install: add --source-imgref #263
Conversation
ondrejbudai
force-pushed
the
source-arg
branch
4 times, most recently
from
c96d517
to
276c68a
Compare
| @@ -197,7 +197,7 @@ pub(crate) fn find_parent_devices(device: &str) -> Result<Vec<String>> { | |||
| let kind = dev | |||
| .get("TYPE") | |||
| .with_context(|| format!("device in hierarchy of {device} missing TYPE"))?; | |||
| if kind == "disk" { | |||
| if kind == "disk" || kind == "loop" { | |||
There was a problem hiding this comment.
Ah yes. It would probably make sense to try to use a shared crate for dealing with block devices at some point.
lib/src/skopeo.rs
Outdated
| } | ||
|
|
||
| /// Given an image ID, return its manifest digest | ||
| pub(crate) fn oci_archive_digest(imageref: &str) -> Result<String> { |
There was a problem hiding this comment.
This isn't specific to oci archives right? If we want it to be, let's make this a &Utf8Path, and then explicitly specify dir: below say.
If we want to keep it general...we also already use https://docs.rs/containers-image-proxy/latest/containers_image_proxy/ which is a handy Rust client for talking to skopeo, but I don't really in the end have a problem with being practical and just forking it either.
There was a problem hiding this comment.
(Forgot to mention, see below where we could also probably drop this code)
There was a problem hiding this comment.
Dropped (see below).
| } else { | ||
| let td = tempfile::tempdir_in("/var/tmp")?; | ||
| let path: &Utf8Path = td.path().try_into().unwrap(); | ||
| let r = copy_to_oci(&state.source.imageref, path)?; |
There was a problem hiding this comment.
(Unrelated to this change, but I would probably be fine just hard dropping this hacky "copy to oci" code that I don't think we need anymore since c9s has a new enough skopeo and that's fine from my PoV)
Totally optional of course...just reminded by the seeing the code again here. If you want I can also do a prep PR removing it (or feel free to yourself), it seems like it would simplify this change.
There was a problem hiding this comment.
Ended up doing this in #265 - but I still don't have a really strong opinion - we can merge this before that one if you prefer too.
lib/src/install.rs
Outdated
|
|
||
| #[context("Gathering source info from an external source")] | ||
| pub(crate) fn from_imageref(imageref: &str) -> Result<Self> { | ||
| let digest = crate::skopeo::oci_archive_digest(imageref)?; |
There was a problem hiding this comment.
Today, the ostree-container stack very much handles just being passed a non-digested pull spec; we'll do the digest resolution there. An alternative here is to make digest an Option<T> instead. I have a mild preference for this, but I'm also fine with the code as is.
There was a problem hiding this comment.
I hope I understood your comment correctly. I made digest an Option<T>. This loses a bit of "null-safety" (handled gracefully, ofc), but it allowed me to drop the whole skopeo crate. I have a backup of the old code if we change our midns.
Let's just hard require a skopeo that can fetch from `containers-storage`. Motivated by containers#263 which was moving this code around. Signed-off-by: Colin Walters <[email protected]>
lsblk returns TYPE == loop for loop devices, modify the code so loop devices are correctly recognized. Signed-off-by: Ondřej Budai <[email protected]>
ondrejbudai
force-pushed
the
source-arg
branch
from
276c68a
to
e63c3b1
Compare
github-actions
bot
added
the
documentation
This is a prep work for the following commit. It will implement pulling the container image from an explicitly given container reference. Thus, there's no need to always fetch the digest because the caller is being explicit about the container image, so let's make the field optional. Signed-off-by: Ondřej Budai <[email protected]>
ondrejbudai
force-pushed
the
source-arg
branch
from
e63c3b1
to
5e4c639
Compare
I renamed |
lib/src/install.rs
Outdated
| /// it takes the container image to install from the podman's container registry. | ||
| /// If --source-imgref is given, bootc uses it as the installation source, instead of the behaviour explained | ||
| /// in the previous paragraph. See skopeo(1) for accepted formats. | ||
| #[clap(long, hide = true)] |
There was a problem hiding this comment.
But documenting seems to clash with hide = true. Either it's something we support ~forever or it's a hidden thing that could be removed in theory. I guess given the state, we should probably lift hide = true right?
There was a problem hiding this comment.
I removed hide = true.
ondrejbudai
force-pushed
the
source-arg
branch
from
5e4c639
to
1db3040
Compare
bootc install and install-to-filesystem currently rely on the fact that they run inside a podman container. That's quite inconvenient for using bootc for osbuild, because osbuild already run everything in a container. While having a container in a container is surely possible, it gets quite messy. Instead of going this route, this commit implements a new --source-imgref argument. --source-imgref accepts a container image reference (the same one that skopeo uses). When --source-imgref is used, bootc doesn't escape the container to fetch the container image from host's container storage. Instead, the container image given by --source-imgref is used. Even when running in this mode, bootc needs to run in a container created from the same container image that is passed using --source-imgref. However, this isn't a problem to do in osbuild. This really just removes the need for bootc to escape the container to the host mount namespace. Signed-off-by: Ondřej Budai <[email protected]>
ondrejbudai
force-pushed
the
source-arg
branch
from
1db3040
to
7c3ed0b
Compare
Let's just hard require a skopeo that can fetch from `containers-storage`. Motivated by containers#263 which was moving this code around. Signed-off-by: Colin Walters <[email protected]>
Let's just hard require a skopeo that can fetch from `containers-storage`. Motivated by containers#263 which was moving this code around. Signed-off-by: Colin Walters <[email protected]>
blockdev: fix recognizing parent loop devices
lsblk returns TYPE == loop for loop devices, modify the code
so loop devices are correctly recognized.
install: make the source digest optional
This is a prep work for the following commit. It will implement pulling
the container image from an explicitly given container reference. Thus,
there's no need to always fetch the digest because the caller is being
explicit about the container image, so let's make the field optional.
install: add --source-imgref
bootc install and install-to-filesystem currently rely on the fact that they
run inside a podman container. That's quite inconvenient for using bootc
for osbuild, because osbuild already run everything in a container.
While having a container in a container is surely possible, it gets quite
messy.
Instead of going this route, this commit implements a new --source-imgref
argument. --source-imgref accepts a container image reference (the same one
that skopeo uses). When --source-imgref is used, bootc doesn't escape the
container to fetch the container image from host's container storage. Instead,
the container image given by --source-imgref is used.
Even when running in this mode, bootc needs to run in a container created from
the same container image that is passed using --source-imgref. However, this
isn't a problem to do in osbuild. This really just removes the need for bootc
to escape the container to the host mount namespace.