robojerk
306a68b89a
- Fix parallel execution logic to properly handle JoinHandle<Result<R, E>> types - Use join_all instead of try_join_all for proper Result handling - Fix double question mark (??) issue in parallel execution methods - Clean up unused imports in parallel and cache modules - Ensure all performance optimization modules compile successfully - Fix CI build failures caused by compilation errors
30 KiB
30 KiB
🚀 apt-ostree OSTree Handling Architecture
📋 Overview
This document outlines the OSTree handling responsibilities and architecture for apt-ostree, based on analysis of the rpm-ostree implementation. It explains the separation of concerns between the CLI client (apt-ostree) and the daemon (apt-ostreed), and provides detailed implementation guidance for OSTree operations.
🏗️ Architecture Overview
Component Separation
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ CLI Client │ │ Rust Core │ │ Rust Daemon │
│ (apt-ostree) │◄──►│ (DBus) │◄──►│ (aptostreed) │
│ │ │ │ │ │
│ • Command │ │ • Client Logic │ │ • OSTree Ops │
│ • User Input │ │ • DBus Client │ │ • APT Package │
│ • Output Display│ │ • Error Handling│ │ • Transactions │
└─────────────────┘ └─────────────────┘ └─────────────────┘
Responsibility Distribution
CLI Client (apt-ostree)
- Command parsing and user interface
- DBus communication with daemon
- Progress display and user feedback
- Error reporting and recovery suggestions
- Fallback operations when daemon unavailable
Daemon (apt-ostreed)
- OSTree operations and filesystem management
- Transaction management and atomic operations
- System state monitoring and updates
- Privilege management and security
- Long-running operations and background tasks
🔍 OSTree Operations Analysis
Core OSTree Responsibilities
Based on the rpm-ostree analysis, the following OSTree operations are handled by the daemon:
1. Deployment Management
// Core deployment operations handled by daemon
pub struct OstreeManager {
repo: Arc<RwLock<Repo>>,
sysroot_path: PathBuf,
}
impl OstreeManager {
// List all deployments
pub async fn list_deployments(&self) -> Result<Vec<DeploymentInfo>, OstreeError>
// Get currently booted deployment
pub async fn get_booted_deployment(&self) -> Result<Option<DeploymentInfo>, OstreeError>
// Create new deployment
pub async fn create_deployment(&self, refspec: &str) -> Result<String, OstreeError>
// Deploy specific commit
pub async fn deploy_commit(&self, commit: &str) -> Result<(), OstreeError>
// Rollback to previous deployment
pub async fn rollback_deployment(&self) -> Result<(), OstreeError>
}
2. Repository Operations
impl OstreeManager {
// Pull new content from remote
pub async fn pull_ref(&self, refspec: &str) -> Result<String, OstreeError>
// Check for updates
pub async fn check_for_updates(&self) -> Result<UpdateInfo, OstreeError>
// Generate repository metadata
pub async fn refresh_metadata(&self) -> Result<(), OstreeError>
}
3. Filesystem Operations
impl OstreeManager {
// Create staging deployment
pub async fn create_staging_deployment(&self) -> Result<String, OstreeError>
// Install packages in staging
pub async fn install_packages_in_staging(
&self,
staging_ref: &str,
packages: &[String],
) -> Result<(), OstreeError>
// Commit staging deployment
pub async fn commit_staging_deployment(
&self,
staging_ref: &str,
message: &str,
) -> Result<String, OstreeError>
}
4. Boot Configuration
impl OstreeManager {
// Get deployment boot configuration
pub async fn get_deployment_boot_config(
&self,
deploy_id: &str,
is_pending: bool,
) -> Result<BootConfig, OstreeError>
// Set kernel arguments
pub async fn set_kernel_args(
&self,
added: &[String],
removed: &[String],
replaced: &[String],
) -> Result<(), OstreeError>
// Manage initramfs
pub async fn set_initramfs_state(
&self,
regenerate: bool,
args: &[String],
) -> Result<(), OstreeError>
}
🏗️ Package Layering Architecture - CRITICAL SECTION
Understanding Package Layers in OSTree
Package layers ARE new OSTree commits - they're not separate from OSTree, they're how apt-ostree implements package management on top of OSTree's immutable filesystem model.
