From a1e82f0e17b07ac6c39a2f57c0cdabf52eedfd90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 10 Jun 2025 13:19:36 +0200 Subject: [PATCH 01/10] examples: Add initial bootc examples (bls & uki) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Timothée Ravier --- examples/bootc-bls/Containerfile | 10 ++++ examples/bootc-bls/build | 17 ++++++ .../extra/etc/dracut.conf.d/no-xattr.conf | 1 + .../lib/dracut/dracut.conf.d/37composefs.conf | 6 +++ .../37composefs/composefs-setup-root.service | 34 ++++++++++++ .../modules.d/37composefs/module-setup.sh | 20 +++++++ examples/bootc-uki/Containerfile.stage1 | 10 ++++ examples/bootc-uki/Containerfile.stage2 | 33 ++++++++++++ examples/bootc-uki/build.base | 18 +++++++ examples/bootc-uki/build.final | 52 +++++++++++++++++++ .../extra/etc/dracut.conf.d/no-xattr.conf | 1 + .../lib/dracut/dracut.conf.d/37composefs.conf | 6 +++ .../37composefs/composefs-setup-root.service | 34 ++++++++++++ .../modules.d/37composefs/module-setup.sh | 20 +++++++ 14 files changed, 262 insertions(+) create mode 100644 examples/bootc-bls/Containerfile create mode 100755 examples/bootc-bls/build create mode 100644 examples/bootc-bls/extra/etc/dracut.conf.d/no-xattr.conf create mode 100644 examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf create mode 100644 examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service create mode 100755 examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh create mode 100644 examples/bootc-uki/Containerfile.stage1 create mode 100644 examples/bootc-uki/Containerfile.stage2 create mode 100755 examples/bootc-uki/build.base create mode 100755 examples/bootc-uki/build.final create mode 100644 examples/bootc-uki/extra/etc/dracut.conf.d/no-xattr.conf create mode 100644 examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf create mode 100644 examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service create mode 100755 examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh diff --git a/examples/bootc-bls/Containerfile b/examples/bootc-bls/Containerfile new file mode 100644 index 000000000..c6fbfcdbd --- /dev/null +++ b/examples/bootc-bls/Containerfile @@ -0,0 +1,10 @@ +FROM quay.io/fedora/fedora-bootc:42 +COPY extra / +COPY cfsctl /usr/bin + +RUN passwd -d root + +# need to have composefs setup root in the initramfs so we need this +RUN set -x; \ + kver=$(cd /usr/lib/modules && echo *); \ + dracut -vf --install "/etc/passwd /etc/group" /usr/lib/modules/$kver/initramfs.img $kver; diff --git a/examples/bootc-bls/build b/examples/bootc-bls/build new file mode 100755 index 000000000..3e3ec090c --- /dev/null +++ b/examples/bootc-bls/build @@ -0,0 +1,17 @@ +#!/bin/bash + +set -eux + +cd "${0%/*}" + +cargo build --release --features=pre-6.15 --bin cfsctl --bin composefs-setup-root + +cp ../../target/release/cfsctl . +cp ../../target/release/composefs-setup-root extra/usr/lib/dracut/modules.d/37composefs/ + +mkdir -p tmp + +sudo podman build \ + -t quay.io/fedora/fedora-bootc-bls:42 \ + -f Containerfile \ + --iidfile=tmp/iid \ diff --git a/examples/bootc-bls/extra/etc/dracut.conf.d/no-xattr.conf b/examples/bootc-bls/extra/etc/dracut.conf.d/no-xattr.conf new file mode 100644 index 000000000..b8d114a9c --- /dev/null +++ b/examples/bootc-bls/extra/etc/dracut.conf.d/no-xattr.conf @@ -0,0 +1 @@ +export DRACUT_NO_XATTR=1 diff --git a/examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf b/examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf new file mode 100644 index 000000000..1defe5de6 --- /dev/null +++ b/examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf @@ -0,0 +1,6 @@ +# we want to make sure the virtio disk drivers get included +hostonly=no + +# we need to force these in via the initramfs because we don't have modules in +# the base image +force_drivers+=" virtio_net vfat " diff --git a/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service b/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service new file mode 100644 index 000000000..ffc404d68 --- /dev/null +++ b/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service @@ -0,0 +1,34 @@ +# Copyright (C) 2013 Colin Walters +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see . + +[Unit] +DefaultDependencies=no +ConditionKernelCommandLine=composefs +ConditionPathExists=/etc/initrd-release +After=sysroot.mount +Requires=sysroot.mount +Before=initrd-root-fs.target +Before=initrd-switch-root.target + +OnFailure=emergency.target +OnFailureJobMode=isolate + +[Service] +Type=oneshot +ExecStart=/usr/bin/composefs-setup-root +StandardInput=null +StandardOutput=journal +StandardError=journal+console +RemainAfterExit=yes diff --git a/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh b/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh new file mode 100755 index 000000000..7fb853033 --- /dev/null +++ b/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh @@ -0,0 +1,20 @@ +#!/usr/bin/bash + +check() { + return 0 +} + +depends() { + return 0 +} + +install() { + inst \ + "${moddir}/composefs-setup-root" /usr/bin/composefs-setup-root + inst \ + "${moddir}/composefs-setup-root.service" \ + "${systemdsystemunitdir}/composefs-setup-root.service" + + $SYSTEMCTL -q --root "${initdir}" add-wants \ + 'initrd-root-fs.target' 'composefs-setup-root.service' +} diff --git a/examples/bootc-uki/Containerfile.stage1 b/examples/bootc-uki/Containerfile.stage1 new file mode 100644 index 000000000..c6fbfcdbd --- /dev/null +++ b/examples/bootc-uki/Containerfile.stage1 @@ -0,0 +1,10 @@ +FROM quay.io/fedora/fedora-bootc:42 +COPY extra / +COPY cfsctl /usr/bin + +RUN passwd -d root + +# need to have composefs setup root in the initramfs so we need this +RUN set -x; \ + kver=$(cd /usr/lib/modules && echo *); \ + dracut -vf --install "/etc/passwd /etc/group" /usr/lib/modules/$kver/initramfs.img $kver; diff --git a/examples/bootc-uki/Containerfile.stage2 b/examples/bootc-uki/Containerfile.stage2 new file mode 100644 index 000000000..99c368bb3 --- /dev/null +++ b/examples/bootc-uki/Containerfile.stage2 @@ -0,0 +1,33 @@ +FROM quay.io/fedora/fedora-bootc-base-uki:42 AS base + +FROM base as kernel + +ARG COMPOSEFS_FSVERITY + +RUN < /etc/kernel/cmdline + + dnf install -y systemd-ukify; + kver=$(cd /usr/lib/modules && echo *); + ukify build \ + --linux /usr/lib/modules/$kver/vmlinuz \ + --initrd /usr/lib/modules/$kver/initramfs.img \ + --cmdline "@/etc/kernel/cmdline" \ + --output /boot/$kver.efi +EOF + +FROM base as final + +RUN --mount=type=bind,from=kernel,target=/_mount/kernel < /dev/null +# uuidgen --random > GUID.txt +# openssl req -newkey rsa:4096 -nodes -keyout PK.key -new -x509 -sha256 -days 3650 -subj "/CN=Test Platform Key/" -out PK.crt +# openssl x509 -outform DER -in PK.crt -out PK.cer +# openssl req -newkey rsa:4096 -nodes -keyout KEK.key -new -x509 -sha256 -days 3650 -subj "/CN=Test Key Exchange Key/" -out KEK.crt +# openssl x509 -outform DER -in KEK.crt -out KEK.cer +# openssl req -newkey rsa:4096 -nodes -keyout db.key -new -x509 -sha256 -days 3650 -subj "/CN=Test Signature Database key/" -out db.crt +# openssl x509 -outform DER -in db.crt -out db.cer +# popd > /dev/null +# fi diff --git a/examples/bootc-uki/extra/etc/dracut.conf.d/no-xattr.conf b/examples/bootc-uki/extra/etc/dracut.conf.d/no-xattr.conf new file mode 100644 index 000000000..b8d114a9c --- /dev/null +++ b/examples/bootc-uki/extra/etc/dracut.conf.d/no-xattr.conf @@ -0,0 +1 @@ +export DRACUT_NO_XATTR=1 diff --git a/examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf b/examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf new file mode 100644 index 000000000..1defe5de6 --- /dev/null +++ b/examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf @@ -0,0 +1,6 @@ +# we want to make sure the virtio disk drivers get included +hostonly=no + +# we need to force these in via the initramfs because we don't have modules in +# the base image +force_drivers+=" virtio_net vfat " diff --git a/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service b/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service new file mode 100644 index 000000000..ffc404d68 --- /dev/null +++ b/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service @@ -0,0 +1,34 @@ +# Copyright (C) 2013 Colin Walters +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see . + +[Unit] +DefaultDependencies=no +ConditionKernelCommandLine=composefs +ConditionPathExists=/etc/initrd-release +After=sysroot.mount +Requires=sysroot.mount +Before=initrd-root-fs.target +Before=initrd-switch-root.target + +OnFailure=emergency.target +OnFailureJobMode=isolate + +[Service] +Type=oneshot +ExecStart=/usr/bin/composefs-setup-root +StandardInput=null +StandardOutput=journal +StandardError=journal+console +RemainAfterExit=yes diff --git a/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh b/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh new file mode 100755 index 000000000..7fb853033 --- /dev/null +++ b/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh @@ -0,0 +1,20 @@ +#!/usr/bin/bash + +check() { + return 0 +} + +depends() { + return 0 +} + +install() { + inst \ + "${moddir}/composefs-setup-root" /usr/bin/composefs-setup-root + inst \ + "${moddir}/composefs-setup-root.service" \ + "${systemdsystemunitdir}/composefs-setup-root.service" + + $SYSTEMCTL -q --root "${initdir}" add-wants \ + 'initrd-root-fs.target' 'composefs-setup-root.service' +} From c49fea021967778f2d22c7978be5a13e36a5a45e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Wed, 11 Jun 2025 11:16:26 +0200 Subject: [PATCH 02/10] examples/bootc*: Secure Boot support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Timothée Ravier --- examples/bootc-uki/Containerfile.stage2 | 29 ++++++++++++----- examples/bootc-uki/build.final | 43 +++++++++++-------------- examples/bootc-uki/build_vars | 20 ++++++++++++ 3 files changed, 60 insertions(+), 32 deletions(-) create mode 100755 examples/bootc-uki/build_vars diff --git a/examples/bootc-uki/Containerfile.stage2 b/examples/bootc-uki/Containerfile.stage2 index 99c368bb3..964a6f2ae 100644 --- a/examples/bootc-uki/Containerfile.stage2 +++ b/examples/bootc-uki/Containerfile.stage2 @@ -4,29 +4,42 @@ FROM base as kernel ARG COMPOSEFS_FSVERITY -RUN < /etc/kernel/cmdline - dnf install -y systemd-ukify; - kver=$(cd /usr/lib/modules && echo *); + dnf install -y systemd-ukify sbsigntools systemd-boot-unsigned + kver=$(cd /usr/lib/modules && echo *) ukify build \ - --linux /usr/lib/modules/$kver/vmlinuz \ - --initrd /usr/lib/modules/$kver/initramfs.img \ + --linux "/usr/lib/modules/$kver/vmlinuz" \ + --initrd "/usr/lib/modules/$kver/initramfs.img" \ + --uname="${kver}" \ --cmdline "@/etc/kernel/cmdline" \ - --output /boot/$kver.efi + --os-release "@/etc/os-release" \ + --signtool sbsign \ + --secureboot-private-key "/run/secrets/key" \ + --secureboot-certificate "/run/secrets/cert" \ + --measure \ + --json pretty \ + --output "/boot/$kver.efi" + sbsign \ + --key "/run/secrets/key" \ + --cert "/run/secrets/cert" \ + "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \ + --output "/boot/systemd-bootx64.efi" EOF FROM base as final RUN --mount=type=bind,from=kernel,target=/_mount/kernel < /dev/null + uuidgen --random > GUID.txt + openssl req -newkey rsa:4096 -nodes -keyout PK.key -new -x509 -sha256 -days 3650 -subj "/CN=Test Platform Key/" -out PK.crt + openssl x509 -outform DER -in PK.crt -out PK.cer + openssl req -newkey rsa:4096 -nodes -keyout KEK.key -new -x509 -sha256 -days 3650 -subj "/CN=Test Key Exchange Key/" -out KEK.crt + openssl x509 -outform DER -in KEK.crt -out KEK.cer + openssl req -newkey rsa:4096 -nodes -keyout db.key -new -x509 -sha256 -days 3650 -subj "/CN=Test Signature Database key/" -out db.crt + openssl x509 -outform DER -in db.crt -out db.cer + popd > /dev/null +fi + +# For debugging, add --no-cache to podman command sudo podman build \ -t quay.io/fedora/fedora-bootc-uki:42 \ --build-arg=COMPOSEFS_FSVERITY="${COMPOSEFS_FSVERITY}" \ -f Containerfile.stage2 \ + --secret=id=key,src=secureboot/db.key \ + --secret=id=cert,src=secureboot/db.crt \ --iidfile=tmp/iid2 rm -rf tmp/efi @@ -26,27 +45,3 @@ mkdir -p tmp/efi ./cfsctl --repo tmp/sysroot/composefs oci pull containers-storage:"${IMAGE_ID}" ./cfsctl --repo tmp/sysroot/composefs oci compute-id --bootable "${IMAGE_ID}" ./cfsctl --repo tmp/sysroot/composefs oci prepare-boot "${IMAGE_ID}" --bootdir tmp/efi - -# For debugging, add --no-cache to podman command -# mkdir tmp/internal-sysroot -# # podman build \ -# --iidfile=tmp/iid \ -# -v "${PWD}/tmp/internal-sysroot:/tmp/sysroot:z,U" \ -# --secret=id=key,src=secureboot/db.key \ -# --secret=id=cert,src=secureboot/db.crt \ - -# See: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot -# Alternative to generate keys for testing: `sbctl create-keys` -# if [[ ! -d "secureboot" ]]; then -# echo "Generating test Secure Boot keys" -# mkdir secureboot -# pushd secureboot > /dev/null -# uuidgen --random > GUID.txt -# openssl req -newkey rsa:4096 -nodes -keyout PK.key -new -x509 -sha256 -days 3650 -subj "/CN=Test Platform Key/" -out PK.crt -# openssl x509 -outform DER -in PK.crt -out PK.cer -# openssl req -newkey rsa:4096 -nodes -keyout KEK.key -new -x509 -sha256 -days 3650 -subj "/CN=Test Key Exchange Key/" -out KEK.crt -# openssl x509 -outform DER -in KEK.crt -out KEK.cer -# openssl req -newkey rsa:4096 -nodes -keyout db.key -new -x509 -sha256 -days 3650 -subj "/CN=Test Signature Database key/" -out db.crt -# openssl x509 -outform DER -in db.crt -out db.cer -# popd > /dev/null -# fi diff --git a/examples/bootc-uki/build_vars b/examples/bootc-uki/build_vars new file mode 100755 index 000000000..8008414b4 --- /dev/null +++ b/examples/bootc-uki/build_vars @@ -0,0 +1,20 @@ +#!/bin/bash + +set -eux + +cd "${0%/*}" + +if [[ ! -d "secureboot" ]]; then + echo "fail" + exit 1 +fi + +# See: https://github.com/rhuefi/qemu-ovmf-secureboot +# $ dnf install -y python3-virt-firmware +GUID=$(cat secureboot/GUID.txt) +virt-fw-vars --input "/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2" \ + --secure-boot \ + --set-pk $GUID "secureboot/PK.crt" \ + --add-kek $GUID "secureboot/KEK.crt" \ + --add-db $GUID "secureboot/db.crt" \ + -o "VARS_CUSTOM.secboot.qcow2.template" From 1ef204dc68606aa3373fdf461477f7d388b734ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Wed, 11 Jun 2025 14:32:44 +0200 Subject: [PATCH 03/10] examples/bootc*: Temporary bootc install scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Timothée Ravier --- examples/bootc-uki/install-grub.sh | 29 ++++++++++++++ examples/bootc-uki/install-systemd-boot.sh | 45 ++++++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100755 examples/bootc-uki/install-grub.sh create mode 100755 examples/bootc-uki/install-systemd-boot.sh diff --git a/examples/bootc-uki/install-grub.sh b/examples/bootc-uki/install-grub.sh new file mode 100755 index 000000000..885826046 --- /dev/null +++ b/examples/bootc-uki/install-grub.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +set -eux + +curl http://192.168.122.1:8000/bootc -o bootc +chmod +x bootc + +IMAGE=quay.io/fedora/fedora-bootc-uki:42 + +# --env RUST_LOG=debug \ +# --env RUST_BACKTRACE=1 \ +podman run \ + --rm --privileged \ + --pid=host \ + -v /dev:/dev \ + -v /var/lib/containers:/var/lib/containers \ + -v /srv/bootc:/usr/bin/bootc:ro,Z \ + -v /var/tmp:/var/tmp \ + --security-opt label=type:unconfined_t \ + "${IMAGE}" \ + bootc install to-disk \ + --composefs-native \ + --boot=uki \ + --source-imgref="containers-storage:${IMAGE}" \ + --target-imgref="${IMAGE}" \ + --target-transport="docker" \ + /dev/vdb \ + --filesystem=ext4 \ + --wipe diff --git a/examples/bootc-uki/install-systemd-boot.sh b/examples/bootc-uki/install-systemd-boot.sh new file mode 100755 index 000000000..08e92107b --- /dev/null +++ b/examples/bootc-uki/install-systemd-boot.