robojerk/particle-os-tools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
particle-os-tools/docs/apt-layer/rpm-ostree/architecture
History
robojerk a23b4e53fd
Some checks failed
Compile apt-layer (v2) / compile (push) Has been cancelled
Details
feat: Integrate apt-layer.sh with apt-ostree.py daemon via D-Bus 
- Added 20-daemon-integration.sh scriptlet for D-Bus and daemon lifecycle management
- Updated 99-main.sh with new daemon subcommands (start, stop, status, install, uninstall, test, layer, deploy, upgrade, rollback)
- Enhanced help and usage text for daemon integration
- Fixed bash syntax errors in daemon integration scriptlet
- Updated compile.sh to include daemon integration in build process
- Updated .gitignore to exclude src/rpm-ostree/ reference source
- Updated CHANGELOG.md and TODO.md to document daemon integration milestone
- Removed src/rpm-ostree/ from git tracking (reference only, not committed)
2025-07-15 17:08:15 -07:00
..
apply-live.md feat: Integrate apt-layer.sh with apt-ostree.py daemon via D-Bus 2025-07-15 17:08:15 -07:00
architecture-core.md feat: Integrate apt-layer.sh with apt-ostree.py daemon via D-Bus 2025-07-15 17:08:15 -07:00
architecture-daemon.md feat: Integrate apt-layer.sh with apt-ostree.py daemon via D-Bus 2025-07-15 17:08:15 -07:00
README.md feat: Integrate apt-layer.sh with apt-ostree.py daemon via D-Bus 2025-07-15 17:08:15 -07:00

README.md

Architecture

This section covers the core architectural concepts and design patterns used in rpm-ostree.

Overview

rpm-ostree's architecture is built around the concept of atomic, immutable filesystem trees combined with traditional package management. This hybrid approach provides the benefits of both image-based deployments and package-level operations.

Topics

RPM Packages, OSTree Commits

Understand how rpm-ostree converts RPM packages into OSTree commits and manages complete filesystem trees. This covers the fundamental processes that apply to both build servers and client systems.

Daemon Model

Learn about rpm-ostree's client/daemon architecture that ensures safe, serialized system operations. This includes D-Bus integration, transaction management, and polkit authorization.

Architecture of Apply-Live

Explore how rpm-ostree applies packages to the running system without requiring a reboot. This covers overlay filesystems, state tracking, and live update mechanisms.

Key Concepts

Hybrid System Design

rpm-ostree combines:

  • Package Management: Traditional RPM package operations
  • Image Deployment: Atomic, immutable filesystem trees
  • Container Integration: Native support for OCI containers

Atomic Operations

Every system change is:

  • Atomic: Applied completely or not at all
  • Transactional: Supports instant rollback
  • Consistent: Maintains system integrity

Layering Model

  • Base Image: Pre-tested, immutable foundation
  • Layered Packages: User-installed packages
  • Extensions: Optional system components

Architecture Components

Core Components

  1. OSTree: Git-like versioning for filesystem trees
  2. Package Manager: RPM package handling and dependency resolution
  3. Bootloader Integration: GRUB and systemd-boot support
  4. Systemd Integration: Service and timer management

Client/Server Model

  1. Client: Command-line interface and user operations
  2. Daemon: Background service for system operations
  3. D-Bus: Inter-process communication
  4. Polkit: Authorization and access control

Storage Model

  1. Repository: OSTree repository for commits and objects
  2. Deployments: Bootable filesystem trees
  3. Layered Storage: Package layers on immutable base
  4. State Management: Transaction and rollback state

Design Principles

Immutability

  • Immutable Base: Base system cannot be modified directly
  • Atomic Updates: Complete system updates applied atomically
  • Version Control: Git-like versioning for system state

Predictability

  • Reproducible Builds: Identical deployments from same inputs
  • No Drift: System state remains consistent over time
  • Declarative Configuration: System state defined declaratively

Security

  • Tamper Resistance: Immutable base prevents tampering
  • Verification: Package and content verification
  • Isolation: Container and extension isolation

Implementation Patterns

Package Conversion

# Convert RPM packages to OSTree commit
RPM Packages → Download → Import → Tree Generation → OSTree Commit

Transaction Model

# Transaction lifecycle
Client Request → Daemon Processing → Transaction Execution → Result

Live Updates

# Live update process
Overlay Mount → Package Application → State Tracking → Rollback Ready

Integration Points

System Integration

  • systemd: Service and timer integration
  • Bootloader: GRUB and systemd-boot support
  • SELinux: Security policy integration
  • Network: Repository and update services

Container Integration

  • OCI Containers: Native container support
  • Container Images: OCI image building and distribution
  • Container Runtime: Integration with container runtimes

Development Integration

  • Build Tools: Compose server and build pipelines
  • CI/CD: Continuous integration and deployment
  • Monitoring: Health checks and metrics collection

Performance Considerations

Optimization Strategies

  1. Hardlink Optimization: Share identical files between versions
  2. Parallel Processing: Parallel downloads and operations
  3. Caching: Package and layer caching
  4. Incremental Updates: Build on existing commits

Resource Management

  1. Storage Efficiency: Content-addressed storage
  2. Memory Usage: Optimized memory usage for large operations
  3. Network Optimization: Efficient package and commit transfer
  4. CPU Utilization: Parallel processing and optimization

Security Architecture

Verification Chain

  1. Package Signatures: GPG signature verification
  2. Content Integrity: Checksum verification
  3. Commit Signatures: OSTree commit signing
  4. Transport Security: HTTPS and secure transmission

Access Control

  1. Polkit Integration: Authorization framework
  2. User Permissions: Unprivileged user operations
  3. Service Isolation: Container and service isolation
  4. Audit Trails: Comprehensive logging and auditing

Future Directions

Planned Enhancements

  1. Enhanced Container Support: Better OCI integration
  2. Declarative Configuration: System state as code
  3. Multi-Architecture Support: ARM, RISC-V, etc.
  4. Performance Improvements: Faster updates and deployments

Community Development

  1. Open Source: Active community development
  2. Standards: Alignment with industry standards
  3. Integration: Broader ecosystem integration
  4. Documentation: Comprehensive documentation and guides

The architecture provides the foundation for rpm-ostree's hybrid image/package system. Understanding these patterns is essential for effective system design and implementation.