Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ostree admin post-copy command #3094

Merged
merged 1 commit into from
Nov 14, 2023
Merged

Add ostree admin post-copy command #3094

merged 1 commit into from
Nov 14, 2023

Conversation

alexlarsson
Copy link
Member

This command will apply fs-verity on all objects that need it and needs to be called when an ostree deployment has been copied on a file-by-file basis, which would loose information such as fs-verity.

This is needed by osbuild which works by creating the final image in a rootfs, and then separately copying that rootfs file-by-file to a loopback mounted filesystem image.

This comes from osbuild/osbuild#1343

cgwalters
cgwalters approved these changes Nov 13, 2023
View reviewed changes
Copy link
Member

@cgwalters cgwalters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks generally sane. I would like osbuild ultimately to stop doing the copy though and let ostree do what it was designed to do...

src/libostree/ostree-sysroot-cleanup.c Outdated Show resolved Hide resolved
src/ostree/ot-admin-builtin-post-copy.c Outdated Show resolved Hide resolved
src/ostree/ot-admin-builtin-post-copy.c Outdated Show resolved Hide resolved
@cgwalters
Copy link
Member

CI failing on

make: *** No rule to make target 'man/ostree-admin-post-copy.xml', needed by 'man/html/ostree-admin-post-copy.html'. Stop.

@alexlarsson
Copy link
Member Author

This looks generally sane. I would like osbuild ultimately to stop doing the copy though and let ostree do what it was designed to do...

That is quite a rearchitecture of osbuild though.

@alexlarsson alexlarsson force-pushed the admin-deploy-post-copy branch from 6e6a558 to 1ab4ec4 Compare November 14, 2023 08:22
@alexlarsson
Add ostree admin post-copy command
accb1f0 
This command will apply fs-verity on all objects that need it and
needs to be called when an ostree deployment has been copied on a
file-by-file basis, which would loose information such as fs-verity.

This is needed by osbuild which works by creating the final image in a
rootfs, and then separately copying that rootfs file-by-file to a
loopback mounted filesystem image.
@alexlarsson alexlarsson force-pushed the admin-deploy-post-copy branch from 1ab4ec4 to accb1f0 Compare November 14, 2023 09:15
@alexlarsson
Copy link
Member Author

It seems fcos-e2e fails with:

+ ostree --version
ostree: /lib64/libc.so.6: version `GLIBC_2.38' not found (required by ostree)

Do we have some version skew in the CI?

@cgwalters
Copy link
Member

Do we have some version skew in the CI?

Yeah see coreos/coreos-assembler#3653
/override ci/prow/fcos-e2e

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Nov 14, 2023

@cgwalters: Overrode contexts on behalf of cgwalters: ci/prow/fcos-e2e

In response to this:

Do we have some version skew in the CI?

Yeah see coreos/coreos-assembler#3653
/override ci/prow/fcos-e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@cgwalters cgwalters merged commit 508443f into ostreedev:main Nov 14, 2023
21 checks passed
@cgwalters cgwalters mentioned this pull request Dec 14, 2023
Open
This was referenced Jan 10, 2024
Open
Closed
cgwalters added a commit to cgwalters/centos-bootc that referenced this pull request Jan 19, 2024
@cgwalters
usage: Describe filesystem semantics
1df0fd9 
I was a bit confused into thinking our `-dev` images had
`root.transient` on, but they don't quite right now because
we don't regenerate the initramfs after installing the updated
ostree in that image.

However, because bootc-image-builder today is throwing away
the immutable bit on `/` (a different bug, see
ostreedev/ostree#3094 ) we actually...
amazingly get a very similar effect in practice!

Anyways, let's go ahead and describe filesystem state here.
@cgwalters cgwalters mentioned this pull request Jan 19, 2024
Merged
cgwalters added a commit to cgwalters/centos-bootc that referenced this pull request Jan 21, 2024
@cgwalters
usage: Describe filesystem semantics
c93512c 
I was a bit confused into thinking our `-dev` images had
`root.transient` on, but they don't quite right now because
we don't regenerate the initramfs after installing the updated
ostree in that image.

However, because bootc-image-builder today is throwing away
the immutable bit on `/` (a different bug, see
ostreedev/ostree#3094 ) we actually...
amazingly get a very similar effect in practice!

Anyways, let's go ahead and describe filesystem state here.
@rborn-tx rborn-tx mentioned this pull request Apr 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgwalters cgwalters cgwalters approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexlarsson @cgwalters