Bootc switch issues

[ericcurtin]

At the bottom is a wrapper script I use to do podman build and bootc switch. Bug 1 is known I think, we have to do chcon to solve an selinux issue. Bug 2 is if you try and bootc switch to a container with the same name as the current one, it does nothing (even though one may have made an edit to the container image since, etc.). I workaround this by getting the sha from podman images -q, but it should be able to recognise it's not the same image as currently booted.

#!/bin/bash

main() {
  set -exu -o pipefail

  if [ "$EUID" -ne 0 ]; then
    echo "Please run as root"
    return 1
  fi

  podman build -t bootc -f Containerfile-bootc

  # Bug 1, selinux issue, need to chcon
  bootc usr-overlay || true
  chcon --reference /usr/bin/rpm-ostree /usr/bin/bootc

  # Bug 2, if you try a bootc switch to a new image with the same name
  # nothing happens, use the sha from "podman images -q" to workaround it
  local id="$(podman images -q localhost/bootc)"
  bootc switch --transport containers-storage "$id"
}

main "$@"

[cgwalters]

Once you've done the switch, you can use bootc upgrade.

[ericcurtin]

bootc upgrade doesn't have a --transport option

[ericcurtin]

Maybe I have a funny workflow, but I kinda like it, I just rebuild a locally maintained Containerfile when I want to update or add more software, means I can use dnf or any other install technique I want (within reason)

[cgwalters]

Once you have done a switch, you don't need to re-specify the transport each time for upgrade.

[ericcurtin]

Ah ok interesting, I'll try that

[cgwalters]

Bug 1, selinux issue, need to chcon

Are you overriding the bootc binary in the container build somehow? What host version is this? Is it specific to having usroverlay on for you? More info please.

[ericcurtin]

It's this Containerfile specifically:

FROM quay.io/fedora/fedora-kinoite:41

RUN dnf install -y alacritty black clang cmake codespell distrobox dnf4 \
      fedora-workstation-repositories gcc hyperfine keepassxc libcurl-devel \
      make nvtop podman python3-tqdm qemu-kvm the_silver_searcher vim \
      python3-flake8 bats httpd-tools docker

chcon fails without doing bootc usr-overlay first

[cgwalters]

Can you paste the output of env RUST_LOG=debug bootc upgrade say without the chcon? Also paste the output of ls -Z /usr/bin/ostree.

[ericcurtin]

I'm off now but I'll do it Monday, just for the record this is an rpm-ostree Kinoite system converted to bootc via "bootc switch". That's the easiest way to install a Silverblue/Kinoite bare metal machine that I know of, start with an rpm-ostree .iso .