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -eux + +curl http://192.168.122.1:8000/bootc -o bootc +chmod +x bootc + +IMAGE=quay.io/fedora/fedora-bootc-uki:42 + +if [[ ! -f /srv/systemd-bootx64.efi ]]; then + echo "Needs /srv/systemd-bootx64.efi to exists for now" + exit 1 +fi + +# --env RUST_LOG=debug \ +# --env RUST_BACKTRACE=1 \ +podman run \ + --rm --privileged \ + --pid=host \ + -v /dev:/dev \ + -v /var/lib/containers:/var/lib/containers \ + -v /srv/bootc:/usr/bin/bootc:ro,Z \ + -v /var/tmp:/var/tmp \ + --security-opt label=type:unconfined_t \ + "${IMAGE}" \ + bootc install to-disk \ + --composefs-native \ + --boot=uki \ + --source-imgref="containers-storage:${IMAGE}" \ + --target-imgref="${IMAGE}" \ + --target-transport="docker" \ + /dev/vdb \ + --filesystem=ext4 \ + --wipe + +mkdir -p efi +mount /dev/vdb2 /srv/efi + +# Manual systemd-boot installation +cp /srv/systemd-bootx64.efi /srv/efi/EFI/fedora/grubx64.efi +mkdir -p /srv/efi/loader +echo "timeout 5" > /srv/efi/loader/loader.conf +rm -rf /srv/efi/EFI/fedora/grub.cfg + +umount efi From 5dbba4a51c9b80b9cba9241f71d9b5ebd972163a Mon Sep 17 00:00:00 2001 From: John Eckersberg Date: Wed, 3 Sep 2025 13:58:23 -0400 Subject: [PATCH 04/10] examples/bootc*: Migrate from cfsctl to bootc internals cfs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update bootc examples to use the new unified bootc command interface: - Replace cfsctl binary with bootc and use 'bootc internals cfs' subcommands - Rename composefs-setup-root to bootc-initramfs-setup - Update dracut module from 37composefs to 37bootc - Remove sudo requirement from podman build commands - Update service and module configuration files accordingly 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude Signed-off-by: John Eckersberg --- examples/bootc-bls/Containerfile | 4 ++-- examples/bootc-bls/build | 9 +++++---- .../bootc-initramfs-setup.service} | 2 +- .../dracut/modules.d/37bootc/module-setup.sh | 20 +++++++++++++++++++ .../modules.d/37composefs/module-setup.sh | 20 ------------------- examples/bootc-uki/Containerfile.stage1 | 2 +- examples/bootc-uki/build.base | 8 ++++---- examples/bootc-uki/build.final | 14 ++++++------- .../bootc-initramfs-setup.service} | 2 +- .../dracut/modules.d/37bootc/module-setup.sh | 20 +++++++++++++++++++ .../modules.d/37composefs/module-setup.sh | 20 ------------------- 11 files changed, 61 insertions(+), 60 deletions(-) rename examples/bootc-bls/extra/usr/lib/dracut/modules.d/{37composefs/composefs-setup-root.service => 37bootc/bootc-initramfs-setup.service} (96%) create mode 100755 examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh delete mode 100755 examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh rename examples/bootc-uki/extra/usr/lib/dracut/modules.d/{37composefs/composefs-setup-root.service => 37bootc/bootc-initramfs-setup.service} (96%) create mode 100755 examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh delete mode 100755 examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh diff --git a/examples/bootc-bls/Containerfile b/examples/bootc-bls/Containerfile index c6fbfcdbd..73f114730 100644 --- a/examples/bootc-bls/Containerfile +++ b/examples/bootc-bls/Containerfile @@ -1,10 +1,10 @@ FROM quay.io/fedora/fedora-bootc:42 COPY extra / -COPY cfsctl /usr/bin +COPY bootc /usr/bin RUN passwd -d root -# need to have composefs setup root in the initramfs so we need this +# need to have bootc-initramfs-setup in the initramfs so we need this RUN set -x; \ kver=$(cd /usr/lib/modules && echo *); \ dracut -vf --install "/etc/passwd /etc/group" /usr/lib/modules/$kver/initramfs.img $kver; diff --git a/examples/bootc-bls/build b/examples/bootc-bls/build index 3e3ec090c..817a94e26 100755 --- a/examples/bootc-bls/build +++ b/examples/bootc-bls/build @@ -4,14 +4,15 @@ set -eux cd "${0%/*}" -cargo build --release --features=pre-6.15 --bin cfsctl --bin composefs-setup-root +cargo build --release --bin bootc --bin bootc-initramfs-setup -cp ../../target/release/cfsctl . -cp ../../target/release/composefs-setup-root extra/usr/lib/dracut/modules.d/37composefs/ +cp ../../target/release/bootc . +cp ../../target/release/bootc-initramfs-setup extra/usr/lib/dracut/modules.d/37bootc/ mkdir -p tmp -sudo podman build \ +podman build \ -t quay.io/fedora/fedora-bootc-bls:42 \ -f Containerfile \ --iidfile=tmp/iid \ + . diff --git a/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service b/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service similarity index 96% rename from examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service rename to examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service index ffc404d68..15fdc5801 100644 --- a/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service +++ b/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service @@ -27,7 +27,7 @@ OnFailureJobMode=isolate [Service] Type=oneshot -ExecStart=/usr/bin/composefs-setup-root +ExecStart=/usr/bin/bootc-initramfs-setup StandardInput=null StandardOutput=journal StandardError=journal+console diff --git a/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh b/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh new file mode 100755 index 000000000..b1c56206f --- /dev/null +++ b/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh @@ -0,0 +1,20 @@ +#!