Add ostree=aboot for signed Android Boot Images #2877
Conversation
|
Hi @ericcurtin. Thanks for your PR. I'm waiting for a ostreedev member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
So this is #2844 reworked, much simpler |
|
So, where are the symlinks created? |
|
So at deploy time on the client-side, we shell out to aboot-deploy, this knows where to symlink to and can create the symlink. Doesn't need a change in this repo directly, I think that's a good thing, it means I don't have to poke @cgwalters to update ostree in CentOS Steam 9 and wait a few months for it to land. |
|
All review comments addressed |
|
On a slightly related note, I was thinking of replacing https://github.com/ostreedev/ostree/blob/main/src/libostree/ostree-bootloader-aboot.c with a generic c file that calls a systemd unit, I thought of doing something similar and I actually saw a comment that hinted towards that in the code base here somewhere.... Would mean you don't have to write a load of bolierplate C to shell out to something, it would just become a systemd unit file you can modify, edit, etc... |
Some kernel images are delivered in a signed kernel + cmdline + initramfs + dtb blob. When this is added to the commit server side, only after this do you know what the cmdline is, this creates a recursion issue. To avoid this, in the case where we have ostree=aboot karg set, create a symlink after deploy to the correct ostree target in the rootfs, as the cmdline can't be malleable and secured client-side at the same time.
Make it an autofree_char rather than a char
|
/ok-to-test |
|
I gave this a quick skim and it looks sane. I do have a vague feeling it might be nicer to try to abstract away from aboot in some way because there's certain to be some alignment as discussed between UKIs and aboot (and potentially other A/B bootloaders) but this is fine. A procedural note: In this organization we only need one approving reviewer, so in the general case it's not just me that can merge things. I'm certainly fine if Alex or Dan had merged this too. |
Some kernel images are delivered in a signed kernel + cmdline + initramfs + dtb blob. When this is added to the commit server side, only after this do you know what the cmdline is, this creates a recursion issue. To avoid this, in the case where we have ostree=aboot karg set, create a symlink after deploy to the correct ostree target in the rootfs, as the cmdline can't be malleable and secured client-side at the same time.