Layer Structure in OSTree Repository
OSTree Repository Structure:
┌─────────────────────────────────────────────────────────┐
│ Base Image Commit (e.g., Debian 13 Trixie) │
│ ├── /usr/bin/bash │
│ ├── /usr/lib/systemd │
│ ├── /etc/os-release │
│ └── ... (immutable base system) │
└─────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────┐
│ Package Layer Commit (e.g., user installed vim) │
│ ├── /usr/bin/vim │
│ ├── /usr/share/vim │
│ ├── /var/lib/dpkg/info/vim.postinst │
│ └── ... (vim package files) │
└─────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────┐
│ Another Package Layer (e.g., user installed git) │
│ ├── /usr/bin/git │
│ ├── /usr/share/git │
│ ├── /var/lib/dpkg/info/git.postinst │
│ └── ... (git package files) │
└─────────────────────────────────────────────────────────┘
Complete Package Installation Workflow
Example: apt-ostree install vim
// Complete workflow from CLI command to new OSTree commit:
// 1. CLI receives command: "apt-ostree install vim"
// 2. CLI communicates with daemon via DBus
// 3. Daemon creates transaction and begins package layering
// 4. New OSTree commit is created (this IS the layer)
// 5. System boots from new commit
impl AptOstreeIntegration {
pub async fn install_packages(&self, packages: &[String]) -> Result<String, Error> {
// 1. Create staging deployment from current booted commit
let staging_ref = self.ostree_manager.create_staging_deployment().await?;
// 2. Resolve package dependencies (e.g., vim -> vim-common, vim-runtime)
let all_packages = self.apt_manager.resolve_dependencies(packages).await?;
// 3. Download packages from APT repositories
let package_paths = self.apt_manager.download_packages(&all_packages).await?;
// 4. Extract packages to staging deployment
for (package, path) in all_packages.iter().zip(package_paths.iter()) {
self.extract_package_to_staging(&staging_ref, package, path).await?;
}
// 5. Execute package scripts (preinst, postinst)
self.execute_package_scripts(&staging_ref, &all_packages).await?;
// 6. Commit staging deployment as new OSTree commit
let commit_hash = self.ostree_manager.commit_staging_deployment(
&staging_ref,
&format!("Install packages: {}", packages.join(", ")),
).await?;
// 7. Update boot configuration to use new commit
self.ostree_manager.set_default_deployment(&commit_hash).await?;
Ok(commit_hash)
}
}
Layer Creation Process
// Detailed layer creation workflow:
impl AptOstreeIntegration {
async fn create_package_layer(
&self,
base_commit: &str,
packages: &[String],
) -> Result<String, Error> {
// 1. Extract base filesystem from current OSTree commit
let base_tree = self.ostree_manager.read_commit(base_commit).await?;
// 2. Create temporary directory for new layer
let layer_path = tempfile::tempdir()?.path().to_path_buf();
// 3. Copy base filesystem to layer
self.copy_tree(&base_tree, &layer_path).await?;
// 4. Apply DEB packages to layer
for package in packages {
self.apply_package_to_layer(package, &layer_path).await?;
}
// 5. Process package scripts and handle conflicts
self.process_package_scripts(&layer_path, packages).await?;
// 6. Create new OSTree commit from layer
let new_commit = self.ostree_manager.commit_tree(
&layer_path,
&format!("Package layer: {}", packages.join(", ")),
Some(base_commit), // Parent commit
).await?;
// 7. Update ref to point to new commit
self.ostree_manager.update_ref("debian/13/x86_64/silverblue", &new_commit).await?;
Ok(new_commit)
}
}
Package Layer Management
Layer Operations
// Complete layer management operations:
impl AptOstreeIntegration {
// Install packages (creates new layer)
pub async fn install_packages(&self, packages: &[String]) -> Result<String, Error> {
let current_commit = self.get_booted_commit().await?;
self.create_package_layer(¤t_commit, packages).await
}
// Remove packages (creates new layer without packages)
pub async fn remove_packages(&self, packages: &[String]) -> Result<String, Error> {
let current_commit = self.get_booted_commit().await?;