/usr/bin/bash + +check() { + return 0 +} + +depends() { + return 0 +} + +install() { + inst \ + "${moddir}/bootc-initramfs-setup" /usr/bin/bootc-initramfs-setup + inst \ + "${moddir}/bootc-initramfs-setup.service" \ + "${systemdsystemunitdir}/bootc-initramfs-setup.service" + + $SYSTEMCTL -q --root "${initdir}" add-wants \ + 'initrd-root-fs.target' 'bootc-initramfs-setup.service' +} diff --git a/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh b/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh deleted file mode 100755 index 7fb853033..000000000 --- a/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/bash - -check() { - return 0 -} - -depends() { - return 0 -} - -install() { - inst \ - "${moddir}/composefs-setup-root" /usr/bin/composefs-setup-root - inst \ - "${moddir}/composefs-setup-root.service" \ - "${systemdsystemunitdir}/composefs-setup-root.service" - - $SYSTEMCTL -q --root "${initdir}" add-wants \ - 'initrd-root-fs.target' 'composefs-setup-root.service' -} diff --git a/examples/bootc-uki/Containerfile.stage1 b/examples/bootc-uki/Containerfile.stage1 index c6fbfcdbd..175f3e253 100644 --- a/examples/bootc-uki/Containerfile.stage1 +++ b/examples/bootc-uki/Containerfile.stage1 @@ -1,6 +1,6 @@ FROM quay.io/fedora/fedora-bootc:42 COPY extra / -COPY cfsctl /usr/bin +COPY bootc /usr/bin RUN passwd -d root diff --git a/examples/bootc-uki/build.base b/examples/bootc-uki/build.base index 312cb099f..5479c8134 100755 --- a/examples/bootc-uki/build.base +++ b/examples/bootc-uki/build.base @@ -4,14 +4,14 @@ set -eux cd "${0%/*}" -cargo build --release --features=pre-6.15 --bin cfsctl --bin composefs-setup-root +cargo build --release --bin bootc --bin bootc-initramfs-setup -cp ../../target/release/cfsctl . -cp ../../target/release/composefs-setup-root extra/usr/lib/dracut/modules.d/37composefs/ +cp ../../target/release/bootc . +cp ../../target/release/bootc-initramfs-setup extra/usr/lib/dracut/modules.d/37bootc/ mkdir -p tmp -sudo podman build \ +podman build \ -t quay.io/fedora/fedora-bootc-base-uki:42 \ -f Containerfile.stage1 \ --iidfile=tmp/iid \ diff --git a/examples/bootc-uki/build.final b/examples/bootc-uki/build.final index 2a991f4d7..9f4fb9175 100755 --- a/examples/bootc-uki/build.final +++ b/examples/bootc-uki/build.final @@ -4,16 +4,16 @@ set -eux cd "${0%/*}" -cargo build --release --features=pre-6.15 --bin cfsctl --bin composefs-setup-root +cargo build --release --bin bootc -cp ../../target/release/cfsctl . +cp ../../target/release/bootc . rm -rf tmp/sysroot mkdir -p tmp/sysroot/composefs IMAGE_ID="$(sed s/sha256:// tmp/iid)" -./cfsctl --repo tmp/sysroot/composefs oci pull containers-storage:"${IMAGE_ID}" -COMPOSEFS_FSVERITY="$(./cfsctl --repo tmp/sysroot/composefs oci compute-id --bootable "${IMAGE_ID}")" +./bootc internals cfs --repo tmp/sysroot/composefs oci pull containers-storage:"${IMAGE_ID}" +COMPOSEFS_FSVERITY="$(./bootc internals cfs --repo tmp/sysroot/composefs oci compute-id --bootable "${IMAGE_ID}")" # See: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot # Alternative to generate keys for testing: `sbctl create-keys` @@ -42,6 +42,6 @@ sudo podman build \ rm -rf tmp/efi mkdir -p tmp/efi -./cfsctl --repo tmp/sysroot/composefs oci pull containers-storage:"${IMAGE_ID}" -./cfsctl --repo tmp/sysroot/composefs oci compute-id --bootable "${IMAGE_ID}" -./cfsctl --repo tmp/sysroot/composefs oci prepare-boot "${IMAGE_ID}" --bootdir tmp/efi +./bootc internals cfs --repo tmp/sysroot/composefs oci pull containers-storage:"${IMAGE_ID}" +./bootc internals cfs --repo tmp/sysroot/composefs oci compute-id --bootable "${IMAGE_ID}" +./bootc internals cfs --repo tmp/sysroot/composefs oci prepare-boot "${IMAGE_ID}" --bootdir tmp/efi diff --git a/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service b/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service similarity index 96% rename from examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service rename to examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service index ffc404d68..15fdc5801 100644 --- a/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/composefs-setup-root.service +++ b/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service @@ -27,7 +27,7 @@ OnFailureJobMode=isolate [Service] Type=oneshot -ExecStart=/usr/bin/composefs-setup-root +ExecStart=/usr/bin/bootc-initramfs-setup StandardInput=null StandardOutput=journal StandardError=journal+console diff --git a/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh b/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh new file mode 100755 index 000000000..b1c56206f --- /dev/null +++ b/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh @@ -0,0 +1,20 @@ +#!/usr/bin/bash + +check() { + return 0 +} + +depends() { + return 0 +} + +install() { + inst \ + "${moddir}/bootc-initramfs-setup" /usr/bin/bootc-initramfs-setup + inst \ + "${moddir}/bootc-initramfs-setup.service" \ + "${systemdsystemunitdir}/bootc-initramfs-setup.service" + + $SYSTEMCTL -q --root "${initdir}" add-wants \ + 'initrd-root-fs.target' 'bootc-initramfs-setup.service' +} diff --git a/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh b/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh deleted file mode 100755 index 7fb853033..000000000 --- a/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37composefs/module-setup.