-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UKI/systemd-boot tracker #806
Comments
One thing that came up is it could be really helpful for us to support the "pure UKI" path first with no bootloader. That's likely a good way to try severing some of the ostree dependency in that path - we'd just need to handle UKI copying and garbage collection on the bootc side alone. In this initial UKI flow we wouldn't try to handle composefs binding, basically just support adding e.g. Fedora's More background on this: It looks like today This also touches on e.g. coreos/rpm-ostree#5135 a bit in that I think we may want to define an explicit kernel layout for this? |
A note for when you do start integrating with systemd-boot is that if we want the distro details to appear in the systemd-boot menu (and optionally the ostree slot number and the order of the menu to be correct) someone needs to embed a os-release file into the .osrel section of the binary. In particular someone needs to set or add a suffix to You also need to determine how discovery of the correct Such embedding, if done on the target machines, will break any existing Secure Boot signatures added by the image vendor. My current cobbled together solution does handle This is less of a problem if you're doing your own invocations of See https://uapi-group.org/specifications/specs/boot_loader_specification/#type-2-efi-unified-kernel-images and https://uapi-group.org/specifications/specs/unified_kernel_image/#unified-kernel-image-uki for more details about EDIT: Updated the first paragraph because a lot of this can be done by the image builder. |
systemd-boot has a lot of uptake and is very simple for the UEFI path. We need to support it.
One thing this deeply intersects with is ostreedev/ostree#2753 and ostreedev/ostree#1951 as well as #20
I think with the new containers/composefs#332 we could try doing a "big bang" where we:
security.selinux
in the tar stream)/etc
it is tempting to try switching to what flatcar does by default where we change to using an overlayfs for/etc
with the lowerdir, but we could also automatically do the/usr/etc
handling in our image (reusing the ostree code...either way); a challenge in this is we document configuring things inostree-prepare-root.conf
today but we could start parsing those options in bootc instead.ostree-prepare-root.service
from the initramfs and have a spike on what it'd look like to move the mount logic in the initramfs maybe in this project.The text was updated successfully, but these errors were encountered: