main: check if local storage is mounted when --local flag is used (HMS-3792)

README.md

@@ -40,19 +40,20 @@ sudo podman run \
     --security-opt label=type:unconfined_t \
     -v $(pwd)/config.json:/config.json \
     -v $(pwd)/output:/output \
+    -v /var/lib/containers/storage:/var/lib/containers/storage \
     quay.io/centos-bootc/bootc-image-builder:latest \
     --type qcow2 \
     --config /config.json \
     quay.io/centos-bootc/fedora-bootc:eln
 ```
 
-### Using local containers
+NOTE: local storage is being used by default. If the `--local` flag is not provided, as in the above example,
+the latest image will be pulled into the local storage.
 
-To use containers from local container's storage rather than a registry, we need to ensure two things:
-- the container exists in local storage
-- mount the local container storage
+### Using local containers
 
-Since the container is run in `rootful` only root container storage paths are allowed.
+To skip pulling an image into local storage and use an existing container image, the `--local` flag can be used,
+as below:
 
 ```bash
 sudo podman run \
@@ -63,16 +64,13 @@ sudo podman run \
     --security-opt label=type:unconfined_t \
     -v $(pwd)/config.json:/config.json \
     -v $(pwd)/output:/output \
-    -v /var/lib/containers/storage:/var/lib/containers/storage \
     quay.io/centos-bootc/bootc-image-builder:latest \
     --type qcow2 \
     --config /config.json \
     --local \
     localhost/bootc:eln
 ```
 
-When using the --local flag, we need to mount the storage path as a volume. With this enabled, it is assumed that the target container is in the container storage.
-
 ### Running the resulting QCOW2 file on Linux (x86_64)
 
 A virtual machine can be launched using `qemu-system-x86_64` or with `virt-install` as shown below.

bib/cmd/bootc-image-builder/image.go

@@ -40,7 +40,7 @@ type ManifestConfig struct {
 	// TLSVerify specifies whether HTTPS and a valid TLS certificate are required
 	TLSVerify bool
 
-	// Use a local container from the host rather than a repository
+	// Use a local container image from the host storage rather than a repository
 	Local bool
 }
 

bib/cmd/bootc-image-builder/main.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 
 	"github.com/osbuild/bootc-image-builder/bib/internal/setup"
+	"github.com/osbuild/bootc-image-builder/bib/internal/util"
 	"github.com/osbuild/images/pkg/arch"
 	"github.com/osbuild/images/pkg/blueprint"
 	"github.com/osbuild/images/pkg/cloud/awscloud"
@@ -29,9 +30,10 @@ import (
 var reposStr string
 
 const (
-	distroName       = "fedora-39"
-	modulePlatformID = "platform:f39"
-	releaseVersion   = "39"
+	distroName            = "fedora-39"
+	modulePlatformID      = "platform:f39"
+	releaseVersion        = "39"
+	containersStoragePath = "/var/lib/containers/storage"
 )
 
 type BuildConfig struct {
@@ -102,6 +104,12 @@ func loadConfig(path string) (*BuildConfig, error) {
 }
 
 func makeManifest(c *ManifestConfig, cacheRoot string) (manifest.OSBuildManifest, error) {
+	// if "/var/lib/containers/storage" hasn't been mounted and the `--local` flag has been provided,
+	// we should return an error. If it's not mounted, it can cause some undefined behaviour.
+	if c.Local && !util.IsMountpoint(containersStoragePath) {
+		return nil, fmt.Errorf("%s has not been mounted, but `--local` flag has been used", containersStoragePath)
+	}
+
 	// If --local wasn't given, always pull the container.
 	// If the user mount a container storage inside bib (without --local), the code will try to pull
 	// a newer version of the container even if an older one is already present. This doesn't match