Tracker for bootc integration

[cgwalters]

Describe the enhancement

This is a tracker issue for integration with https://github.com/containers/bootc/

There's two mechanical parts to this:

Pre-built (container) images:

Here we add bootc into a quay.io/fedora/fedora-coreos:continuous stream (current builds are in a COPR); or actually, I'd say we only build containers for this "stream". (It'd be nice if they were multi-arch, and we did kola testing using it as a target, but I don't think we need to upload disk and cloud images to start).

Or we could just package in Fedora right now and ship in next or whatever, though that has a high overhead.

Supporting bootc install

The rationale for this is outlined in #1151

This depends on coreos/fedora-coreos-config#2141 at least.

[dustymabe]

tagging with meeting label for socialization/discussion.

[dustymabe]

We discussed this in the community meeting today.

13:34:20  dustymabe | #agreed We'll create a new `experimental` FCOS
                    | development stream for testing out highly
                    | experimental new features and add bootc as the
                    | first iteration of experimentation in that
                    | stream.

[cgwalters]

OK, I pushed cgwalters/fedora-coreos-config@cb4157e

I can't do a PR for creating a new branch, but does that commit look good?

[cgwalters]

(Tweaked now to actually set things up so that any disk images built are container-native by default!)

[cgwalters]

$ cosa run
Fedora CoreOS 38.20230502.dev.1
Tracker: https://github.com/coreos/fedora-coreos-tracker
Discuss: https://discussion.fedoraproject.org/tag/coreos

Last login: Tue May  2 20:24:25 2023
[core@cosa-devsh ~]$ sudo su -
[root@cosa-devsh ~]# rpm-ostree status
State: idle
Deployments:
● ostree-remote-image:fedora:docker://quay.io/fedora/fedora-coreos:experimental
                   Digest: sha256:fff32804dece16a956169cc8f2c133d6e01506db0896a22d50eaebdc8df8f28a
                  Version: 38.20230502.dev.1 (2023-05-02T20:21:59Z)
[root@cosa-devsh ~]# bootc status
*  ostree-remote-image:fedora:docker://quay.io/fedora/fedora-coreos:experimental
    Digest: sha256:fff32804dece16a956169cc8f2c133d6e01506db0896a22d50eaebdc8df8f28a
    Version: 38.20230502.dev.1
    Backend: ostree
    Booted: yes

[root@cosa-devsh ~]# bootc upgrade
ERROR Upgrading: Pulling: Creating importer: Failed to invoke skopeo proxy method OpenImage: remote error: reading manifest experimental in quay.io/fedora/fedora-coreos: manifest unknown
[root@cosa-devsh ~]# 

[jmarrero]

#1446 (comment)
Commit LGTM.

[jlebon]

• I'd set prod to false. Practically, the only thing this does today is disable Zincati, which I think applies here too.
• fedora-copr-bootc.repo and manifests/bootc.yaml will get removed during the config sync. They would normally need to live in testing-devel, though for this experimental stream it'd make sense to keep them there. We'll have to tweak config-bot slightly for this. Super short-term though, config-bot won't run on this branch since it's not configured to look there, so it's not a blocker. But we'll want it soon-ish so the branch doesn't progressively get stale as testing-devel changes.

Looks sane to me otherwise!

[cgwalters]

fedora-copr-bootc.repo and manifests/bootc.yaml will get removed during the config sync. They would normally need to live in testing-devel, though for this experimental stream it'd make sense to keep them there.

Ah, thanks. To be clear, are you saying these two things should go on testing-devel now?

[jlebon]

fedora-copr-bootc.repo and manifests/bootc.yaml will get removed during the config sync. They would normally need to live in testing-devel, though for this experimental stream it'd make sense to keep them there.

Ah, thanks. To be clear, are you saying these two things should go on testing-devel now?

I meant that we could keep it in the experimental branch regardless since config-bot wouldn't know to keep it in sync. But now I just threw up coreos/fedora-coreos-releng-automation#171 that should help here.

[cgwalters]

Coming back to this now...so I'm good to push this tip commit to a new experimental branch here?

[cgwalters]

I've rebased the experimental branch on the latest testing-devel.

Still thinking about how builds should work. And we need to enable automatic updates; this would be most natural with coreos/rpm-ostree#4392 but the whole thing would be even more clear if we did it via bootc.

[dustymabe]

I've rebased the experimental branch on the latest testing-devel.

Tip commit cgwalters/fedora-coreos-config@e077af2 LGTM.

[dustymabe]

I've rebased the experimental branch on the latest testing-devel.

Tip commit cgwalters/fedora-coreos-config@e077af2 LGTM.

Though.. One thing we should consider, since we're using a copr repo as an input, is that we probably shouldn't do any signing (at least not with the Fedora Release engineering keys) for this.

[cgwalters]

Yeah; actually though related to signing since the goal here is to be container native we should stop doing GPG and switch to sigstore. This relates to coreos/rpm-ostree#4272

Anyways, thanks for the review! I've pushed the branch, should be live now.

That said I keep going back and forth here a bit. What's a bit tempting here actually is to publish bootc as a crate, and just vendor it in rpm-ostree. Then enabling it could just be done via e.g. ln -s /usr/bin/{rpm-ostree,bootc}, which could be done in any derived container build...

[cgwalters]

What's a bit tempting here actually is to publish bootc as a crate, and just vendor it in rpm-ostree. Then enabling it could just be done via e.g. ln -s /usr/bin/{rpm-ostree,bootc}, which could be done in any derived container build...

This happened in coreos/rpm-ostree#4506
which means we don't really need an "experimental" branch anymore, 99% of bootc will ship soon in FCOS, and can be tested by just creating a symlink.

[dustymabe]

which means we don't really need an "experimental" branch anymore

dropping it in: coreos/fedora-coreos-releng-automation#182