From d43e995bc9dc45b557ad6539ab5cc1a27b1a5afe Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 14 Oct 2023 17:51:42 -0400 Subject: [PATCH] install: Drop default config Let's require the OS/distro to inject the defaults they want. Signed-off-by: Colin Walters --- Makefile | 2 +- docs/install.md | 21 +++++++++++++++++++-- lib/src/install.rs | 11 ++++++++--- lib/src/install/00-defaults.toml | 3 --- lib/src/privtests.rs | 2 +- tests/kolainst/install | 4 ++-- 6 files changed, 31 insertions(+), 12 deletions(-) delete mode 100644 lib/src/install/00-defaults.toml diff --git a/Makefile b/Makefile index c77f2d5cb..d307f4a3e 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ all-test: install: install -D -m 0755 -t $(DESTDIR)$(prefix)/bin target/release/bootc - install -D -m 0644 -t $(DESTDIR)$(prefix)/lib/bootc/install lib/src/install/*.toml + install -d $(DESTDIR)$(prefix)/lib/bootc/install if test -d man; then install -D -m 0644 -t $(DESTDIR)$(prefix)/share/man/man8 man/*.8; fi bin-archive: all diff --git a/docs/install.md b/docs/install.md index c168e4776..c51b29723 100644 --- a/docs/install.md +++ b/docs/install.md @@ -43,7 +43,7 @@ other options. Here's an example: ``` -$ podman run --privileged --pid=host --net=none --security-opt label=type:unconfined_t ghcr.io/cgwalters/c9s-oscore bootc install --target-no-signature-verification /path/to/disk +$ podman run --privileged --pid=host --net=none --security-opt label=type:unconfined_t bootc install --target-no-signature-verification /path/to/disk ``` Note that while `--privileged` is used, this command will not @@ -58,6 +58,23 @@ an installation by default is not fetching anything else external from the network - the content to be installed *is the running container image content*. +### Operating system install configuration required + +The container image must define its default install configuration. For example, +create `/usr/lib/bootc/install/00-exampleos.toml` with the contents: + +``` +[install] +root-fs-type = "xfs" +``` + +At the current time, `root-fs-type` is the only available configuration option, and it must be set. + +Configuration files found in this directory will be merged, with higher alphanumeric values +taking precedence. If for example you are building a derived container image from the above OS, +you coudl create a `50-myos.toml` that sets `root-fs-type = "btrfs"` which will override the +prior setting. + ### Note: Today `bootc install` has a host requirement on `skopeo` The one exception to host requirements today is that the host must @@ -110,7 +127,7 @@ The `AuthorizedKeysFile` invocation below then configures sshd to look for keys in this location. ``` -FROM ghcr.io/cgwalters/c9s-oscore +FROM RUN mkdir -p /usr/etc-system/ && \ echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf && \ echo 'ssh-ed25519 AAAAC3Nza... root@example.com' > /usr/etc-system/root.keys && chmod 0600 /usr/etc-system/keys && \ diff --git a/lib/src/install.rs b/lib/src/install.rs index 9b2044f57..f3c5c9225 100644 --- a/lib/src/install.rs +++ b/lib/src/install.rs @@ -403,15 +403,20 @@ pub(crate) mod config { config = c.install; } } - config.ok_or_else(|| anyhow::anyhow!("Failed to find any installation config files")) + config.ok_or_else(|| anyhow::anyhow!("No bootc/install config found; this operating system must define a default configuration to be installable")) } #[test] /// Verify that we can parse our default config file fn test_parse_config() { use super::baseline::Filesystem; - let buf = include_str!("install/00-defaults.toml"); - let c: InstallConfigurationToplevel = toml::from_str(buf).unwrap(); + + let c: InstallConfigurationToplevel = toml::from_str( + r##"[install] +root-fs-type = "xfs" +"##, + ) + .unwrap(); let mut install = c.install.unwrap(); assert_eq!(install.root_fs_type.unwrap(), Filesystem::Xfs); let other = InstallConfigurationToplevel { diff --git a/lib/src/install/00-defaults.toml b/lib/src/install/00-defaults.toml deleted file mode 100644 index 900df0e1e..000000000 --- a/lib/src/install/00-defaults.toml +++ /dev/null @@ -1,3 +0,0 @@ -# The default configuration for installations. -[install] -root-fs-type = "xfs" diff --git a/lib/src/privtests.rs b/lib/src/privtests.rs index ea541d2ea..78b893749 100644 --- a/lib/src/privtests.rs +++ b/lib/src/privtests.rs @@ -153,7 +153,7 @@ fn test_install_filesystem(image: &str, blockdev: &Utf8Path) -> Result<()> { let mountpoint: &Utf8Path = mountpoint_dir.path().try_into().unwrap(); // And run the install - cmd!(sh, "podman run --rm --privileged --pid=host --net=none --env=RUST_LOG -v /usr/bin/bootc:/usr/bin/bootc -v /usr/lib/bootc:/usr/lib/bootc -v {mountpoint}:/target-root {image} bootc install-to-filesystem /target-root").run()?; + cmd!(sh, "podman run --rm --privileged --pid=host --net=none --env=RUST_LOG -v /usr/bin/bootc:/usr/bin/bootc -v {mountpoint}:/target-root {image} bootc install-to-filesystem /target-root").run()?; cmd!(sh, "umount -R {mountpoint}").run()?; diff --git a/tests/kolainst/install b/tests/kolainst/install index 55a7a6b13..4d28f0d47 100755 --- a/tests/kolainst/install +++ b/tests/kolainst/install @@ -11,7 +11,7 @@ set -xeuo pipefail # See https://github.com/cgwalters/bootc-base-images -IMAGE=ghcr.io/cgwalters/fedora-oscore:latest +IMAGE=registry.gitlab.com/centos/cloud/sagano/fedora-boot-tier-0:38 # TODO: better detect this, e.g. look for an empty device DEV=/dev/vda @@ -20,7 +20,7 @@ cd $(mktemp -d) case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") - podman run --rm -ti --privileged --pid=host --net=none -v /usr/bin/bootc:/usr/bin/bootc -v /usr/lib/bootc:/usr/lib/bootc ${IMAGE} bootc install --karg=foo=bar ${DEV} + podman run --rm -ti --privileged --pid=host --net=none -v /usr/bin/bootc:/usr/bin/bootc ${IMAGE} bootc install --karg=foo=bar ${DEV} # In theory we could e.g. wipe the bootloader setup on the primary disk, then reboot; # but for now let's just sanity test that the install command executes. lsblk ${DEV}