fix: make bootable by default and sync with other images

Signed-off-by: Tulip Blossom <[email protected]>

Author: tulilirockz

.github/workflows/build.yaml

@@ -16,7 +16,7 @@ on:
 env:
   IMAGE_DESC: "Experimental opensuse-bootc POC image"
   IMAGE_KEYWORDS: "bootc,opensuse"
-  IMAGE_LOGO_URL: "https://avatars.githubusercontent.com/u/623819?s=200&v=4"
+  IMAGE_LOGO_URL: "https://avatars.githubusercontent.com/u/230667510?s=400&u=cb912a5db49aee164a609a0fb4967d2d8170feb9&v=4"
   IMAGE_NAME: "${{ github.event.repository.name }}"
   IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}"
   DEFAULT_TAG: "latest"
@@ -66,13 +66,13 @@ jobs:
             type=sha,enable=${{ github.event_name == 'pull_request' }}
             type=ref,event=pr
           labels: |
-            io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/refs/heads/main/README.md
+            io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/${{ github.sha }}/README.md
             org.opencontainers.image.created=${{ steps.date.outputs.date }}
             org.opencontainers.image.description=${{ env.IMAGE_DESC }}
-            org.opencontainers.image.documentation=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/refs/heads/main/README.md
-            org.opencontainers.image.source=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/blob/main/Containerfile
+            org.opencontainers.image.documentation=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/${{ github.sha }}/README.md
+            org.opencontainers.image.source=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/blob/${{ github.sha }}/Containerfile
             org.opencontainers.image.title=${{ env.IMAGE_NAME }}
-            org.opencontainers.image.url=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
+            org.opencontainers.image.url=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/tree/${{ github.sha }}
             org.opencontainers.image.vendor=${{ github.repository_owner }}
             org.opencontainers.image.version=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD'}}
             io.artifacthub.package.deprecated=false
@@ -90,12 +90,10 @@ jobs:
         with:
           containerfiles: |
             ./Containerfile
-          # Postfix image name with -custom to make it a little more descriptive
-          # Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format
           image: ${{ env.IMAGE_NAME }}
           tags: ${{ steps.metadata.outputs.tags }}
           labels: ${{ steps.metadata.outputs.labels }}
-          oci: false
+          oci: true
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3

