distro/rhel8: support embedding containers in ostree commits

Add support for embedding containers in OSTree commits by storing them in `/usr/share/containers/storage`. The storage engine is configured accordingly so that this extra location is automatically taken into account by e.g. `podman`.
2022-07-21 17:13:10 +02:00 · 2022-07-21 17:13:10 +02:00 · d7f1ed8ba7
commit d7f1ed8ba7
parent e290502a1d
2 changed files with 28 additions and 6 deletions
--- a/internal/distro/rhel8/distro.go
+++ b/internal/distro/rhel8/distro.go
@ -419,7 +419,16 @@ func (t *imageType) PackageSets(bp blueprint.Blueprint, options distro.ImageOpti

 	// if we are embedding containers we need to have `skopeo` in the build root
 	if len(bp.Containers) > 0 {
-		mergedSets[buildPkgsKey] = mergedSets[buildPkgsKey].Append(rpmmd.PackageSet{Include: []string{"skopeo"}})
+
+		extraPkgs := rpmmd.PackageSet{Include: []string{"skopeo"}}
+
+		if t.rpmOstree {
+			// for OSTree based images we need to configure the containers-storage.conf(5)
+			// via the org.osbuild.containers.storage.conf stage, which needs python3-pytoml
+			extraPkgs = extraPkgs.Append(rpmmd.PackageSet{Include: []string{"python3-pytoml"}})
+		}
+
+		mergedSets[buildPkgsKey] = mergedSets[buildPkgsKey].Append(extraPkgs)
 	}

 	// depsolve bp packages separately
@ -567,10 +576,8 @@ func (t *imageType) Manifest(customizations *blueprint.Customizations,
 // checkOptions checks the validity and compatibility of options and customizations for the image type.
 func (t *imageType) checkOptions(customizations *blueprint.Customizations, options distro.ImageOptions, containers []container.Spec) error {

-	// we support embedding containers on all image types that are not ostree based
-	// since we need to store them outside `/var` since that is not preserved in
-	// commits and then point the container `storage.conf` to that extra location
-	if t.rpmOstree && len(containers) > 0 {
+	// we do not support embedding containers on ostree-derived images, only on commits themselves
+	if len(containers) > 0 && t.rpmOstree && (t.name != "edge-commit" && t.name != "edge-container") {
 		return fmt.Errorf("embedding containers is not supported for %s on %s", t.name, t.arch.distro.name)
 	}

--- a/internal/distro/rhel8/pipelines.go
+++ b/internal/distro/rhel8/pipelines.go
@ -439,7 +439,22 @@ func osPipeline(t *imageType,

 	if len(containers) > 0 {
 		images := osbuild.NewContainersInputForSources(containers)
-		skopeo := osbuild.NewSkopeoStage(images, "")
+
+		var storagePath string
+
+		// OSTree commits do not include data in `/var` since that is tied to the
+		// deployment, rather than the commit. Therefore the containers need to be
+		// stored in a different location, like `/usr/share`, and the container
+		// storage engine configured accordingly.
+		if t.rpmOstree {
+			storagePath = "/usr/share/containers/storage"
+			storageConf := "/etc/containers/storage.conf"
+
+			containerStoreOpts := osbuild.NewContainerStorageOptions(storageConf, storagePath)
+			p.AddStage(osbuild.NewContainersStorageConfStage(containerStoreOpts))
+		}
+
+		skopeo := osbuild.NewSkopeoStage(images, storagePath)
 		p.AddStage(skopeo)
 	}