apt-ostree/BOOTC_NATIVE_UBUNTU_COMPATIBILITY_REPORT.md

# Bootc Native Build on Ubuntu: Updated Compatibility Report

## 🎯 Executive Summary

**Major Update**: `libostree 2025.2-1` is now available in Ubuntu's `questing-release`, dramatically improving the feasibility of native bootc builds on Ubuntu systems. This resolves the core version compatibility issues that previously blocked native bootc deployment.

## 📊 Current Status Matrix

| Ubuntu Release | libostree Version | bootc Native Build | Recommended Approach |
|----------------|-------------------|-------------------|---------------------|
| **Ubuntu Questing** | **2025.2-1** | ✅ **FULLY SUPPORTED** | Native build with official packages |
| Ubuntu Noble (24.04 LTS) | 2024.5-1build2 | ⚠️ Requires workarounds | Containerized build or source compilation |
| Ubuntu Jammy (22.04 LTS) | 2022.7-1 | ❌ Not supported | Containerized build only |
| Debian Sid | 2025.2-1 | ✅ **FULLY SUPPORTED** | Native build with official packages |

## 🚀 Scenario 1: Ubuntu Questing (Recommended)

### **Status: ✅ FULLY SUPPORTED**

With `libostree 2025.2-1` available in Ubuntu Questing, native bootc builds are now straightforward:

```bash
# Install the required packages
sudo apt update
sudo apt install libostree-dev libostree-1-1 ostree

# Clone and build bootc
git clone https://github.com/containers/bootc.git
cd bootc
cargo build --release
```

### **Advantages:**
- ✅ No API compatibility issues
- ✅ All bootc features available
- ✅ Official package support
- ✅ No system modifications required
- ✅ Full signature verification support

### **AppArmor Considerations:**
- The `SePolicy::set_null_log()` call may need patching for AppArmor systems
- Monitor `dmesg` and `journalctl` for AppArmor denials
- May require custom AppArmor profiles for bootc services

## ⚠️ Scenario 2: Ubuntu Noble (24.04 LTS)

### **Status: ⚠️ REQUIRES WORKAROUNDS**

Ubuntu Noble has `libostree 2024.5-1build2`, which is incompatible with bootc's requirements.

### **Option A: Containerized Build (Recommended)**

```dockerfile
# Dockerfile.bootc_builder
FROM fedora:latest

RUN dnf install -y \
    rust cargo \
    pkg-config \
    make gcc \
    git \
    glib2-devel \
    libcurl-devel \
    openssl-devel \
    systemd-devel \
    libmount-devel \
    libselinux-devel

WORKDIR /usr/src/bootc
RUN git clone https://github.com/containers/bootc.git .
RUN cargo build --release

ENV PATH="/usr/src/bootc/target/release:${PATH}"
CMD ["bootc", "--help"]
```

**Usage:**
```bash
# Build the container
podman build -f Dockerfile.bootc_builder -t bootc-builder .

# Run bootc commands
sudo podman run --privileged --rm \
  -v /dev:/dev -v /sys:/sys -v /run:/run -v /:/host:rw \
  bootc-builder bootc install ...
```

### **Option B: Source Compilation (Advanced)**

```bash
# Install build dependencies
sudo apt install build-essential autoconf libtool pkg-config \
    libglib2.0-dev libfuse-dev libgpgme-dev libsystemd-dev libmount-dev \
    libcurl4-gnutls-dev libssl-dev libselinux1-dev

# Build libostree from source
wget https://github.com/ostreedev/ostree/releases/download/v2025.2/ostree-2025.2.tar.xz
tar xf ostree-2025.2.tar.xz
cd ostree-2025.2
./configure --prefix=/usr
make
sudo make install

# Build bootc
git clone https://github.com/containers/bootc.git
cd bootc
cargo build --release
```

**⚠️ Warning**: This replaces system libostree and may break other applications.

## 🔧 Known Compatibility Issues & Solutions

### **1. OSTree Version Requirements**

| Issue | Ubuntu Questing | Ubuntu Noble | Solution |
|-------|----------------|--------------|----------|
| libostree version | ✅ 2025.2-1 | ❌ 2024.5-1build2 | Use Questing or containerized build |
| Rust crate features | ✅ v2025_2 available | ❌ v2025_2 missing | Upgrade libostree or use container |

### **2. API Compatibility Issues**

| API | Status | Solution |
|-----|--------|----------|
| `signature_verify_commit_data` | ✅ Available in 2025.2 | Use Questing or container |
| `RepoVerifyFlags` | ✅ Available in 2025.2 | Use Questing or container |
| `SePolicy::set_null_log()` | ⚠️ May need AppArmor patch | Comment out for AppArmor systems |

### **3. Security Framework Differences**

| Framework | Ubuntu Default | bootc Design | Impact |
|-----------|----------------|--------------|---------|
| **SELinux** | ❌ Not used | ✅ Primary target | Limited security features |
| **AppArmor** | ✅ Default | ⚠️ Secondary support | May need custom profiles |

## 📋 Implementation Recommendations

### **For Development/Testing:**
1. **Use Ubuntu Questing** for native bootc development
2. **Use containerized builds** for Ubuntu Noble production systems
3. **Test thoroughly** with apt-ostree OCI images

### **For Production Deployment:**
1. **Ubuntu Questing**: Native bootc installation
2. **Ubuntu Noble**: Containerized bootc with proper volume mounts
3. **Older LTS**: Containerized approach only

### **For apt-ostree Integration:**
1. **Test bootc compatibility** with apt-ostree OCI images
2. **Validate signature verification** works correctly
3. **Create AppArmor profiles** if needed for production use

## 🎉 Conclusion

The availability of `libostree 2025.2-1` in Ubuntu Questing is a game-changer for native bootc support on Ubuntu systems. This enables:

- ✅ **Full native bootc functionality** on Ubuntu Questing
- ✅ **Complete apt-ostree integration** with Aurora-style workflows
- ✅ **No API compatibility issues** or workarounds needed
- ✅ **Production-ready deployment** capabilities

For Ubuntu Noble and older LTS releases, the containerized approach provides a practical path forward while maintaining system stability.

**Recommendation**: Upgrade to Ubuntu Questing for native bootc support, or use containerized builds for LTS releases.