self.create_deployment_without_packages(¤t_commit, packages).await
}
// Upgrade packages (creates new layer with updated packages)
pub async fn upgrade_packages(&self, packages: &[String]) -> Result<String, Error> {
let current_commit = self.get_booted_commit().await?;
self.create_upgraded_layer(¤t_commit, packages).await
}
// List package layers
pub async fn list_package_layers(&self) -> Result<Vec<PackageLayer>, Error> {
let deployments = self.ostree_manager.list_deployments().await?;
self.extract_package_info_from_deployments(&deployments).await
}
}
Layer Information Structure
// Package layer metadata:
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PackageLayer {
pub commit_hash: String,
pub parent_commit: Option<String>,
pub packages_installed: Vec<InstalledPackage>,
pub packages_removed: Vec<String>,
pub commit_message: String,
pub timestamp: u64,
pub user_id: u32,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct InstalledPackage {
pub name: String,
pub version: String,
pub architecture: String,
pub description: String,
pub files: Vec<String>,
pub dependencies: Vec<String>,
pub scripts: HashMap<String, String>,
}
Filesystem Assembly for Package Layers
Layer Assembly Process
// How packages are assembled into new filesystem tree:
impl FilesystemAssembler {
pub async fn assemble_package_layer(
&mut self,
base_commit: &str,
packages: &[String],
) -> Result<PathBuf, Error> {
// 1. Start with clean staging area
self.clean_staging_area().await?;
// 2. Extract base deployment to staging
self.extract_base_deployment(base_commit).await?;
// 3. Apply package layers in dependency order
let sorted_packages = self.sort_packages_by_dependencies(packages).await?;
for package in sorted_packages {
self.apply_package_to_staging(package).await?;
}
// 4. Handle file conflicts and replacements
self.resolve_file_conflicts().await?;
// 5. Execute package scripts
self.execute_package_scripts(packages).await?;
// 6. Optimize with hardlinks and deduplication
self.optimize_filesystem().await?;
// 7. Set proper permissions and ownership
self.set_permissions().await?;
Ok(self.staging_root.path().to_path_buf())
}
async fn apply_package_to_staging(&mut self, package: &str) -> Result<(), Error> {
// Extract DEB package contents
let package_contents = self.extract_deb_package(package).await?;
// Apply files to staging area
for (file_path, file_content) in package_contents.files {
let full_path = self.staging_root.join(&file_path);
// Create parent directories
if let Some(parent) = full_path.parent() {
tokio::fs::create_dir_all(parent).await?;
}
// Write file content
tokio::fs::write(&full_path, file_content).await?;
}
// Handle package scripts
if let Some(scripts) = package_contents.scripts {
self.store_package_scripts(package, scripts).await?;
}
Ok(())
}
}
Package Script Execution in Layers
Script Handling
// Package script execution within layers:
impl ScriptExecutor {
pub async fn execute_package_scripts(
&self,
staging_root: &Path,
packages: &[String],
) -> Result<(), Error> {
for package in packages {
// Execute pre-installation scripts
if let Some(preinst) = self.find_package_script(package, "preinst") {
self.execute_script_in_sandbox(preinst, staging_root).await?;
}
// Execute post-installation scripts
if let Some(postinst) = self.find_package_script(package, "postinst") {
self.execute_script_in_sandbox(postinst, staging_root).await?;
}
}
Ok(())
}
async fn execute_script_in_sandbox(
&self,
script_path: &Path,
staging_root: &Path,
) -> Result<(), Error> {
// Set up sandboxed environment
let mut sandbox = self.create_sandbox().await?;
// Mount staging root as / (root filesystem)
sandbox.bind_mount(staging_root, "/")?;
// Mount necessary system directories
sandbox.bind_mount("/proc", "/proc")?;
sandbox.bind_mount("/sys", "/sys")?;
sandbox.bind_mount("/dev", "/dev")?;
// Execute script in sandbox
let output = sandbox.exec(script_path, &[]).await?;
if !output.status.success() {
return Err(Error::ScriptExecutionFailed {