.gitignore

@@ -1,3 +1,4 @@
+*.img
 cosign.key
 _build_*
 output

Containerfile

@@ -1,68 +1,46 @@
 FROM registry.opensuse.org/opensuse/tumbleweed:latest
 
-COPY files/37composefs/ /usr/lib/dracut/modules.d/37composefs/
-COPY files/ostree/prepare-root.conf /usr/lib/ostree/prepare-root.conf
-
-RUN zypper install -y ostree-devel git cargo rust
-
-RUN --mount=type=tmpfs,dst=/tmp cd /tmp && \
-    git clone https://github.com/bootc-dev/bootc.git bootc && \
-    cd bootc && \
-    git fetch --all && \
-    git switch origin/composefs-backend -d && \
-    cargo build --release --bins --features "pre-6.15" && \
-    install -Dpm0755 -t /usr/bin ./target/release/bootc && \
-    install -Dpm0755 -t /usr/bin ./target/release/system-reinstall-bootc && \
-    install -Dpm0755 -t /usr/bin ./target/release/bootc-initramfs-setup
-
-RUN --mount=type=tmpfs,dst=/tmp cd /tmp && \
-    git clone https://github.com/p5/coreos-bootupd.git bootupd && \
-    cd bootupd && \
-    git fetch --all && \
-    git switch origin/sdboot-support -d && \
-    cargo build --release --bins --features systemd-boot && \
-    install -Dpm0755 -t /usr/bin ./target/release/bootupd && \
-    ln -s ./bootupd /usr/bin/bootupctl
-
 RUN zypper install -y \
-  dracut \
-  composefs \
-  composefs-experimental \
-  kernel-default \
-  kernel-firmware-all \
-  systemd \
-  btrfs-progs \
-  e2fsprogs \
-  xfsprogs \
-  udev \
-  cpio \
-  zstd \
-  binutils \
-  dosfstools \
-  conmon \
-  crun \
-  netavark \
-  skopeo \
-  dbus-1 \
-  dbus-1-daemon \
-  dbus-broker \
-  systemd-boot
-
-RUN cp /usr/bin/bootc-initramfs-setup /usr/lib/dracut/modules.d/37composefs
-
-RUN echo 'add_drivers+=" erofs "' >> /etc/dracut.conf.d/composefs.conf
-
-RUN echo "$(basename "$(find /usr/lib/modules -maxdepth 1 -type d | grep -v -E "*.img" | tail -n 1)")" > kernel_version.txt && \
-    dracut --force --add debug --no-hostonly --reproducible --zstd --verbose --kver "$(cat kernel_version.txt)"  "/usr/lib/modules/$(cat kernel_version.txt)/initramfs.img" && \
-    rm kernel_version.txt
-
-# Alter root file structure a bit for ostree
-RUN mkdir -p /boot /sysroot /var/home && \
-    rm -rf /var/log /home /root /usr/local /srv && \
-    ln -s /var/home /home && \
-    ln -s /var/roothome /root && \
-    ln -s /var/usrlocal /usr/local && \
-    ln -s /var/srv /srv
+      binutils \
+      btrfs-progs \
+      cpio \
+      dosfstools \
+      dracut \
+      e2fsprogs \
+      glib2 \
+      kernel-default \
+      kernel-firmware-all \
+      skopeo \
+      systemd \
+      systemd-boot \
+      udev \
+      xfsprogs \
+      zstd && \
+    zypper clean -a
+
+ENV DEV_DEPS="git rust make cargo gcc-devel glib2-devel libzstd-devel openssl-devel ostree-devel"
+RUN --mount=type=tmpfs,dst=/tmp --mount=type=tmpfs,dst=/root \
+    zypper install -y ${DEV_DEPS} && \
+    git clone "https://github.com/bootc-dev/bootc.git" /tmp/bootc && \
+    make -C /tmp/bootc bin install-all install-initramfs-dracut && \
+    sh -c 'export KERNEL_VERSION="$(basename "$(find /usr/lib/modules -maxdepth 1 -type d | grep -v -E "*.img" | tail -n 1)")" && \
+    dracut --force --no-hostonly --force-drivers erofs --reproducible --zstd --verbose --kver "$KERNEL_VERSION"  "/usr/lib/modules/$KERNEL_VERSION/initramfs.img"' && \
+    zypper remove -y ${DEV_DEPS} && \
+    zypper clean -a
+ENV DEV_DEPS=""
+
+# Necessary for general behavior expected by image-based systems
+RUN echo "HOME=/var/home" | tee "/etc/default/useradd" && \
+    rm -rf /boot /home /root /usr/local /srv && \
+    mkdir -p /var /sysroot /boot /usr/lib/ostree && \
+    ln -s var/opt /opt && \
+    ln -s var/roothome /root && \
+    ln -s var/home /home && \
+    ln -s sysroot/ostree /ostree && \
+    echo "$(for dir in opt usrlocal home srv mnt ; do echo "d /var/$dir 0755 root root -" ; done)" | tee -a /usr/lib/tmpfiles.d/bootc-base-dirs.conf && \
+    echo "d /var/roothome 0700 root root -" | tee -a /usr/lib/tmpfiles.d/bootc-base-dirs.conf && \
+    echo "d /run/media 0755 root root -" | tee -a /usr/lib/tmpfiles.d/bootc-base-dirs.conf && \
+    printf "[composefs]\nenabled = yes\n[sysroot]\nreadonly = true\n" | tee "/usr/lib/ostree/prepare-root.conf"
 
 # Setup a temporary root passwd (changeme) for dev purposes
 # TODO: Replace this for a more robust option when in prod

Justfile

@@ -1,24 +1,27 @@
-build-containerfile:
-    sudo podman build \
-        -t opensuse-bootc:latest .
+image_name := env("BUILD_IMAGE_NAME", "opensuse-bootc")
+image_tag := env("BUILD_IMAGE_TAG", "latest")
+base_dir := env("BUILD_BASE_DIR", ".")
+filesystem := env("BUILD_FILESYSTEM", "ext4")
+
+build-containerfile $image_name=image_name:
+    sudo podman build -t "${image_name}:latest" .
 
 bootc *ARGS:
     sudo podman run \
         --rm --privileged --pid=host \
         -it \
-        -e RUST_LOG=debug \
         -v /sys/fs/selinux:/sys/fs/selinux \
         -v /etc/containers:/etc/containers:Z \
-        -v /var/lib/containers:/var/lib/containers \
+        -v /var/lib/containers:/var/lib/containers:Z \
         -v /dev:/dev \
-        -v .:/data:z \
+        -e RUST_LOG=debug \
+        -v "{{base_dir}}:/data" \
         --security-opt label=type:unconfined_t \
-        opensuse-bootc:latest bootc {{ARGS}}
+        "{{image_name}}:{{image_tag}}" bootc {{ARGS}}
 
-generate-bootable-image:
+generate-bootable-image $base_dir=base_dir $filesystem=filesystem:
     #!/usr/bin/env bash
-    if [ ! -e ./bootable.img ] ; then
-        fallocate -l 20G ./bootable.img
+    if [ ! -e "${base_dir}/bootable.img" ] ; then
+        fallocate -l 20G "${base_dir}/bootable.img"
     fi
-    just bootc install to-disk --composefs-native --via-loopback /data/bootable.img --filesystem ext4 --wipe
-
+    just bootc install to-disk --composefs-backend --via-loopback /data/bootable.img --filesystem "${filesystem}" --wipe --bootloader systemd