diff --git a/README.md b/README.md index 9340036b..77c64aa5 100644 --- a/README.md +++ b/README.md @@ -40,19 +40,20 @@ sudo podman run \ --security-opt label=type:unconfined_t \ -v $(pwd)/config.json:/config.json \ -v $(pwd)/output:/output \ + -v /var/lib/containers/storage:/var/lib/containers/storage \ quay.io/centos-bootc/bootc-image-builder:latest \ --type qcow2 \ --config /config.json \ quay.io/centos-bootc/fedora-bootc:eln ``` -### Using local containers +NOTE: local storage is being used by default. If the `--local` flag is not provided, as in the above example, +the latest image will be pulled into the local storage. -To use containers from local container's storage rather than a registry, we need to ensure two things: -- the container exists in local storage -- mount the local container storage +### Using local containers -Since the container is run in `rootful` only root container storage paths are allowed. +To skip pulling an image into local storage and use an existing container image, the `--local` flag can be used, +as below: ```bash sudo podman run \ @@ -63,7 +64,6 @@ sudo podman run \ --security-opt label=type:unconfined_t \ -v $(pwd)/config.json:/config.json \ -v $(pwd)/output:/output \ - -v /var/lib/containers/storage:/var/lib/containers/storage \ quay.io/centos-bootc/bootc-image-builder:latest \ --type qcow2 \ --config /config.json \ @@ -71,8 +71,6 @@ sudo podman run \ localhost/bootc:eln ``` -When using the --local flag, we need to mount the storage path as a volume. With this enabled, it is assumed that the target container is in the container storage. - ### Running the resulting QCOW2 file on Linux (x86_64) A virtual machine can be launched using `qemu-system-x86_64` or with `virt-install` as shown below. diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go index 0c84f567..74ef59da 100644 --- a/bib/cmd/bootc-image-builder/image.go +++ b/bib/cmd/bootc-image-builder/image.go @@ -40,7 +40,7 @@ type ManifestConfig struct { // TLSVerify specifies whether HTTPS and a valid TLS certificate are required TLSVerify bool - // Use a local container from the host rather than a repository + // Use a local container image from the host storage rather than a repository Local bool } diff --git a/bib/cmd/bootc-image-builder/main.go b/bib/cmd/bootc-image-builder/main.go index 39b8259d..87de5248 100644 --- a/bib/cmd/bootc-image-builder/main.go +++ b/bib/cmd/bootc-image-builder/main.go @@ -12,6 +12,7 @@ import ( "strings" "github.com/osbuild/bootc-image-builder/bib/internal/setup" + "github.com/osbuild/bootc-image-builder/bib/internal/util" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/cloud/awscloud" @@ -29,9 +30,10 @@ import ( var reposStr string const ( - distroName = "fedora-39" - modulePlatformID = "platform:f39" - releaseVersion = "39" + distroName = "fedora-39" + modulePlatformID = "platform:f39" + releaseVersion = "39" + containersStoragePath = "/var/lib/containers/storage" ) type BuildConfig struct { @@ -102,6 +104,12 @@ func loadConfig(path string) (*BuildConfig, error) { } func makeManifest(c *ManifestConfig, cacheRoot string) (manifest.OSBuildManifest, error) { + // if "/var/lib/containers/storage" hasn't been mounted and the `--local` flag has been provided, + // we should return an error. If it's not mounted, it can cause some undefined behaviour. + if c.Local && !util.IsMountpoint(containersStoragePath) { + return nil, fmt.Errorf("%s has not been mounted, but `--local` flag has been used", containersStoragePath) + } + // If --local wasn't given, always pull the container. // If the user mount a container storage inside bib (without --local), the code will try to pull // a newer version of the container even if an older one is already present. This doesn't match