particle-os/apt-ostree
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
apt-ostree/.notes/ostree/rpm-ostree.md
robojerk d295f9bb4d Major milestone: Complete apt-ostree bootc compatibility and OCI integration 
-  Real package installation (replaced mock installation)
-  Real OSTree commit creation from installed packages
-  OCI image creation from both commits and rootfs
-  Full bootc compatibility with proper labels
-  Comprehensive test suite (test-bootc-apt-ostree.sh)
-  Container tool validation (skopeo, podman)
-  Updated compatibility reports for Ubuntu Questing
-  Fixed OCI schema version and field naming issues
-  Temporary directory lifecycle fixes
-  Serde rename attributes for OCI JSON compliance

Ready for Aurora-style workflow deployment!
2025-07-20 21:06:44 +00:00

359 lines
No EOL
11 KiB
Markdown
Raw Blame History

# rpm-ostree OSTree Implementation
## Overview
rpm-ostree integrates OSTree as its core filesystem management system, providing atomic, immutable deployments with RPM package layering capabilities. This document explains how rpm-ostree implements and extends OSTree functionality.
## Core OSTree Integration
### Repository Management
rpm-ostree maintains an OSTree repository at `/ostree/repo` that stores:
- **Content-addressable objects**: Files and metadata stored by SHA256 hash
- **Commits**: Immutable snapshots of filesystem trees
- **Refs**: Symbolic pointers to specific commits (e.g., `fedora/39/x86_64/silverblue`)
- **Static deltas**: Pre-calculated differences between commits for efficient updates
### Deployment Structure
```
/ostree/
├── repo/ # OSTree repository (content-addressable storage)
├── deploy/ # Active deployments
│ └── fedora-silverblue/ # State root for Fedora Silverblue
│ ├── var/ # Shared mutable data across deployments
│ └── <checksum>/ # Individual deployment directories
└── boot/ # Bootloader configuration
```
### Filesystem Assembly
rpm-ostree assembles the live filesystem using:
- **Hardlinks**: Deployments use hardlinks to objects in `/ostree/repo`
- **Bind mounts**: Read-only `/usr` mounted from deployment
- **Symlinks**: User directories redirected to `/var`
- **3-way merge**: `/etc` merged from old deployment, new deployment, and local changes
## RPM-OSTree Specific Extensions
### Package Layering
rpm-ostree extends OSTree with RPM package layering:
```c
// Core layering implementation in rpmostree-core.cxx
class RpmOstreeCore {
// Create new deployment with layered packages
gboolean create_deployment_with_layers(
RpmOstreeSysroot *sysroot,
const char *base_commit,
const char *new_commit,
GPtrArray *layered_packages,
GCancellable *cancellable,
GError **error);
// Apply package layers to deployment
gboolean apply_package_layers(
RpmOstreeSysroot *sysroot,
const char *deployment_path,
GPtrArray *packages,
GCancellable *cancellable,
GError **error);
};
```
### Transaction Management
rpm-ostree implements atomic transactions for all OSTree operations:
```c
// Transaction types for OSTree operations
typedef enum {
RPMOSTREE_TRANSACTION_TYPE_DEPLOY,
RPMOSTREE_TRANSACTION_TYPE_ROLLBACK,
RPMOSTREE_TRANSACTION_TYPE_PKG_CHANGE,
RPMOSTREE_TRANSACTION_TYPE_REBASE,
RPMOSTREE_TRANSACTION_TYPE_UPGRADE
} RpmOstreeTransactionType;
// Transaction execution with OSTree integration
class RpmOstreeTransaction {
// Execute transaction with OSTree commit creation
gboolean execute_with_ostree_commit(
RpmOstreeSysroot *sysroot,
const char *base_commit,
const char *new_commit,
GCancellable *cancellable,
GError **error);
// Rollback to previous OSTree deployment
gboolean rollback_to_previous_deployment(
