rpm-ostree kargs not working

[oglok]

rpm-ostree kargs --append='audit=0' is not working:

podman build -t quay.io/flightctl/flightctl-agent:latest -f packaging/Containerfile.fedora ./
STEP 1/13: FROM quay.io/centos-bootc/fedora-bootc:eln
STEP 2/13: COPY rpmbuild/RPMS/x86_64/flightctl-agent-0.0.1-1.el9.x86_64.rpm /tmp/
--> Using cache d6c77d8351a0e8777c7786cf4218fd16f120ec240b778a00bfa69eb93106db99
--> d6c77d8351a0
STEP 3/13: COPY packaging/flightctl-custom-assets/flightctl_rsa.pub /usr/etc-system/root.keys
--> Using cache e9d47ae7f9756a2a45a3a803f5817599f0a4c8f8d166fade365bfd5e06d3669f
--> e9d47ae7f975
STEP 4/13: RUN touch /etc/ssh/sshd_config.d/30-auth-system.conf;     mkdir -p /usr/etc-system/;     echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf;     chmod 0600 /usr/etc-system/root.keys
--> Using cache f094fb7d73fbc90d709f1d43dffc5b9b44f4739d6fae3b7f44018a48dbcb1cb7
--> f094fb7d73fb
STEP 5/13: VOLUME /var/roothome
--> Using cache 5c199e0456b55e4feb83f4bbd7afa08ef3bb8e360b141f6e203c793b1f15403b
--> 5c199e0456b5
STEP 6/13: ADD packaging/flightctl-custom-assets/config.yaml /etc/flightctl/
--> Using cache 08068ad64e01a17b5deaf1f17a5b111441b081994aa19341c1430f70c44b1935
--> 08068ad64e01
STEP 7/13: ADD packaging/flightctl-custom-assets/ca.crt /etc/flightctl
--> Using cache 6cf50e3e940d43a151d8df1efa69adb4f1ab78be5f278bba851b7bc4791ae076
--> 6cf50e3e940d
STEP 8/13: ADD packaging/flightctl-custom-assets/client-enrollment.* /etc/flightctl/
--> Using cache 467f88db436db8c62bf93775f271861275679c2e5ec8bdbed7f4e10eaf9cbb44
--> 467f88db436d
STEP 9/13: RUN rpm-ostree install -y /tmp/flightctl-agent-0.0.1-1.el9.x86_64.rpm
--> Using cache 51a5903e3b71a19a548282e35e933c153d03470071b02525b622877e3e5b2c69
--> 51a5903e3b71
STEP 10/13: RUN ln -s /usr/lib/systemd/system/podman.socket /usr/lib/systemd/system/multi-user.target.wants/
--> Using cache 886a0421c6f532094be9c8298f451e63e241c59316ad61907e06e6c6187650b6
--> 886a0421c6f5
STEP 11/13: RUN ln -s /usr/lib/systemd/system/flightctl-agent.service /usr/lib/systemd/system/multi-user.target.wants/
--> Using cache e83c1f9965b89846251ea2b1e4df3c969a52c9984e7f42c50e855035ee39fa79
--> e83c1f9965b8
STEP 12/13: RUN rpm-ostree kargs --append=audit=0
error: This system was not booted via libostree.
Currently, most rpm-ostree commands only work on ostree-based host systems.

Error: building at STEP "RUN rpm-ostree kargs --append=audit=0": while running runtime: exit status 1

This is the containerfile:

FROM quay.io/centos-bootc/fedora-bootc:eln

COPY rpmbuild/RPMS/x86_64/flightctl-agent-0.0.1-1.el9.x86_64.rpm /tmp/

COPY packaging/flightctl-custom-assets/flightctl_rsa.pub /usr/etc-system/root.keys
RUN touch /etc/ssh/sshd_config.d/30-auth-system.conf; \
    mkdir -p /usr/etc-system/; \
    echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf; \
    chmod 0600 /usr/etc-system/root.keys
VOLUME /var/roothome

ADD packaging/flightctl-custom-assets/config.yaml /etc/flightctl/
ADD packaging/flightctl-custom-assets/ca.crt /etc/flightctl
ADD packaging/flightctl-custom-assets/client-enrollment.* /etc/flightctl/

RUN rpm-ostree install -y /tmp/flightctl-agent-0.0.1-1.el9.x86_64.rpm
RUN ln -s /usr/lib/systemd/system/podman.socket /usr/lib/systemd/system/multi-user.target.wants/
RUN ln -s /usr/lib/systemd/system/flightctl-agent.service /usr/lib/systemd/system/multi-user.target.wants/
RUN rpm-ostree kargs --append='audit=0'
RUN ostree container commit

Any clue why? The image indeed is OSTree based.

[miabbott]

This might be a better issue for https://github.com/containers/bootc

I agree that we should ultimately support the use of rpm-ostree kargs in the Containerfile, but until that happens, the preferred way of configuring kargs at build time is via the /usr/lib/bootc/install/00-<osname>.toml file. See https://containers.github.io/bootc/install/#operating-system-install-configuration-required

[cgwalters]

Closing in favor of containers/bootc#255