Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install config verity prep #1068

Merged
merged 7 commits into from
Feb 3, 2025
Merged

Install config verity prep #1068

merged 7 commits into from
Feb 3, 2025

Conversation

cgwalters
Copy link
Collaborator

Prep for #935

@github-actions github-actions bot added the area/install Issues related to `bootc install` label Feb 1, 2025
@cgwalters cgwalters force-pushed the install-config-verity-prep branch 4 times, most recently from f684da3 to b067d67 Compare February 2, 2025 22:32
@cgwalters
build: Handle dnf5 in Fedora
292d9e1 
Signed-off-by: Colin Walters <[email protected]>
@cgwalters
Improve parsing of ostree prepare-root config
2b175ad 
Prep for further work.

Signed-off-by: Colin Walters <[email protected]>
@cgwalters
install: Parse and load the prepare-root config
a2a5a7c 
Prep for using this to determine fsverity.

Signed-off-by: Colin Walters <[email protected]>
@cgwalters
build-sys: Rework vendoring for source archive
58fa21e 
In preparation for vendoring composefs-rs from git.
Basically before, things work fine when we're just vendoring
from crates.io, but fall over when we add a git dependency.
The Fedora `cargo_prep` macro writes a hardcoded `.cargo/config.toml`
which only has a replacement for `crates.io`, but we need
the generated replacement for git too which is output by
`cargo vendor-filterer` - which previously we were
discarding.

This was surprisingly difficult!

- Capture the output of `vendor-filterer`
- Work around a bug where it puts a broken `directory` path in
  the generated TOML
- Insert that as a new `vendor-config.toml` in our source
- Do use `cargo_prep` to init the RPM config in the spec,
  but re-inject our vendor config appended to that one.

Signed-off-by: Colin Walters <[email protected]>
@cgwalters
packit: Disable rhel-9 until 9.6
1208f4d 
We require a newer Rust. TODO re-enable post 9.6

Signed-off-by: Colin Walters <[email protected]>
@cgwalters
tree: Cleanup and bump rust-version to 1.82
c947f0a 
To match composefs-rs.

Signed-off-by: Colin Walters <[email protected]>
@cgwalters
lib: Depend on composefs-rs
cca41fb 
And expose some fsverity helpers. This is just to get the
ball rolling on integration.

Signed-off-by: Colin Walters <[email protected]>
@cgwalters cgwalters force-pushed the install-config-verity-prep branch from b067d67 to cca41fb Compare February 3, 2025 14:10
@cgwalters
Copy link
Collaborator Author

Man, this has been a crazy chain of things I hit. The vendoring thing was surprisingly complicated. But OK, now the latest thing is that composefs-rs's MSRV is newer than what's in RHEL9.5 (not C9S, so we know we're good for 9.6+).

jmarrero
jmarrero approved these changes Feb 3, 2025
View reviewed changes
Copy link
Member

@jmarrero jmarrero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@cgwalters cgwalters merged commit 63f49d3 into containers:main Feb 3, 2025
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmarrero jmarrero jmarrero approved these changes

Assignees
No one assigned
Labels
area/install Issues related to `bootc install`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cgwalters @jmarrero