Skip to content

Commit

Permalink
Exit if booted into a container image
Browse files Browse the repository at this point in the history
This is part of coreos/fedora-coreos-tracker#1263

We don't yet have an official stance on how zincati and custom
container images interact.  Today, zincati just crash loops.
This changes things so that we gracefully exit if we detect
the booted system is using a container image origin.

(The code here isn't quite as clean as it could be; calling
 `std::process::exit()` in the middle of the call chain isn't
  elegant but doing better would require plumbing through an
  `Option<T>` through many layers)
  • Loading branch information
cgwalters committed Nov 19, 2022
1 parent ebb241c commit 95d1c39
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 5 deletions.
11 changes: 11 additions & 0 deletions src/identity/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,17 @@ impl Identity {
let basearch = coreos_stream_metadata::this_architecture().to_string();
let current_os =
rpm_ostree::parse_booted(&status).context("failed to introspect booted OS image")?;
let current_os = if let Some(o) = current_os {
o
} else {
log::info!("Disabling zincati automatic updates");
crate::utils::update_unit_status(
"Booted into container image; zincati updates disabled",
);
crate::utils::notify_ready();
crate::utils::notify_stopping();
std::process::exit(0);
};
let node_uuid = {
let app_id = id128::Id128::try_from_slice(APP_ID)
.map_err(|e| anyhow!("failed to parse application ID: {}", e))?;
Expand Down
19 changes: 14 additions & 5 deletions src/rpm_ostree/cli_status.rs
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ pub struct StatusJson {
#[serde(rename_all = "kebab-case")]
pub struct DeploymentJson {
booted: bool,
container_image_reference: Option<String>,
base_checksum: Option<String>,
#[serde(rename = "base-commit-meta")]
base_metadata: BaseCommitMetaJson,
Expand All @@ -62,7 +63,7 @@ pub struct DeploymentJson {
#[derive(Clone, Debug, Deserialize)]
struct BaseCommitMetaJson {
#[serde(rename = "fedora-coreos.stream")]
stream: String,
stream: Option<String>,
}

impl DeploymentJson {
Expand All @@ -84,13 +85,21 @@ impl DeploymentJson {
}

/// Parse the booted deployment from status object.
pub fn parse_booted(status: &StatusJson) -> Result<Release> {
let json = booted_json(status)?;
Ok(json.into_release())
pub fn parse_booted(status: &StatusJson) -> Result<Option<Release>> {
let status = booted_json(status)?;
if let Some(img) = status.container_image_reference.as_ref() {
log::info!("Booted system is tracking {img}");
return Ok(None);
}
Ok(Some(status.into_release()))
}

fn fedora_coreos_stream_from_deployment(deploy: &DeploymentJson) -> Result<String> {
let stream = deploy.base_metadata.stream.as_str();
let stream = deploy
.base_metadata
.stream
.as_ref()
.ok_or_else(|| anyhow!("Missing `fedora-coreos.stream` in commit metadata"))?;
ensure!(!stream.is_empty(), "empty stream value");
Ok(stream.to_string())
}
Expand Down

0 comments on commit 95d1c39

Please sign in to comment.