bootc icon indicating copy to clipboard operation
bootc copied to clipboard
verified publisher icon containers

Install UKI Addons globally

Open Johan-Liebert1 opened this issue 2 months ago • 3 comments

Until now we were scoping passed in UKI Addons to specific deployments, but usecases like ignition, luks (for now at least), require the addons to be applied to all deployments

Rename 'efi' key to 'uki' in BLSConfig

Key 'uki' is more appropriate for us as the PE Binary that the key points to is a UKI

Johan-Liebert1 avatar Nov 18 '25 11:11 Johan-Liebert1

usecases like ignition, luks (for now at least), require the addons to be applied to all deployments

FTR we covered some of this in https://github.com/coreos/fedora-coreos-tracker/issues/2060

It feels a bit weird to install global addons from a container image by default; at least not without making that opt-in somehow.

Since as discussed the Ignition platform ID UKI addon needs to live "out of band" of the container, how about just adding bootc install --global-uki-addon=/path/to/file? (it might also make sense to support fetching them as an OCI artifact or so too)

Or really I guess in the CoreOS case since it's always using osbuild which always uses install-to-filesystem it could be the build process there that drops in the UKI addon for the platform ID right?

Overall my inclination is to back out on the UKI addon support in bootc for now and just do external dropins per above until we're sure we need in-band addons.

cgwalters avatar Nov 18 '25 21:11 cgwalters

It feels a bit weird to install global addons from a container image by default; at least not without making that opt-in somehow.

Installing addons is opt-in using the --uki-addon flag. Until now they were installed specific to a deployment, which is a niche use case as people would want to install most addons globally for all deployments. @travier and I had a discussion on whether most addons would be scoped and global. There are some use cases for scoped addons, example for testing something before applying it to all deployments.

The platform ID Ignition addon is a special case and would most probably be not in a container (even though it very well could be in a container).

Johan-Liebert1 avatar Nov 19 '25 04:11 Johan-Liebert1

So, we're not completely sold on UKI addons. I'll pick the last two commits for a separate PR as they are just some minor improvements

Edit: https://github.com/bootc-dev/bootc/pull/1802

Johan-Liebert1 avatar Nov 24 '25 06:11 Johan-Liebert1