script: script_path.to_string_lossy().to_string(),
stderr: output.stderr,
exit_code: output.status.code(),
});
}
Ok(())
}
}
Layer Rollback and Recovery
Rollback Implementation
// Rollback to previous package layer:
impl AptOstreeIntegration {
pub async fn rollback_to_previous_layer(&self) -> Result<(), Error> {
// 1. Get current and previous deployments
let deployments = self.ostree_manager.list_deployments().await?;
let current = deployments.iter().find(|d| d.booted).ok_or(Error::NoBootedDeployment)?;
let previous = deployments.iter().find(|d| d.serial == current.serial - 1)
.ok_or(Error::NoPreviousDeployment)?;
// 2. Set previous deployment as default
self.ostree_manager.set_default_deployment(&previous.checksum).await?;
// 3. Reboot system to activate rollback
self.ostree_manager.reboot_system().await?;
Ok(())
}
pub async fn list_available_rollbacks(&self) -> Result<Vec<RollbackTarget>, Error> {
let deployments = self.ostree_manager.list_deployments().await?;
let current = deployments.iter().find(|d| d.booted)
.ok_or(Error::NoBootedDeployment)?;
// Find all previous deployments
let rollbacks: Vec<_> = deployments.iter()
.filter(|d| d.serial < current.serial)
.map(|d| RollbackTarget {
commit_hash: d.checksum.clone(),
serial: d.serial,
timestamp: d.timestamp,
packages: self.extract_package_info(&d.checksum).await?,
})
.collect();
Ok(rollbacks)
}
}
🔄 Transaction Flow
1. Transaction Creation
Client Request → Daemon → Create Transaction Object → Return Transaction Path
Implementation:
// In daemon
impl AptOstreeDaemon {
async fn create_transaction(&self) -> zbus::fdo::Result<String> {
let transaction = Transaction::new(
self.get_user_id().await?,
self.get_session_id().await?,
"Package installation".to_string(),
"apt-ostree CLI".to_string(),
);
let transaction_id = transaction.id.clone();
self.transactions.write().await.insert(transaction_id.clone(), transaction);
Ok(transaction_id)
}
}
2. Transaction Execution
Transaction.Start() → Lock Sysroot → Execute Operations → Emit Progress Signals
Implementation:
impl Transaction {
pub async fn execute(&mut self, daemon: &AptOstreeDaemon) -> Result<(), TransactionError> {
self.state = TransactionState::InProgress;
// Lock sysroot
self.sysroot_locked = true;
// Execute operations
for operation in &self.operations {
match operation {
Operation::InstallPackage { name, version } => {
daemon.install_package(name, version).await?;
}
Operation::RemovePackage { name } => {
daemon.remove_package(name).await?;
}
Operation::UpdateSystem => {
daemon.update_system().await?;
}
// ... other operations
}
}
self.state = TransactionState::Committed;
self.sysroot_locked = false;
Ok(())
}
}
3. Progress Monitoring
Operations Execute → Progress Signals → Client Display → User Feedback
Implementation:
// In daemon
impl AptOstreeDaemon {
async fn emit_progress(&self, transaction_id: &str, progress: u32, message: &str) {
if let Some(transaction) = self.transactions.read().await.get(transaction_id) {
// Emit DBus signal
self.connection.emit_signal(
None,
&transaction.get_object_path(),
"org.projectatomic.aptostree1.Transaction",
"PercentProgress",
&(message, progress),
).ok();
}
}
}
🏗️ Implementation Architecture
1. OSTree Manager Structure
// daemon/src/ostree.rs
use ostree::Repo;
use std::path::PathBuf;
use tokio::sync::RwLock;
use std::sync::Arc;
pub struct OstreeManager {
repo: Arc<RwLock<Repo>>,
sysroot_path: PathBuf,
deployment_cache: Arc<RwLock<HashMap<String, DeploymentInfo>>>,
staging_deployments: Arc<RwLock<HashMap<String, StagingDeployment>>>,
}
pub struct DeploymentInfo {
pub id: String,
pub osname: String,
pub serial: i32,
pub checksum: String,
pub version: String,
pub timestamp: u64,
pub origin: String,
pub booted: bool,
pub pending: bool,
pub staged: bool,
}
pub struct StagingDeployment {
pub ref_name: String,
pub base_commit: String,
pub packages_added: Vec<String>,
pub packages_removed: Vec<String>,
pub kernel_args: Vec<String>,
pub initramfs_regenerate: bool,
}
2. APT Integration with OSTree
