examples: Add bootc UKI & BLS examples #1533
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jeckersb
commented
Aug 19, 2025
p5
reviewed
Aug 19, 2025
There was a problem hiding this comment.
Would it be possible to start with a quay.io/fedora/fedora image? Or can we remove the ostree "bits" from the image within the Containerfile so we're certain it's not being relied on (e.g. /ostree)?
Or maybe longer term, there will be a separate Fedora image dedicated for bootc with cfs?
There was a problem hiding this comment.
Dropping /ostree is tracked at https://gitlab.com/fedora/bootc/base-images/-/issues/58
That said though note today the https://docs.fedoraproject.org/en-US/bootc/building-from-scratch/ already produces images without it, but that flow has the downside of producing a single large layer, which leads to coreos/rpm-ostree#5383
|
Instead of two containerfiles, we can have a two stage build in a single Containerfile; similar to what the UKI build examples in |
jeckersb
commented
Aug 20, 2025
examples/bootc-uki/build.final
Outdated
| mkdir -p tmp/efi | ||
| ./cfsctl --repo tmp/sysroot/composefs oci pull containers-storage:"${IMAGE_ID}" | ||
| ./cfsctl --repo tmp/sysroot/composefs oci compute-id --bootable "${IMAGE_ID}" | ||
| ./cfsctl --repo tmp/sysroot/composefs oci prepare-boot "${IMAGE_ID}" --bootdir tmp/efi |
There was a problem hiding this comment.
These use IMAGE_ID from above but (if I'm following correctly) we should re-compute IMAGE_ID based on tmp/iid2 above and use that instead?
There was a problem hiding this comment.
The verity for both iid1 and iid2 should be identical, as they both (essentially) have the same contents. The only difference is that in the second step, we build the UKI and put it inside /boot which is ignored by composefs-rs while creating the EROFS image.
Actually, building the UKI might introduce some artifacts which we do not want to take into account
jeckersb
force-pushed
the
composefs-backend
branch
from
54e254c to
f10ec34
Compare
Johan-Liebert1
force-pushed
the
composefs-backend
branch
2 times, most recently
from
67c4e8d to
b45ef30
Compare
jeckersb
force-pushed
the
uki-bls-examples
branch
from
c9aeee5 to
b552c6e
Compare
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com> Signed-off-by: Colin Walters <walters@verbum.org>
Signed-off-by: Colin Walters <walters@verbum.org>
Parse the Grub menuentry file, `boot/grub2/user.cfg` to get a list of bootable UKIs and figure out if a rollback is currently queued. Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
Returning a local reference to a `&str` is quite tricky with rust. Update `title` and `chainloader`, the two dynamic fields in the grub menuentry, to be `String` instead of `&str` Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
We parse the grub menuentries, get the rollback deployment then perform the rollback, which basically consists of writing a new .staged menuentry file then atomically swapping the staged and the current menuentry. Rollback while there is a staged deployment is still to be handled. Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
…iles Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
If two deployments have the same VMLinuz + Initrd then, we can use the same binaries for both the deployments. Before writing the BLS entries to disk we calculate the SHA256Sum of VMLinuz + Initrd combo, then test if any other deployment has the same SHA256Sum for the binaries. Store the hash in the origin file under `boot -> hash` for future lookups. Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
Centralize all constants in a separate file Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
Instead of `/sysroot/state/os/fedora` use `/sysroot/state/os/default` as the default state directory. Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
Instaed of writing all present menuentries, only write the menuentry for switch/upgrade and the menuentry for the currently booted deployment. Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
This allows for easier testing Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Add tests for functions `get_sorted_bls_boot_entries` and `get_sorted_uki_boot_entries` Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Just reducing code here.
Signed-off-by: Colin Walters <walters@verbum.org>
Signed-off-by: Colin Walters <walters@verbum.org>
The duplication between this and composefs-boot is high and we need to squash it; an important step there would probably be lowering the karg parsing. Signed-off-by: Colin Walters <walters@verbum.org>
Signed-off-by: Robert Sturla <robertsturla@outlook.com> install: create temporary directory for ESP bls mount Plus additional review comments: - Created constant for EFI/LINUX - Switched from Task to Command - Create efi_dir as Utf8PathBuf Signed-off-by: Robert Sturla <robertsturla@outlook.com>
- Use `read_file` from `composefs::fs` - Always define `mod parsers` - Re-alphabetize/group module definitions Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Fill `version` field in generated BLS config Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
For bind mounting /etc we copy the contents of the EROFS' /etc to the deployment's state directory Mounting the EORFS requires help from the initramfs crate, so we also turn it into a library crate. Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
jeckersb
force-pushed
the
composefs-backend
branch
from
fd703ec to
023be10
Compare
Signed-off-by: Timothée Ravier <tim@siosm.fr>
Signed-off-by: Timothée Ravier <tim@siosm.fr>
Signed-off-by: Timothée Ravier <tim@siosm.fr>
Update bootc examples to use the new unified bootc command interface: - Replace cfsctl binary with bootc and use 'bootc internals cfs' subcommands - Rename composefs-setup-root to bootc-initramfs-setup - Update dracut module from 37composefs to 37bootc - Remove sudo requirement from podman build commands - Update service and module configuration files accordingly 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
jeckersb
force-pushed
the
uki-bls-examples
branch
from
b552c6e to
07d7791
Compare
|
both the bls and uki examples build successfully now, next item is to wire in tests to ensure these continue building properly in CI |
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
bda61be to
389a922
Compare
cgwalters
force-pushed
the
composefs-backend
branch
from
ab51fe7 to
a718597
Compare
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
a718597 to
8ac9eae
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a 1-for-1 copy of https://github.com/containers/composefs-rs/pull/143/files, re: #1498 (comment) I'm posting this here as a draft so we have somewhere to add public comments so we can discuss where this needs to change.