Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prepare-root: Add support for root.transient #3114

Merged
merged 3 commits into from
Dec 8, 2023
Merged

prepare-root: Add support for root.transient #3114

merged 3 commits into from
Dec 8, 2023

Commits on Dec 7, 2023

  1. sysroot: Drop unused prototype 

    This function doesn't exist anymore.
    @cgwalters
    cgwalters committed Dec 7, 2023
    Configuration menu
    Copy the full SHA
    6cb15c3 View commit details
    Browse the repository at this point in the history

  2. prepare-root: Add an autofree 

    This doesn't matter at all, but I just noticed this while working
on the code.
    @cgwalters
    cgwalters committed Dec 7, 2023
    Configuration menu
    Copy the full SHA
    59cdd61 View commit details
    Browse the repository at this point in the history

  3. prepare-root: Add support for root.transient 

    Closes: ostreedev#3113

It'd greatly improve compatibility with things like RPMs that install
in `/opt` if we supported a full "original docker" style model where
`/` is a transient overlayfs.  We'd still keep our semantics for `/etc`
and `/var` by default, but e.g. we'd stop recommending
`/opt` ➡️ `/var/opt`, in this model,
so `/opt` would be on the overlayfs.

Note this all aligns with composefs, where we'd actually be making
`/` a *read-only* overlayfs by default; it'd be really nice of course
to *implement* this by just making the composefs overlayfs writable,
but I am not sure we can hard require composefs for this right now.

So this change adds support for `root.transient = true`
in `/usr/lib/ostree/prepare-root.conf`.

The major downside is that people could be surprised if files they
write to e.g. `/opt` don't persist across upgrades.  But, that's
already again how it works since Docker started.

Note as part of the implementation of this, we need to add a whole
new "backing" directory distinct from the deployment directories.

(Tangentially related to this, it's tempting to switch to always
 using a *read-only* overlay mount by default.
    @cgwalters
    cgwalters committed Dec 7, 2023
    Configuration menu
    Copy the full SHA
    8fbaeba View commit details
    Browse the repository at this point in the history