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/bash - -check() { - return 0 -} - -depends() { - return 0 -} - -install() { - inst \ - "${moddir}/composefs-setup-root" /usr/bin/composefs-setup-root - inst \ - "${moddir}/composefs-setup-root.service" \ - "${systemdsystemunitdir}/composefs-setup-root.service" - - $SYSTEMCTL -q --root "${initdir}" add-wants \ - 'initrd-root-fs.target' 'composefs-setup-root.service' -} From 85907738d7e4bec638ec3b3293851f9030cfabfa Mon Sep 17 00:00:00 2001 From: John Eckersberg Date: Mon, 15 Sep 2025 16:37:17 -0400 Subject: [PATCH 05/10] tmt: Add test for bootc examples build scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add test-26-examples-build to validate that the bootc-bls and bootc-uki example build scripts work correctly. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude Signed-off-by: John Eckersberg --- .../extra/etc/dracut.conf.d/no-xattr.conf | 1 - .../lib/dracut/dracut.conf.d/37composefs.conf | 3 --- .../extra/etc/dracut.conf.d/no-xattr.conf | 1 - .../lib/dracut/dracut.conf.d/37composefs.conf | 3 --- tmt/plans/integration.fmf | 7 +++++++ tmt/tests/test-26-examples-build.fmf | 18 ++++++++++++++++++ 6 files changed, 25 insertions(+), 8 deletions(-) delete mode 100644 examples/bootc-bls/extra/etc/dracut.conf.d/no-xattr.conf delete mode 100644 examples/bootc-uki/extra/etc/dracut.conf.d/no-xattr.conf create mode 100644 tmt/tests/test-26-examples-build.fmf diff --git a/examples/bootc-bls/extra/etc/dracut.conf.d/no-xattr.conf b/examples/bootc-bls/extra/etc/dracut.conf.d/no-xattr.conf deleted file mode 100644 index b8d114a9c..000000000 --- a/examples/bootc-bls/extra/etc/dracut.conf.d/no-xattr.conf +++ /dev/null @@ -1 +0,0 @@ -export DRACUT_NO_XATTR=1 diff --git a/examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf b/examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf index 1defe5de6..d1adac96f 100644 --- a/examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf +++ b/examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf @@ -1,6 +1,3 @@ -# we want to make sure the virtio disk drivers get included -hostonly=no - # we need to force these in via the initramfs because we don't have modules in # the base image force_drivers+=" virtio_net vfat " diff --git a/examples/bootc-uki/extra/etc/dracut.conf.d/no-xattr.conf b/examples/bootc-uki/extra/etc/dracut.conf.d/no-xattr.conf deleted file mode 100644 index b8d114a9c..000000000 --- a/examples/bootc-uki/extra/etc/dracut.conf.d/no-xattr.conf +++ /dev/null @@ -1 +0,0 @@ -export DRACUT_NO_XATTR=1 diff --git a/examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf b/examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf index 1defe5de6..d1adac96f 100644 --- a/examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf +++ b/examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf @@ -1,6 +1,3 @@ -# we want to make sure the virtio disk drivers get included -hostonly=no - # we need to force these in via the initramfs because we don't have modules in # the base image force_drivers+=" virtio_net vfat " diff --git a/tmt/plans/integration.fmf b/tmt/plans/integration.fmf index 34ad9416e..40d0facc6 100644 --- a/tmt/plans/integration.fmf +++ b/tmt/plans/integration.fmf @@ -53,3 +53,10 @@ execute: how: fmf test: - /tmt/tests/test-25-soft-reboot + +/test-26-examples-build: + summary: Test bootc examples build scripts + discover: + how: fmf + test: + - /tmt/tests/test-26-examples-build diff --git a/tmt/tests/test-26-examples-build.fmf b/tmt/tests/test-26-examples-build.fmf new file mode 100644 index 000000000..7c556d74a --- /dev/null +++ b/tmt/tests/test-26-examples-build.fmf @@ -0,0 +1,18 @@ +summary: Test bootc examples build scripts +test: | + #!/bin/bash + set -eux + + # Test bootc-bls example + echo "Testing bootc-bls example..." + cd examples/bootc-bls + ./build + + # Test bootc-uki example + echo "Testing bootc-uki example..." + cd ../bootc-uki + ./build.base + ./build.final + + echo "All example builds completed successfully" +duration: 45m From 27295ccb0a5764f7044e635ce34d2ecb709449d4 Mon Sep 17 00:00:00 2001 From: John Eckersberg Date: Wed, 24 Sep 2025 14:25:43 -0400 Subject: [PATCH 06/10] examples: move under tmt/tests/ Doing this as a distinct commit so as to not conflate future modifications with the bulk code movement. Signed-off-by: John Eckersberg --- {examples => tmt/tests/examples}/bootc-bls/Containerfile | 0 {examples => tmt/tests/examples}/bootc-bls/build | 0 .../bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf | 0 .../lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service | 0 .../extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh | 0 {examples => tmt/tests/examples}/bootc-uki/Containerfile.stage1 | 0 {examples => tmt/tests/examples}/bootc-uki/Containerfile.stage2 | 0 {examples => tmt/tests/examples}/bootc-uki/build.base | 0 {examples => tmt/tests/examples}/bootc-uki/build.final | 0 {examples => tmt/tests/examples}/bootc-uki/build_vars | 0 .../bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf | 0 .../lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service | 0 .../extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh | 0 {examples => tmt/tests/examples}/bootc-uki/install-grub.sh | 0 .../tests/examples}/bootc-uki/install-systemd-boot.sh | 0 15 files changed, 0 insertions(+), 0 deletions(-) rename {examples => tmt/tests/examples}/bootc-bls/Containerfile (100%) rename {examples => tmt/tests/examples}/bootc-bls/build (100%) rename {examples => tmt/tests/examples}/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf (100%) rename {examples => tmt/tests/examples}/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service (100%) rename {examples => tmt/tests/examples}/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh (100%) rename {examples => tmt/tests/examples}/bootc-uki/Containerfile.stage1 (100%) rename {examples => tmt/tests/examples}/bootc-uki/Containerfile.stage2 (100%) rename {examples => tmt/tests/examples}/bootc-uki/build.base (100%) rename {examples => tmt/tests/examples}/bootc-uki/build.final (100%) rename {examples => tmt/tests/examples}/bootc-uki/build_vars (100%) rename {examples => tmt/tests/examples}/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf (100%) rename {examples => tmt/tests/examples}/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service (100%) rename {examples => tmt/tests/examples}/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh (100%) rename {examples => tmt/tests/examples}/bootc-uki/install-grub.sh (100%) rename {examples => tmt/tests/examples}/bootc-uki/install-systemd-boot.sh (100%) diff --git a/examples/bootc-bls/Containerfile b/tmt/tests/examples/bootc-bls/Containerfile similarity index 100% rename from examples/bootc-bls/Containerfile rename to tmt/tests/examples/bootc-bls/Containerfile diff --git a/examples/bootc-bls/build b/tmt/tests/examples/bootc-bls/build similarity index 100% rename from examples/bootc-bls/build rename to tmt/tests/examples/bootc-bls/build diff --git a/examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf b/tmt/tests/examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf similarity index 100% rename from examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf rename to tmt/tests/examples/bootc-bls/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf diff --git a/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service b/tmt/tests/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service similarity index 100% rename from examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service rename to tmt/tests/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service diff --git a/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh b/tmt/tests/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh similarity index 100% rename from examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh rename to tmt/tests/examples/bootc-bls/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh diff --git a/examples/bootc-uki/Containerfile.stage1 b/tmt/tests/examples/bootc-uki/Containerfile.stage1 similarity index 100% rename from examples/bootc-uki/Containerfile.stage1 rename to tmt/tests/examples/bootc-uki/Containerfile.stage1 diff --git a/examples/bootc-uki/Containerfile.stage2 b/tmt/tests/examples/bootc-uki/Containerfile.stage2 similarity index 100% rename from examples/bootc-uki/Containerfile.stage2 rename to tmt/tests/examples/bootc-uki/Containerfile.stage2 diff --git a/examples/bootc-uki/build.base b/tmt/tests/examples/bootc-uki/build.base similarity index 100% rename from examples/bootc-uki/build.base rename to tmt/tests/examples/bootc-uki/build.base diff --git a/examples/bootc-uki/build.final b/tmt/tests/examples/bootc-uki/build.final similarity index 100% rename from examples/bootc-uki/build.final rename to tmt/tests/examples/bootc-uki/build.final diff --git a/examples/bootc-uki/build_vars b/tmt/tests/examples/bootc-uki/build_vars similarity index 100% rename from examples/bootc-uki/build_vars rename to tmt/tests/examples/bootc-uki/build_vars diff --git a/examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf b/tmt/tests/examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf similarity index 100% rename from examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf rename to tmt/tests/examples/bootc-uki/extra/usr/lib/dracut/dracut.conf.d/37composefs.conf diff --git a/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service b/tmt/tests/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service similarity index 100% rename from examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service rename to tmt/tests/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup.service diff --git a/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh b/tmt/tests/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh similarity index 100% rename from examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh rename to tmt/tests/examples/bootc-uki/extra/usr/lib/dracut/modules.d/37bootc/module-setup.sh diff --git a/examples/bootc-uki/install-grub.sh b/tmt/tests/examples/bootc-uki/install-grub.sh similarity index 100% rename from examples/bootc-uki/install-grub.sh rename to tmt/tests/examples/bootc-uki/install-grub.sh diff --git a/examples/bootc-uki/install-systemd-boot.sh b/tmt/tests/examples/bootc-uki/install-systemd-boot.sh similarity index 100% rename from examples/bootc-uki/install-systemd-boot.sh rename to tmt/tests/examples/bootc-uki/install-systemd-boot.sh From 52c1755eda81e0a3de61039f53623c8f4d00f003 