From 0e00c908828e8d33aa92e62a2c3d73827a876331 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Wed, 27 Jul 2022 19:56:30 +0200
Subject: [PATCH] rpm-ostree: Setup readonly sysroot for ostree & rw karg
 (#2086489)

- Enable read only sysroot in the ostree repo config.
- Add `rw` to the kernel arguments to keep statefull parts of the system
  (/var & /etc) writable.
- Update units tests to account for the new rw karg

See: https://fedoraproject.org/wiki/Changes/Silverblue_Kinoite_readonly_sysroot
Resolves: rhbz#2086489
---
 .../payloads/payload/rpm_ostree/installation.py     | 13 +++++++++++++
 .../payloads/payload/test_rpm_ostree_tasks.py       |  4 ++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/pyanaconda/modules/payloads/payload/rpm_ostree/installation.py b/pyanaconda/modules/payloads/payload/rpm_ostree/installation.py
index 7ee1a9c612c..6d235f96581 100644
--- a/pyanaconda/modules/payloads/payload/rpm_ostree/installation.py
+++ b/pyanaconda/modules/payloads/payload/rpm_ostree/installation.py
@@ -475,6 +475,8 @@ def _set_kargs(self):
         if root_data.type == "btrfs subvolume":
             set_kargs_args.append("rootflags=subvol=" + root_name)
 
+        set_kargs_args.append("rw")
+
         safe_exec_with_redirect("ostree", set_kargs_args, root=self._sysroot)
 
 
@@ -520,6 +522,17 @@ def run(self):
              self._data.remote + ':' + ref]
         )
 
+        log.info("ostree config set sysroot.readonly true")
+
+        safe_exec_with_redirect(
+            "ostree",
+            ["config",
+             "--repo=" + self._physroot + "/ostree/repo",
+             "set",
+             "sysroot.readonly",
+             "true"]
+        )
+
         log.info("ostree admin deploy complete")
         self.report_progress(_("Deployment complete: {}").format(ref))
 
diff --git a/tests/unit_tests/pyanaconda_tests/modules/payloads/payload/test_rpm_ostree_tasks.py b/tests/unit_tests/pyanaconda_tests/modules/payloads/payload/test_rpm_ostree_tasks.py
index 3eb2cafc44c..3e023b3e740 100644
--- a/tests/unit_tests/pyanaconda_tests/modules/payloads/payload/test_rpm_ostree_tasks.py
+++ b/tests/unit_tests/pyanaconda_tests/modules/payloads/payload/test_rpm_ostree_tasks.py
@@ -540,7 +540,7 @@ def test_btrfs_run(self, devdata_mock, storage_mock, symlink_mock, rename_mock,
             exec_mock.assert_called_once_with(
                 "ostree",
                 ["admin", "instutil", "set-kargs", "BOOTLOADER-ARGS", "root=FSTAB-SPEC",
-                 "rootflags=subvol=device-name"],
+                 "rootflags=subvol=device-name", "rw"],
                 root=sysroot
             )
 
@@ -576,7 +576,7 @@ def test_nonbtrfs_run(self, devdata_mock, storage_mock, symlink_mock, rename_moc
             )
             exec_mock.assert_called_once_with(
                 "ostree",
-                ["admin", "instutil", "set-kargs", "BOOTLOADER-ARGS", "root=FSTAB-SPEC"],
+                ["admin", "instutil", "set-kargs", "BOOTLOADER-ARGS", "root=FSTAB-SPEC", "rw"],
                 root=sysroot
             )