-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support VanillaOS images #206
base: main
Are you sure you want to change the base?
Conversation
… value 🗑️🗑️🗑️ this patch should be replaced by making os_version optional (at least for some image types)
VanillaOS v1 users have to reinstall to get into VanillaOS v2, since it got refactored, as far as I'm aware. Is there any guarantee that this scenario won't happen again when migrating from v2 to v3? If it does happen, how would we handle those scenarios? |
Yup, I think so too. v1 is built on Ubuntu and ABRoot v1, while v2 (Orchid) is on Debian and ABRoot v2.
No. Actually, I think that there might be a guarantee that this scenario will happen when a hypothetical v3 comes, because the thing about major version upgrades is that they make breaking changes. However, as long as Vanilla stays on a Debian / ABRoot base that is compatible with Orchid, there should be no problems.
Depends on how VanillaOS handles them. But if the build processes are incompatible, I guess we could support both, at least for a while. There's not much else that would be our business to do. |
"Unable to get the OS version from the labels" | ||
) | ||
})?; | ||
let os_version = inspection.get_version().unwrap_or(0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's leave this function alone and instead call a different function for whatever the vanilla template needs. We want to try to keep the fedora templates and the vanilla templates separate as possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree. I just did it like this because I couldn't figure out any easier way to fix this error. We should have some way to detect and declare what the base image is, and call different functions based on that, and remove the hard requirement for os_version
in the tagging system, etc.
{% macro stage_modules_run(modules_ext, os_version) %} | ||
|
||
|
||
{% macro ostree_modules_run(modules_ext, os_version) %} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The original module macros here should remain unchanged. I would suggest making a new module macro for the vanilla OS.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I split this to generic / ostree macros, because only rpm-ostree module calls require the things added by the ostree macro, VanillaOS, stages, etc., do not and probably never will require anything like ostree container commit
. If there is some sort of integration needed like the we have with the akmods
module, it would be trivial to split generic
into generic
and vanilla
and switch the vanilla template to use the new macro.
I'm envisioning that we'd also ship a generic
base image type, which would not add any OS-specific things to the Containerfile, and could thus be usable for basically any operating system that supports OCI images as a distribution mechanism (without extra work from us, but with extra work from the custom image maintainer).
I tried to solve the FsGuard / integrity check error by generating the FsGuard filelist for |
That's not gonna happen. |
I just removed all the custom changes from my BlueBuild-generated custom image, built, pushed, and updated, and still got hit with the FsGuard issue. Just to make sure, I also built the Vib custom image template locally, pushed to the same image with a different tag, and rebased to that, and as expected there was no FsGuard pop-up. The BlueBuild-generated Containerfile has basically the exact same lines for FsGuard as the Vib-generated one. The issue is probably with some of the "boilerplate" in the image, so then next step I guess is to slowly remove that until it starts working... |
Those previous two |
FsGuard only checks for the binaries listed in its hash table. If any of the file hashes changes, FsGuard will complain. FsGuard generation should always happen as the final step of the build process, nothing else should happen before that since may introduce changes. |
The current Containerfile generated by this PR runs FsGuard second to last, and after that I've been doing some local changes to the Containerfile to test out different things:
This indicates an error with the FsGuard line in the Containerfile. I took a closer look at the vib-fsguard plugin.go. It seems that I did not realize that some parts of the build don't happen in the Containerfile, since I wasn't that familiar with the inner workings of Vib. I had realized I had to download And that was it! It works now. Now onto the other (more Rust-y) challenges. ...or so I thought. Ha, silly me. I still got the FsGuard error. Time to continue plugging at it until something makes sense. |
Ok. Last time I was in a rush, so I made an oopsie. I used the ie., it actually works now! 🎉 |
…mplate struct (currently switches to using the vanilla template struct only, need to add ability for user to specify struct)
… key this key name is temporary and shall be changed with recipe v2
First successful CI build: https://github.com/xynydev/vanillin/actions/runs/10282268597
|
Other issues:
|
Near-term TODO for me:
|
I have successfully used a CLI installed with these modifications to build an image and publish it on
ghcr.io/xynydev/vanillin
. I have switched to using the image in my VanillaOS VM and am currently faced with this error:However, it was possible to ignore the error and try to log in, which froze the system, though the systemd unit for
default-flatpaks
ran...Unsolved:
ostree
andvanilla
templatesorg.opencontainers.image.version
and not even really having versions in the same way as Fedoraabroot.json
, in thesigning
module or the CLI templatesigning
module that everyone always uses, or should we "upstream" that into CLILinks: