bootc icon indicating copy to clipboard operation
bootc copied to clipboard
verified publisher icon containers

Composefs backend

Open Johan-Liebert1 opened this issue 8 months ago • 3 comments

A rough draft for installing and booting using composefs-rs. Current only works for install to-disk via bootc install to-disk --composefs [options]

Issues:

  1. Issue with transport type continers-storage, viz, #117. Needs some ironing out.
  2. Bootc images need rebuilding with composfs-rs components, namely composfs-setup-root

I have a few logs being logged as warning, just for visibility. Will remove them when it's ready. Same with composefs-rs patch in cargo.toml

Johan-Liebert1 avatar May 13 '25 07:05 Johan-Liebert1

bootc install to-disk --composefs

The branding here is a bit confusing because of course, bootc already uses composefs. Just the https://github.com/composefs/composefs/ version, and that is "indirectly" via ostree.

Bigger picture I think what we're trying to aim for here primarily is "sealed" images right? In that case then, one thing I think would make sense is that we don't even have an option to install - we determine what to do by inspecting the container.

It does of course make sense to eventually support unsealed images this way too...which will be extremely important for eventually migrating existing ostree systems. There's an enormous set of details there though.

So my proposal in a nutshell:

  • Let's call it "composefs native" storage or so (the branding here is again hard, open to other ideas)
  • Default to (i.e. require) composefs-native storage if we detect the image is a sealed UKI.
  • Make the opt-in flag called like --composefs-native or so for unsealed cases. That said, it could also make sense to add some sort of flag to the container image to do this instead; because I think most people who want to do this will always want to do it. It's basically similar to what we have with kernel arguments; they can be either baked into the container or applied out of band, and in the general case we need both.

cgwalters avatar May 13 '25 13:05 cgwalters

Let's call it "composefs native" storage or so (the branding here is again hard, open to other ideas)

I think this works. Or we could have --composefs-native-experimental or something?

Default to (i.e. require) composefs-native storage if we detect the image is a sealed UKI.

Curious about this. Is there a reason we'd want composfs native storage in this case?

Johan-Liebert1 avatar May 15 '25 04:05 Johan-Liebert1

Curious about this. Is there a reason we'd want composfs native storage in this case?

Isn't the whole idea that we're aiming for the sealed case?

cgwalters avatar May 15 '25 13:05 cgwalters

I'll be getting back to this PR next Monday. Been working on a separate issue this week...

Johan-Liebert1 avatar Jun 05 '25 08:06 Johan-Liebert1

We had a live chat about this and decided to make a branch in this repo for it so multiple people can collaborate!

cgwalters avatar Jul 21 '25 12:07 cgwalters

Created in https://github.com/bootc-dev/bootc/tree/composefs-backend I have also sent an invite to @Johan-Liebert1 to have write access to the repository.

(That said we still need to convert to e.g. https://clowarden.io/ )

cgwalters avatar Jul 21 '25 12:07 cgwalters

Two things:

  • @Johan-Liebert1 where are we on this PR vs the branch on main https://github.com/bootc-dev/bootc/pull/1444 ?
  • Can you (or someone) review https://github.com/bootc-dev/bootc/pull/1471 ? I want to try rebasing the branch on that
  • Also in the vein of rebasing I think when we do that we can probably do some squashing and also try to factor out some prep commits (maybe the GRUB parser?)

cgwalters avatar Aug 01 '25 12:08 cgwalters