// daemon/src/apt_ostree_integration.rs
use crate::ostree::OstreeManager;
use crate::apt::AptManager;
pub struct AptOstreeIntegration {
ostree_manager: Arc<OstreeManager>,
apt_manager: Arc<AptManager>,
}
impl AptOstreeIntegration {
pub async fn install_packages(&self, packages: &[String]) -> Result<String, Error> {
// 1. Create staging deployment
let staging_ref = self.ostree_manager.create_staging_deployment().await?;
// 2. Resolve package dependencies
let all_packages = self.apt_manager.resolve_dependencies(packages).await?;
// 3. Download packages
let package_paths = self.apt_manager.download_packages(&all_packages).await?;
// 4. Extract packages to staging
for (package, path) in all_packages.iter().zip(package_paths.iter()) {
self.extract_package_to_staging(&staging_ref, package, path).await?;
}
// 5. Execute package scripts
self.execute_package_scripts(&staging_ref, &all_packages).await?;
// 6. Commit staging deployment
let commit_hash = self.ostree_manager.commit_staging_deployment(
&staging_ref,
&format!("Install packages: {}", packages.join(", ")),
).await?;
Ok(commit_hash)
}
async fn extract_package_to_staging(
&self,
staging_ref: &str,
package: &str,
package_path: &Path,
) -> Result<(), Error> {
// Extract DEB package contents to staging deployment
// Handle file conflicts and permissions
// Update package database
}
async fn execute_package_scripts(
&self,
staging_ref: &str,
packages: &[String],
) -> Result<(), Error> {
// Execute preinst, postinst scripts in sandbox
// Handle script failures with rollback
// Update system state
}
}
3. Filesystem Assembly
// daemon/src/filesystem_assembly.rs
use std::path::Path;
use cap_std::fs::Dir;
pub struct FilesystemAssembler {
staging_root: Dir,
base_deployment: PathBuf,
}
impl FilesystemAssembler {
pub async fn assemble_from_scratch(&mut self) -> Result<(), Error> {
// 1. Start with clean staging area
self.clean_staging_area().await?;
// 2. Copy base deployment
self.copy_base_deployment().await?;
// 3. Apply package layers in dependency order
self.apply_package_layers().await?;
// 4. Handle file conflicts and replacements
self.resolve_file_conflicts().await?;
// 5. Optimize with hardlinks
self.optimize_hardlinks().await?;
// 6. Set proper permissions
self.set_permissions().await?;
Ok(())
}
async fn copy_base_deployment(&mut self) -> Result<(), Error> {
// Copy base OSTree deployment to staging
// Preserve hardlinks and special files
// Handle symlinks and mount points
}
async fn apply_package_layers(&mut self) -> Result<(), Error> {
// Apply packages in topological dependency order
// Handle file additions, modifications, removals
// Preserve package metadata
}
async fn resolve_file_conflicts(&mut self) -> Result<(), Error> {
// Detect file conflicts between packages
// Apply conflict resolution rules
// Handle file replacements and overrides
}
async fn optimize_hardlinks(&mut self) -> Result<(), Error> {
// Detect identical files across packages
// Create hardlinks for content deduplication
// Update file reference counts
}
}
🔐 Security and Privileges
1. Privilege Management
// daemon/src/security.rs
use polkit::Authority;
pub struct SecurityManager {
polkit_authority: Authority,
}
impl SecurityManager {
pub async fn check_ostree_operation(
&self,
operation: &str,
user_id: u32,
) -> Result<bool, SecurityError> {
let action = match operation {
"deploy" => "org.projectatomic.aptostree.deploy",
"upgrade" => "org.projectatomic.aptostree.upgrade",
"rollback" => "org.projectatomic.aptostree.rollback",
"install" => "org.projectatomic.aptostree.install-uninstall-packages",
"uninstall" => "org.projectatomic.aptostree.install-uninstall-packages",
"kargs" => "org.projectatomic.aptostree.bootconfig",
"initramfs" => "org.projectatomic.aptostree.bootconfig",
_ => return Err(SecurityError::UnknownOperation(operation.to_string())),
};
self.check_authorization(action, user_id, HashMap::new()).await
}
}
2. Sandboxing
// daemon/src/sandbox.rs
use bubblewrap::Bubblewrap;
