prepare-root: Introduce ostree/prepare-root.conf && sysroot.readonly improvements #2930
Conversation
|
Skipping CI for Draft Pull Request. |
cgwalters
force-pushed
the
prepare-root-config3
branch
2 times, most recently
from
ad3d7cb
to
5da297b
Compare
|
/test all |
|
Discussion on this is saying that we also need the readonly sysroot stuff in the initramfs, which is an argument for a config file. |
|
Leaning towards an |
cgwalters
force-pushed
the
prepare-root-config3
branch
from
5da297b
to
cf7a358
Compare
|
Split out prep work into #2935 - this one will morph into more configuration work. |
cgwalters
force-pushed
the
prepare-root-config3
branch
from
cf7a358
to
42ed1bf
Compare
cgwalters
changed the title
OSTREE_COMPOSEFS
cgwalters
force-pushed
the
prepare-root-config3
branch
from
42ed1bf
to
93a4fcc
Compare
|
OK I've reworked this PR a bit to not (yet) be about configuring composefs via keyfile, but instead just the preparatory work around correctly handling |
Using the repository configuration for configuration of this program was always a bit hacky. But actually with composefs, we really must validate the target root *before* we parse anything in it. Let's add a config file for `ostree-prepare-root` that can live in the initramfs, which will already have been verified. In the future we'll also add configuration for composefs here. We expect OS builders to drop this in `/usr/lib/ostree/prepare-root.conf`, but system local configuration can live in `/etc`.
Not because it's logically required or anything, but because it's just a good idea.
We shouldn't load anything from the target root filesystem *before* verifying its integrity if composefs is enabled. In effect, we want to force composefs users to migrate to `/usr/lib/ostree/prepare-root.conf` which lives in the initramfs. (But because we enable sysroot.readonly=true if composefs is enabled too, they don't actually need to)
cgwalters
force-pushed
the
prepare-root-config3
branch
from
93a4fcc
to
3465626
Compare
|
Rebased 🏄 for textual (not semantic) merge conflict. |
| // Encourage porting to the new config file | ||
| if (sysroot_readonly) | ||
| g_print ("Found legacy sysroot.readonly flag, not configured in %s\n", | ||
| PREPARE_ROOT_CONFIG_PATH); |
There was a problem hiding this comment.
Note: The fedora readonly migration service will enable this and trigger this warning.
There was a problem hiding this comment.
Yeah, we will need to have a long period of migrating things to the new API. It doesn't actually contain the string "warning".
The explanation of sysroot.readonly is a little confusing - we say that "everything else is mounted read-only" but it's perhaps clearer to say /sysroot is mounted read-only. Also note that read-only is the default with composefs. Finally, document the option in ostree.repo-config even though it is now considered legacy - as of commit 22b8e4f (ostreedev#2930) - it is still commonly seen in repo configs, so users will look to understand what it means.
prepare-root: Introduce
ostree/prepare-root.confUsing the repository configuration for configuration of this
program was always a bit hacky.
But actually with composefs, we really must validate
the target root before we parse anything in it.
Let's add a config file for
ostree-prepare-rootthat can livein the initramfs, which will already have been verified.
In the future we'll also add configuration for composefs here.
We expect OS builders to drop this in
/usr/lib/ostree/prepare-root.conf,but system local configuration can live in
/etc.prepare-root: Default sysroot.readonly=true if composefs
Not because it's logically required or anything, but because
it's just a good idea.
prepare-root: Don't parse target root when composefs enabled
We shouldn't load anything from the target root filesystem before
verifying its integrity if composefs is enabled.
In effect, we want to force composefs users to migrate to
/usr/lib/ostree/prepare-root.confwhich lives in the initramfs.(But because we enable sysroot.readonly=true if composefs is enabled
too, they don't actually need to)