Merge pull request #299 from cgwalters/bootc-label

Add suggestion for `LABEL containers.bootc 1`
containers · Feb 5, 2024 · faf478d · faf478d
2 parents 56811f4 + b766db8
commit faf478d
Show file tree

Hide file tree

Showing 7 changed files with 82 additions and 0 deletions.
diff --git a/docs/bootc-images.md b/docs/bootc-images.md
@@ -50,6 +50,16 @@ The requirement for both methods is that your initial treefile/manifest
 However, the ostree usage is an implementation detail
 and the requirement on this will be lifted in the future.
 
+## Standard metadata for bootc compatible images
+
+It is strongly recommended to do:
+
+```dockerfile
+LABEL containers.bootc 1
+```
+
+This will signal that this image is intended to be usable with `bootc`.
+
 # Deriving from existing base images
 
 It's important to emphasize that from one

diff --git a/lib/Cargo.toml b/lib/Cargo.toml
@@ -26,6 +26,7 @@ gvariant = "0.4.0"
 indicatif = "0.17.0"
 libc = "^0.2"
 liboverdrop = "0.1.0"
+libsystemd = "0.7"
 once_cell = "1.9"
 openssl = "^0.10"
 # TODO drop this in favor of rustix

diff --git a/lib/src/cli.rs b/lib/src/cli.rs
@@ -341,6 +341,7 @@ async fn upgrade(opts: UpgradeOpts) -> Result<()> {
                 println!("No changes in: {}", imgref);
             }
             PrepareResult::Ready(r) => {
+                crate::deploy::check_bootc_label(&r.config);
                 println!("Update available for: {}", imgref);
                 if let Some(version) = r.version() {
                     println!("  Version: {version}");

diff --git a/lib/src/deploy.rs b/lib/src/deploy.rs
@@ -19,6 +19,7 @@ use ostree_ext::sysroot::SysrootLock;
 
 use crate::spec::HostSpec;
 use crate::spec::ImageReference;
+use crate::status::labels_of_config;
 
 // TODO use https://github.com/ostreedev/ostree-rs-ext/pull/493/commits/afc1837ff383681b947de30c0cefc70080a4f87a
 const BASE_IMAGE_PREFIX: &str = "ostree/container/baseimage/bootc";
@@ -84,6 +85,32 @@ pub(crate) async fn new_importer(
     Ok(imp)
 }
 
+pub(crate) fn check_bootc_label(config: &ostree_ext::oci_spec::image::ImageConfiguration) {
+    if let Some(label) =
+        labels_of_config(config).and_then(|labels| labels.get(crate::metadata::BOOTC_COMPAT_LABEL))
+    {
+        match label.as_str() {
+            crate::metadata::COMPAT_LABEL_V1 => {}
+            o => crate::journal::journal_print(
+                libsystemd::logging::Priority::Warning,
+                &format!(
+                    "notice: Unknown {} value {}",
+                    crate::metadata::BOOTC_COMPAT_LABEL,
+                    o
+                ),
+            ),
+        }
+    } else {
+        crate::journal::journal_print(
+            libsystemd::logging::Priority::Warning,
+            &format!(
+                "notice: Image is missing label: {}",
+                crate::metadata::BOOTC_COMPAT_LABEL
+            ),
+        )
+    }
+}
+
 /// Wrapper for pulling a container image, wiring up status output.
 #[context("Pulling")]
 pub(crate) async fn pull(
@@ -101,6 +128,7 @@ pub(crate) async fn pull(
         }
         PrepareResult::Ready(p) => p,
     };
+    check_bootc_label(&prep.config);
     if let Some(warning) = prep.deprecated_warning() {
         ostree_ext::cli::print_deprecated_warning(warning).await;
     }

diff --git a/lib/src/journal.rs b/lib/src/journal.rs
@@ -0,0 +1,36 @@
+//! Thin wrapper for systemd journaling; these APIs are no-ops
+//! when not running under systemd.  Only use them when
+
+use std::collections::HashMap;
+use std::sync::atomic::{AtomicBool, Ordering};
+
+/// Set to true if we failed to write to the journal once
+static EMITTED_JOURNAL_ERROR: AtomicBool = AtomicBool::new(false);
+
+/// Wrapper for structured logging which is an explicit no-op
+/// when systemd is not in use (e.g. in a container).
+pub(crate) fn journal_send<K, V>(
+    priority: libsystemd::logging::Priority,
+    msg: &str,
+    vars: impl Iterator<Item = (K, V)>,
+) where
+    K: AsRef<str>,
+    V: AsRef<str>,
+{
+    if !libsystemd::daemon::booted() {
+        return;
+    }
+    if let Err(e) = libsystemd::logging::journal_send(priority, msg, vars) {
+        if !EMITTED_JOURNAL_ERROR.swap(true, Ordering::SeqCst) {
+            eprintln!("failed to write to journal: {e}");
+        }
+    }
+}
+
+/// Wrapper for writing to systemd journal which is an explicit no-op
+/// when systemd is not in use (e.g. in a container).
+#[allow(dead_code)]
+pub(crate) fn journal_print(priority: libsystemd::logging::Priority, msg: &str) {
+    let vars: HashMap<&str, &str> = HashMap::new();
+    journal_send(priority, msg, vars.into_iter())
+}
diff --git a/lib/src/lib.rs b/lib/src/lib.rs
@@ -19,7 +19,9 @@
 
 pub mod cli;
 pub(crate) mod deploy;
+pub(crate) mod journal;
 mod lsm;
+pub(crate) mod metadata;
 mod reboot;
 mod reexec;
 mod status;

diff --git a/lib/src/metadata.rs b/lib/src/metadata.rs
@@ -0,0 +1,4 @@
+/// This label is expected to be present on compatible base images.
+pub(crate) const BOOTC_COMPAT_LABEL: &str = "containers.bootc";
+/// The current single well-known value for the label.
+pub(crate) const COMPAT_LABEL_V1: &str = "1";