Skip to content
This repository has been archived by the owner on May 24, 2024. It is now read-only.

tier-0: enable kernel-install cliwrap #377

Closed
wants to merge 1 commit into from
Closed

tier-0: enable kernel-install cliwrap #377

wants to merge 1 commit into from

Conversation

jlebon
Copy link
Contributor

@jlebon jlebon commented Feb 29, 2024

Until the native kernel-install is OSTree and container aware[1], we need to have a custom kernel-install for kernel replacements to work in a derived build.

This will make it so that users don't have to first install the wrappers themselves in their Containerfiles[2].

The caveat with this is that if anywhere in the derivation, systemd is updated, the update will retake ownership of /usr/bin/kernel-install, which means that a further kernel replacement down the derivation chain would hit issues. We can document that. This still seems worth the UX improvement in the common case.

@jlebon
tier-0: enable kernel-install cliwrap
224ae97 
Until the native kernel-install is OSTree and container aware[[1]], we
need to have a custom `kernel-install` for kernel replacements to work
in a derived build.

This will make it so that users don't have to first install the wrappers
themselves in their Containerfiles[[2]].

The caveat with this is that if anywhere in the derivation, systemd is
updated, the update will retake ownership of `/usr/bin/kernel-install`,
which means that a further kernel replacement down the derivation chain
would hit issues. We can document that. This still seems worth the UX
improvement in the common case.

[1]: coreos/rpm-ostree#4726
[2]: https://github.com/coreos/layering-examples/blob/9329023b/replace-kernel/Containerfile#L4
@jlebon
Copy link
Contributor Author

jlebon commented Feb 29, 2024

Came out of discussions in coreos/fedora-coreos-config#2887.

jlebon added a commit to jlebon/fedora-coreos-config that referenced this pull request Feb 29, 2024
@jlebon
cliwrap: only wrap dnf and kernel-install
9968717 
All we really want to cliwrap is `dnf` so that a `dnf install ...` will
work. Again, as mentioned in the commit that introduced this, ideally we
can actually ship dnf itself once it's ready and then we can back this
out.

Also wrap `kernel-install` for now to make kernel replacements smoother
until we can get it to work seamlessly (this matches [[1]]).

[1]: CentOS/centos-bootc#377
This was referenced Feb 29, 2024
Closed
Open
@cgwalters
Copy link
Member

I think this makes sense, but it would also mean we can't do #314

@jlebon
Copy link
Contributor Author

jlebon commented Mar 4, 2024

But note we basically need this cliwrap today for kernel replacements to work. This PR is just moving it from Containerfile-time to compose-time to make the UX a little less awkward. IOW, if we want kernel replacements to keep working, then we have to gate #314 on coreos/rpm-ostree#4726.

@jlebon
Copy link
Contributor Author

jlebon commented Mar 4, 2024

IOW, if we want kernel replacements to keep working, then we have to gate #314 on coreos/rpm-ostree#4726.

Well, that's not quite true. You could probably still technically replace the kernel in a base image without rpm-ostree by doing e.g.

RUN dnf install -y rpm-ostree && rpm-ostree cliwrap install-to-root /
RUN dnf install -y kernel.rpm
RUN dnf remove -y rpm-ostree

Though it would leak the wrappers into the image.

Anyway, this is all just trying to make the short-term better. Cool to just stick with the status quo until we have the proper fix. Mostly did it to match the proposal in coreos/fedora-coreos-config#2887.

@jlebon jlebon closed this Mar 14, 2024
@shi2wei3
Copy link
Collaborator

I failed to install a new kernel on bootc image with dnf install -y kernel.rpm, does the only way to install a new kernel is through rpm-ostree override replace?

STEP 3/5: COPY kernel /kernel
--> Using cache e350b8b4c6f90537e928f2b12a3d761a13adf27f06195f78decbdc08ea141160
--> e350b8b4c6f9
STEP 4/5: RUN rpm-ostree cliwrap install-to-root /
Successfully enabled cliwrap for /
--> edda3320a3a4
STEP 5/5: RUN dnf install -y /kernel/kernel-*
Note: This system is image (rpm-ostree) based.
...
...
...
Resolving dependencies...done
error: Could not depsolve transaction; 4 problems detected:
 Problem 1: cannot install both kernel-core-5.14.0-443.el9.x86_64 from @commandline and kernel-core-5.14.0-427.13.1.el9_4.x86_64 from @System
  - conflicting requests
 Problem 2: cannot install both kernel-modules-core-5.14.0-443.el9.x86_64 from @commandline and kernel-modules-core-5.14.0-427.13.1.el9_4.x86_64 from @System
  - conflicting requests
 Problem 3: cannot install both kernel-modules-5.14.0-443.el9.x86_64 from @commandline and kernel-modules-5.14.0-427.13.1.el9_4.x86_64 from @System
  - conflicting requests
 Problem 4: cannot install both kernel-5.14.0-443.el9.x86_64 from @commandline and kernel-5.14.0-427.13.1.el9_4.x86_64 from @System
  - conflicting requests
Error: building at STEP "RUN dnf install -y /kernel/kernel-*": while running runtime: exit status 1

@jlebon jlebon mentioned this pull request May 7, 2024
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jlebon @cgwalters @shi2wei3