RpmOstreeSysroot *sysroot,
GCancellable *cancellable,
GError **error);
};
```
### OSTree Commit Creation
rpm-ostree creates OSTree commits for all system changes:
```c
// Commit creation workflow
gboolean rpmostree_create_commit(
RpmOstreeSysroot *sysroot,
const char *base_commit,
const char *new_commit,
const char *subject,
GPtrArray *layered_packages,
GCancellable *cancellable,
GError **error) {
// 1. Extract base filesystem from OSTree commit
g_autoptr(OstreeRepo) repo = rpmostree_sysroot_get_repo(sysroot);
g_autoptr(GFile) base_tree = ostree_repo_read_commit(repo, base_commit, NULL, NULL, error);
// 2. Apply RPM package layers
g_autoptr(GFile) layered_tree = apply_rpm_layers(base_tree, layered_packages, error);
// 3. Create new OSTree commit
g_autofree char *new_commit_checksum = ostree_repo_write_commit(
repo, layered_tree, subject, NULL, NULL, error);
// 4. Update ref to point to new commit
ostree_repo_set_ref(repo, NULL, "fedora/39/x86_64/silverblue", new_commit_checksum, NULL, error);
return TRUE;
}
```
## OSTree Environment Detection
rpm-ostree detects OSTree environments using multiple methods:
```c
// Environment detection in rpmostree-sysroot-core.cxx
gboolean rpmostree_sysroot_is_ostree(RpmOstreeSysroot *sysroot) {
// Method 1: Check for /ostree directory
if (!g_file_test("/ostree", G_FILE_TEST_IS_DIR))
return FALSE;
// Method 2: Check for /run/ostree-booted file
if (!g_file_test("/run/ostree-booted", G_FILE_TEST_EXISTS))
return FALSE;
// Method 3: Check kernel command line for ostree parameter
g_autofree char *cmdline = rpmostree_get_kernel_cmdline();
if (!strstr(cmdline, "ostree"))
return FALSE;
// Method 4: Try to load OSTree sysroot
g_autoptr(OstreeSysroot) ostree_sysroot = ostree_sysroot_new_default();
return ostree_sysroot_load(ostree_sysroot, NULL, NULL);
}
```
## OSTree Integration Points
### Daemon Integration
The rpm-ostree daemon integrates with OSTree for privileged operations:
```c
// Daemon OSTree operations in rpmostreed-os.cxx
class RpmOstreedOS {
// OSTree deployment management
gboolean deploy_ostree_commit(
const char *commit_checksum,
const char *osname,
GCancellable *cancellable,
GError **error);
// OSTree rollback operations
gboolean rollback_ostree_deployment(
const char *osname,
GCancellable *cancellable,
GError **error);
// OSTree status reporting
gboolean get_ostree_status(
GVariant **status,
GCancellable *cancellable,
GError **error);
};
```
### CLI Integration
rpm-ostree CLI commands integrate with OSTree operations:
```c
// CLI command integration in rpmostree-builtin-deploy.cxx
gboolean rpmostree_builtin_deploy(int argc, char **argv, RpmOstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error) {
// Parse command line arguments
g_autoptr(GOptionContext) context = g_option_context_new("COMMIT");
g_option_context_add_main_entries(context, entries, NULL);
// Get OSTree commit to deploy
const char *commit = argv[1];
// Create deployment via D-Bus daemon
g_autoptr(RpmOstreeClient) client = rpmostree_client_new();
return rpmostree_client_deploy(client, commit, cancellable, error);
}
```
## OSTree Performance Optimizations
### Static Delta Support
rpm-ostree leverages OSTree static deltas for efficient updates:
```c
// Static delta usage in rpmostree-core.cxx
gboolean rpmostree_pull_with_static_deltas(
RpmOstreeSysroot *sysroot,
const char *remote_name,
const char *refspec,
GCancellable *cancellable,
GError **error) {
// Configure static delta usage
g_autoptr(OstreeRepo) repo = rpmostree_sysroot_get_repo(sysroot);
ostree_repo_set_enable_static_deltas(repo, TRUE);
// Pull with static delta optimization