pub struct ScriptSandbox {
bubblewrap: Bubblewrap,
}
impl ScriptSandbox {
pub async fn execute_package_script(
&self,
script_path: &Path,
environment: &HashMap<String, String>,
) -> Result<(), Error> {
// Set up sandbox environment
let mut sandbox = self.bubblewrap.clone();
// Mount necessary directories
sandbox.bind_mount("/proc", "/proc")?;
sandbox.bind_mount("/sys", "/sys")?;
sandbox.bind_mount("/dev", "/dev")?;
// Set up namespaces
sandbox.unshare_user()?;
sandbox.unshare_net()?;
// Execute script
let output = sandbox.exec(script_path, environment).await?;
if !output.status.success() {
return Err(Error::ScriptExecutionFailed(output.stderr));
}
Ok(())
}
}
📊 Performance Optimization
1. Caching Strategy
// daemon/src/cache.rs
use std::collections::HashMap;
use tokio::sync::RwLock;
pub struct OstreeCache {
deployment_cache: Arc<RwLock<HashMap<String, DeploymentInfo>>>,
package_cache: Arc<RwLock<HashMap<String, PackageInfo>>>,
metadata_cache: Arc<RwLock<HashMap<String, MetadataInfo>>>,
}
impl OstreeCache {
pub async fn get_deployment_info(&self, deploy_id: &str) -> Option<DeploymentInfo> {
self.deployment_cache.read().await.get(deploy_id).cloned()
}
pub async fn cache_deployment_info(&self, deploy_id: String, info: DeploymentInfo) {
self.deployment_cache.write().await.insert(deploy_id, info);
}
pub async fn invalidate_cache(&self) {
self.deployment_cache.write().await.clear();
self.package_cache.write().await.clear();
self.metadata_cache.write().await.clear();
}
}
2. Parallel Operations
// daemon/src/parallel_ops.rs
use tokio::task::JoinSet;
impl AptOstreeIntegration {
pub async fn install_packages_parallel(&self, packages: &[String]) -> Result<(), Error> {
let mut tasks = JoinSet::new();
// Spawn parallel download tasks
for package in packages {
let package = package.clone();
let apt_manager = self.apt_manager.clone();
tasks.spawn(async move {
apt_manager.download_package(&package).await
});
}
// Collect results
let mut results = Vec::new();
while let Some(result) = tasks.join_next().await {
results.push(result??);
}
// Process downloaded packages
for package_path in results {
self.process_downloaded_package(package_path).await?;
}
Ok(())
}
}
🧪 Testing Strategy
1. Unit Tests
#[cfg(test)]
mod tests {
use super::*;
#[tokio::test]
async fn test_deployment_creation() {
let ostree_manager = OstreeManager::new(PathBuf::from("/tmp/test")).await.unwrap();
let deploy_id = ostree_manager.create_deployment("test-ref").await.unwrap();
assert!(!deploy_id.is_empty());
}
#[tokio::test]
async fn test_package_installation() {
let integration = AptOstreeIntegration::new().await.unwrap();
let result = integration.install_packages(&["test-package"]).await;
assert!(result.is_ok());
}
}
2. Integration Tests
#[tokio::test]
async fn test_full_workflow() {
// Start daemon
let daemon_handle = tokio::spawn(run_daemon());
// Wait for daemon to be ready
tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
// Test client operations
let client = AptOstreeClient::new().await.unwrap();
// Create transaction
let transaction_id = client.create_transaction().await.unwrap();
// Install package
let success = client.install_packages(
&transaction_id,
vec!["test-package".to_string()],
).await.unwrap();
assert!(success);
// Cleanup
daemon_handle.abort();
}
🚀 Future Enhancements
1. Live Updates
- Apply package changes without reboot
- Runtime package activation
- Dynamic configuration updates
2. Delta Updates
- Efficient update delivery
- Binary diff application
- Network optimization
3. Rollback Points
- Multiple rollback targets
- Automatic rollback triggers
- Rollback history management
4. Package Variants
- Alternative package versions
- Feature-based package selection
- Custom package configurations
This architecture provides a solid foundation for implementing production-ready OSTree handling in apt-ostree, maintaining compatibility with the rpm-ostree ecosystem while leveraging the strengths of the Debian/Ubuntu package management system.