Mon Sep 17 00:00:00 2001 From: John Eckersberg Date: Wed, 24 Sep 2025 14:27:34 -0400 Subject: [PATCH 07/10] Dockerfile: enable initramfs by default As we progress the composefs work along this is becoming more of a general requirement. I think it still makes sense to leave it as optional for now, but I think for the bulk of the cases we'll want to go ahead and build the initramfs support in. Signed-off-by: John Eckersberg --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3fe6785b8..66f97342f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,8 +39,8 @@ EORUN # bootc binaries in /out. The intention is that the target rootfs is extracted from /out # back into a final stae (without the build deps etc) below. FROM base as build -# Flip this on to enable initramfs code -ARG initramfs=0 +# Flip this off to disable initramfs code +ARG initramfs=1 # This installs our package dependencies, and we want to cache it independently of the rest. # Basically we don't want changing a .rs file to blow out the cache of packages. So we only # copy files necessary From 0d578cf85ea4adb87cb6f0fd8e7e237b0268d292 Mon Sep 17 00:00:00 2001 From: John Eckersberg Date: Wed, 24 Sep 2025 14:30:26 -0400 Subject: [PATCH 08/10] Use ext4 by default when building integration disk image By default bootc will enable fsverity when ext4 is the chosen filesystem, and we need fsverity to do composefs testing. Signed-off-by: John Eckersberg --- tests/build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/build.sh b/tests/build.sh index 642d0601d..ae0d5cd13 100755 --- a/tests/build.sh +++ b/tests/build.sh @@ -45,7 +45,7 @@ DISK=target/bootc-integration-test.qcow2 rm -vf "${DISK}" # testcloud barfs on .raw if test -n "${bcvk}"; then - bcvk to-disk --format=qcow2 --disk-size "${SIZE}" localhost/bootc-integration "${DISK}" + bcvk to-disk --format=qcow2 --disk-size "${SIZE}" --filesystem ext4 localhost/bootc-integration "${DISK}" else TMPDISK=target/bootc-integration-test.raw truncate -s "${SIZE}" "${TMPDISK}" @@ -59,7 +59,7 @@ else -v $(pwd)/target:/target \ localhost/bootc-integration \ bootc install to-disk \ - --filesystem "xfs" \ + --filesystem "ext4" \ --karg=console=ttyS0,115200n8 \ --generic-image \ --via-loopback \ From 15b8e14de8df57badad79162f42a79c1f6d3e33c Mon Sep 17 00:00:00 2001 From: John Eckersberg Date: Wed, 24 Sep 2025 14:32:36 -0400 Subject: [PATCH 09/10] examples: use "system" bootc binaries Since we're running this under tmt, the "system" bootc binaries were built from source and injected into the integration disk image. No need to rebuild these inside of the test job itself. Signed-off-by: John Eckersberg --- tmt/tests/examples/bootc-bls/build | 6 ++---- tmt/tests/examples/bootc-uki/build.base | 6 ++---- tmt/tests/examples/bootc-uki/build.final | 4 +--- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/tmt/tests/examples/bootc-bls/build b/tmt/tests/examples/bootc-bls/build index 817a94e26..38e45edbd 100755 --- a/tmt/tests/examples/bootc-bls/build +++ b/tmt/tests/examples/bootc-bls/build @@ -4,10 +4,8 @@ set -eux cd "${0%/*}" -cargo build --release --bin bootc --bin bootc-initramfs-setup - -cp ../../target/release/bootc . -cp ../../target/release/bootc-initramfs-setup extra/usr/lib/dracut/modules.d/37bootc/ +cp /usr/bin/bootc . +cp /usr/lib/bootc/initramfs-setup extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup mkdir -p tmp diff --git a/tmt/tests/examples/bootc-uki/build.base b/tmt/tests/examples/bootc-uki/build.base index 5479c8134..6978f210a 100755 --- a/tmt/tests/examples/bootc-uki/build.base +++ b/tmt/tests/examples/bootc-uki/build.base @@ -4,10 +4,8 @@ set -eux cd "${0%/*}" -cargo build --release --bin bootc --bin bootc-initramfs-setup - -cp ../../target/release/bootc . -cp ../../target/release/bootc-initramfs-setup extra/usr/lib/dracut/modules.d/37bootc/ +cp /usr/bin/bootc . +cp /usr/lib/bootc/initramfs-setup extra/usr/lib/dracut/modules.d/37bootc/bootc-initramfs-setup mkdir -p tmp diff --git a/tmt/tests/examples/bootc-uki/build.final b/tmt/tests/examples/bootc-uki/build.final index 9f4fb9175..46e9be817 100755 --- a/tmt/tests/examples/bootc-uki/build.final +++ b/tmt/tests/examples/bootc-uki/build.final @@ -4,9 +4,7 @@ set -eux cd "${0%/*}" -cargo build --release --bin bootc - -cp ../../target/release/bootc . +cp /usr/bin/bootc . rm -rf tmp/sysroot mkdir -p tmp/sysroot/composefs From 4e9f167dc9bf071952d156ad941ee06565e9a648 Mon Sep 17 00:00:00 2001 From: John Eckersberg Date: Thu, 25 Sep 2025 16:24:17 -0400 Subject: [PATCH 10/10] tests: skip initramfs if no composefs in cmdline The systemd unit is conditional on this so without it the test will always fail. Signed-off-by: John Eckersberg --- tmt/tests/booted/readonly/051-test-initramfs.nu | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tmt/tests/booted/readonly/051-test-initramfs.nu b/tmt/tests/booted/readonly/051-test-initramfs.nu index 150054eee..0af5f3941 100644 --- a/tmt/tests/booted/readonly/051-test-initramfs.nu +++ b/tmt/tests/booted/readonly/051-test-initramfs.nu @@ -8,6 +8,11 @@ if (not ("/usr/lib/bootc/initramfs-setup" | path exists)) { exit 0 } +if (not (open /proc/cmdline | str contains composefs)) { + print "No composefs in cmdline" + exit 0 +} + journalctl -b -t bootc-root-setup.service --grep=OK tap ok