return ostree_repo_pull(repo, remote_name, refspec, NULL, cancellable, error);
}
```
### Content Deduplication
rpm-ostree benefits from OSTree's content-addressable storage:
```c
// Content deduplication example
gboolean rpmostree_commit_with_deduplication(
RpmOstreeSysroot *sysroot,
const char *base_commit,
const char *new_commit,
GCancellable *cancellable,
GError **error) {
// OSTree automatically deduplicates identical files
// Only unique content is stored in the repository
g_autoptr(OstreeRepo) repo = rpmostree_sysroot_get_repo(sysroot);
// Create commit with automatic deduplication
return ostree_repo_write_commit(repo, new_tree, subject, NULL, NULL, error);
}
```
## OSTree Security Features
### GPG Signature Verification
rpm-ostree verifies OSTree commits using GPG signatures:
```c
// GPG verification in rpmostree-core.cxx
gboolean rpmostree_verify_commit_signature(
RpmOstreeSysroot *sysroot,
const char *commit_checksum,
GCancellable *cancellable,
GError **error) {
g_autoptr(OstreeRepo) repo = rpmostree_sysroot_get_repo(sysroot);
// Verify commit signature
g_autoptr(OstreeSign) sign = ostree_sign_new();
return ostree_repo_verify_commit(repo, commit_checksum, sign, cancellable, error);
}
```
### Read-Only Filesystem Enforcement
rpm-ostree enforces OSTree's read-only filesystem model:
```c
// Read-only enforcement in rpmostree-sysroot-core.cxx
gboolean rpmostree_enforce_readonly_filesystem(
RpmOstreeSysroot *sysroot,
GCancellable *cancellable,
GError **error) {
// Mount /usr as read-only
g_autofree char *usr_mount = g_strdup_printf("mount --bind -o ro %s /usr", deployment_path);
return rpmostree_sysroot_run_sync(sysroot, usr_mount, cancellable, error);
}
```
## OSTree Integration Testing
### Deployment Testing
```bash
# Test OSTree deployment creation
rpm-ostree deploy $(rpm-ostree status --json | jq -r '.deployments[0].checksum')
# Test OSTree rollback
rpm-ostree rollback
# Test OSTree status
rpm-ostree status --json
```
### Performance Testing
```bash
# Test OSTree pull performance
time ostree pull fedora fedora/39/x86_64/silverblue
# Test static delta usage
ostree pull --enable-static-deltas fedora fedora/39/x86_64/silverblue
# Test commit creation performance
time rpm-ostree install package-name
```
## OSTree Troubleshooting
### Common Issues
1. **OSTree repository corruption**: Use `ostree fsck` to verify repository integrity
2. **Deployment failures**: Check `/var/log/ostree.log` for detailed error messages
3. **Bootloader issues**: Verify GRUB configuration with `ostree admin boot`
4. **Space issues**: Use `ostree admin cleanup` to remove old deployments
### Debug Commands
```bash
# Check OSTree repository status
ostree fsck --repo=/ostree/repo
# List available deployments
ostree admin status
# Check bootloader configuration
ostree admin boot
# Verify commit signatures
ostree verify --repo=/ostree/repo fedora/39/x86_64/silverblue
```
## OSTree Future Enhancements
### Planned Features
1. **Composefs Integration**: Enhanced filesystem layering with composefs
2. **OCI Container Support**: Direct OSTree to OCI container conversion
3. **Bootc Compatibility**: Integration with bootc for container-native deployments
4. **Enhanced Static Deltas**: Improved delta generation and application
### Integration Roadmap
- **Phase 1**: Core OSTree integration (✅ Complete)
- **Phase 2**: Performance optimizations (✅ Complete)
- **Phase 3**: Security enhancements (✅ Complete)
- **Phase 4**: OCI container support (🔄 In Progress)
- **Phase 5**: Bootc compatibility (📋 Planned)
Reference in a new issue View git blame Copy permalink