container lint: check for bubblewrap (bwrap) install-time dependency

[andrewdunndev]

Summary

bootc container lint does not check for install-time dependencies that are required for bootc install to succeed. Specifically, bubblewrap (bwrap) is required by the bootloader installation path (install_via_bootupd in bootloader.rs) when using --src-imgref, but the linter does not flag its absence.

This means you can build an image, run bootc container lint with no warnings, and then have bootc install to-filesystem fail at bootloader installation because bwrap is missing.

The dependency

install_via_bootupd uses BwrapCmd (crates/utils/src/bwrap.rs) to run bootupctl inside the deployed rootfs when deployment_path is set (the --src-imgref path). bwrap is used as a chroot with automatic API filesystem mounting (/proc, /dev, /sys, /run).

bubblewrap is normally pulled in as a transitive dependency of rpm-ostree. Images built without rpm-ostree (a valid use case -- bootc is designed to work without a package manager) won't have bwrap and the install fails.

Suggested lint check

Add a lint that checks for /usr/bin/bwrap when the image contains a grub-based bootloader (i.e., when bootupd would be used). This follows the existing pattern of checks like check_kernel and check_api_dirs.

Secondary question: could chroot replace bwrap?

The comment in bootloader.rs describes bwrap as "a nicer chroot" -- it handles mounting API filesystems automatically. A plain chroot with explicit mount setup would eliminate the bwrap dependency entirely. Is there a reason bwrap is preferred over chroot here beyond convenience? If chroot is viable, the dependency could be eliminated rather than just linted for.

Lint truncation default

Separately, the default truncation behavior (show 5 items, then "and N more") is surprising for a linter. When bootc container lint is run during image builds (e.g., RUN bootc container lint in a Containerfile), the truncated output hides problems. The --no-truncate option exists (#1260) but the default arguably should show everything -- a linter's job is to surface all issues, not hide them. At minimum, the truncated output could mention that --no-truncate is available.

Related

• install: Make some "lints" default fatal #960 -- make some lints default fatal
• container lint: option to not truncate #1260 -- --no-truncate option (closed, implemented)
• Consider designing bootc as a library to be used by installer applications #542 -- bootc as library for installer applications (@jmpolom)

[jmpolom]

Secondary question: could chroot replace bwrap?

The comment in bootloader.rs describes bwrap as "a nicer chroot" -- it handles mounting API filesystems automatically. A plain chroot with explicit mount setup would eliminate the bwrap dependency entirely. Is there a reason bwrap is preferred over chroot here beyond convenience? If chroot is viable, the dependency could be eliminated rather than just linted for.

What is the purpose of a "chroot" for this task? Why can't bootupd be run directly inside the container housing bootc without any kind of "chroot"?

Lint truncation default

... a linter's job is to surface all issues, not hide them. At minimum, the truncated output could mention that --no-truncate is available.

The linter should produce all errors detected by default. I believe that is how most linters I've ever used work. Maybe a filter to exclude/include certain "severity" levels would be nice.

[p5]

I don't think this requires a new lint but rather packagers should update the bootupd spec file to require bwrap.

AFAIK bootupd is only a requirement when using the ostree backend, and the linter cannot distinguish between an image being built for ostree or composefs-native backends.

[jmpolom]

I don't think this requires a new lint, but rather packagers should update the bootupd spec file to require bwrap.

What is the purpose of the bwrap dependency for bootupd? bootupctl can be called without it yeah? Where is this bwrap dependency documented in the bootupd repo? It isn't in the README and there is one file in docs with irrelevant content. How would a packager even know bootupd requires bwrap?

But again it does appear bootc is the one wrapping bootupctl in bwrap?

AFAIK bootupd is only a requirement when using the ostree backend, and the linter cannot distinguish between an image being built for ostree or composefs-native backends.

Shouldn't a linter be able to determine the specifics of what it needs to lint for? If it needs to produce different output in different situations shouldn't it be able to discriminate the conditions properly?

[ckyrouac]

What is the purpose of the bwrap dependency for bootupd? bootupctl can be called without it yeah? Where is this bwrap dependency documented in the bootupd repo? It isn't in the README and there is one file in docs with irrelevant content. How would a packager even know bootupd requires bwrap?

bootupd doesn't depend on bwrap

But again it does appear bootc is the one wrapping bootupctl in bwrap?

Yes, see 0a75768

[jmpolom]

So bootc is missing the bwrap dependency?

[ckyrouac]

So bootc is missing the bwrap dependency?

yep