Critical safety and compatibility fixes based on ChatGPT feedback

SAFETY FIXES: - Add prominent safety warnings for destructive operations - Add BOOTC_I_KNOW_THIS_WIPES_MY_DISK environment variable checks - Add safety warnings to manual installation scripts BUILD FIXES: - Fix Containerfile systemd calls to use symlinks instead of systemctl - Replace brittle image validation with podman image mount - Add fallback for rootless/mount issues COMPATIBILITY FIXES: - Align Debian version references (12 Bookworm vs 14 Forky) - Add comprehensive COMPATIBILITY.md with version matrix - Add kernel requirements for composefs (5.15+ basic, 6.5+ recommended) - Document experimental flags and version requirements TECHNICAL IMPROVEMENTS: - Use DEBIAN_FRONTEND=noninteractive in build scripts - Improve image inspection robustness - Add explicit version testing matrix - Document known issues and workarounds This addresses the most critical issues identified in the ChatGPT review: 1. Safety warnings for destructive operations 2. Build-time systemd handling fixes 3. Robust image validation methods 4. Version compatibility documentation
2025-09-15 14:19:12 -07:00 · 2025-09-15 14:19:12 -07:00 · d2238df478
commit d2238df478
parent 4f6cc99ba2
5 changed files with 209 additions and 21 deletions
--- a/building/base-images-wo-bootc.md
+++ b/building/base-images-wo-bootc.md
@ -116,20 +116,25 @@ RUN apt install -y \
 set -euo pipefail

 IMAGE_NAME="${1:-debian-bootc-base:latest}"
-TEMP_DIR=$(mktemp -d)

 echo "🔍 Validating filesystem structure for ${IMAGE_NAME}"

-# Extract image to temporary directory
-podman save "${IMAGE_NAME}" | tar -xf - -C "${TEMP_DIR}"
-
-# Find the layer directory
-LAYER_DIR=$(find "${TEMP_DIR}" -name "layer.tar" | head -1 | xargs dirname)
-
-# Extract the layer
-tar -xf "${LAYER_DIR}/layer.tar" -C "${TEMP_DIR}/extracted"
-
-ROOTFS="${TEMP_DIR}/extracted"
+# Use podman image mount for robust image inspection
+echo "📦 Mounting image for inspection..."
+MOUNTPOINT=$(podman image mount "${IMAGE_NAME}")
+if [ -z "${MOUNTPOINT}" ]; then
+    echo "❌ Failed to mount image. Trying alternative method..."
+    # Fallback: extract using podman save (less robust)
+    TEMP_DIR=$(mktemp -d)
+    podman save "${IMAGE_NAME}" | tar -xf - -C "${TEMP_DIR}"
+    LAYER_DIR=$(find "${TEMP_DIR}" -name "layer.tar" | head -1 | xargs dirname)
+    tar -xf "${LAYER_DIR}/layer.tar" -C "${TEMP_DIR}/extracted"
+    ROOTFS="${TEMP_DIR}/extracted"
+    CLEANUP_TEMP=1
+else
+    ROOTFS="${MOUNTPOINT}"
+    CLEANUP_TEMP=0
+fi

 echo "✅ Checking systemd as init..."
 if [ -L "${ROOTFS}/sbin/init" ] && [ "$(readlink "${ROOTFS}/sbin/init")" = "/lib/systemd/systemd" ]; then
@ -192,7 +197,11 @@ else
 fi

 # Clean up
-rm -rf "${TEMP_DIR}"
+if [ "${CLEANUP_TEMP}" = "1" ]; then
+    rm -rf "${TEMP_DIR}"
+else
+    podman image umount "${IMAGE_NAME}"
+fi

 echo "🎉 All filesystem validations passed!"
 ```
@ -337,13 +346,14 @@ RUN mkdir -p /usr/lib/systemd/system \
 # Configure systemd as init
 RUN ln -sf /lib/systemd/systemd /sbin/init

-# Set up basic systemd configuration
-RUN systemctl set-default multi-user.target
+# Set up basic systemd configuration (using symlinks instead of systemctl)
+RUN ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

-# Create essential systemd services
-RUN systemctl enable systemd-resolved.service \
-    systemd-networkd.service \
-    systemd-timesyncd.service
+# Create essential systemd services (using symlinks instead of systemctl)
+RUN mkdir -p /etc/systemd/system/multi-user.target.wants \
+    && ln -sf /usr/lib/systemd/system/systemd-resolved.service /etc/systemd/system/multi-user.target.wants/systemd-resolved.service \
+    && ln -sf /usr/lib/systemd/system/systemd-networkd.service /etc/systemd/system/multi-user.target.wants/systemd-networkd.service \
+    && ln -sf /usr/lib/systemd/system/systemd-timesyncd.service /etc/systemd/system/multi-user.target.wants/systemd-timesyncd.service

 # Configure basic networking
 RUN echo -e "[Match]\nName=*\n\n[Network]\nDHCP=yes" > /etc/systemd/network/80-dhcp.network
@ -357,8 +367,8 @@ RUN systemd-tmpfiles --create
 # Create essential systemd unit files
 RUN echo -e "[Unit]\nDescription=Bootc Base Image\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/bin/true\n\n[Install]\nWantedBy=multi-user.target" > /etc/systemd/system/bootc-base.service

-# Enable the bootc base service
-RUN systemctl enable bootc-base.service
+# Enable the bootc base service (using symlink instead of systemctl)
+RUN ln -sf /etc/systemd/system/bootc-base.service /etc/systemd/system/multi-user.target.wants/bootc-base.service

 # Required bootc labels
 LABEL containers.bootc 1
@ -843,6 +853,17 @@ set -euo pipefail
 IMAGE_NAME="${1:-debian-bootc-base:latest}"
 TARGET_ROOT="${2:-/mnt/sysroot}"

+# Safety check for destructive operations
+if [ "${TARGET_ROOT}" != "/mnt/sysroot" ] && [ -z "${BOOTC_I_KNOW_THIS_WIPES_MY_DISK:-}" ]; then
+    echo "⚠️  WARNING: This script will perform DESTRUCTIVE operations!"
+    echo "Target: ${TARGET_ROOT}"
+    echo "This may WIPE existing data and partitions!"
+    echo ""
+    echo "To proceed, set: BOOTC_I_KNOW_THIS_WIPES_MY_DISK=1"
+    echo "Example: BOOTC_I_KNOW_THIS_WIPES_MY_DISK=1 $0 ${IMAGE_NAME} ${TARGET_ROOT}"
+    exit 1
+fi
+
 echo "🏗️  Manually installing bootc image without bootc binary"
 echo "Image: ${IMAGE_NAME}"
 echo "Target: ${TARGET_ROOT}"