkdir -p /out && cp target/bootc.tar /out RUN mkdir -p /build/target/dev-rootfs # This can hold arbitrary extra content -FROM quay.io/otuchfel/bootc:seed2 as seed +FROM quay.io/otuchfel/bootc:seed30 as seed # ____________________________________________________________________________ -FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b1124faf4b73753b4679085604dd8cb810c4a7a2e659978f5c80183bb165f94 +FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:66b5f9d8f1af5acee783db84a25c08338252ff9c276d33e391680168a22f42ee + LABEL com.openshift.lifecycle-agent.seed_format_version=4 diff --git a/build_seed.sh b/build_seed.sh index ba94301e8..9ee46684a 100755 --- a/build_seed.sh +++ b/build_seed.sh @@ -7,5 +7,5 @@ set -euxo pipefail cd $SCRIPT_DIR podman build -t bootcseed -f Containerfile . -podman tag bootcseed:latest quay.io/otuchfel/bootc:seed6 -podman push quay.io/otuchfel/bootc:seed6 +podman tag bootcseed:latest quay.io/otuchfel/bootc:seed61 +podman push quay.io/otuchfel/bootc:seed61 diff --git a/lib/src/install.rs b/lib/src/install.rs index c3a615384..5004bd72d 100644 --- a/lib/src/install.rs +++ b/lib/src/install.rs @@ -1112,8 +1112,8 @@ fn ensure_var() -> Result<()> { /// will traverse the link. #[context("Linking tmp mounts to host")] pub(crate) fn setup_tmp_mounts() -> Result<()> { - let slash_tmp_statfs = rustix::fs::statfs("/tmp")?; - if slash_tmp_statfs.f_type == libc::TMPFS_MAGIC { + let st = rustix::fs::statfs("/tmp")?; + if st.f_type == libc::TMPFS_MAGIC { tracing::trace!("Already have tmpfs /tmp") } else { // Note we explicitly also don't want a "nosuid" tmp, because that