Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Merge osbuildbootc into here, use osbuild/images PR #5

Closed
wants to merge 12 commits into from
Closed

WIP: Merge osbuildbootc into here, use osbuild/images PR #5

wants to merge 12 commits into from

Conversation

cgwalters
Copy link
Contributor

OK this was all pretty straightforward until I hit:

$ make
(cd cmd && go build -mod vendor -o ../bin/osbuildbootc)
(top=$(pwd); cd cmd/osbuild-deploy-container && go build -mod vendor -o ${top}/bin/osbuild-deploy-container)
package github.com/cgwalters/osbuildbootc/cmd/osbuild-deploy-container
        image.go:7:2: use of internal package github.com/osbuild/images/internal/common not allowed
package github.com/cgwalters/osbuildbootc/cmd/osbuild-deploy-container
        main.go:12:2: use of internal package github.com/osbuild/images/internal/dnfjson not allowed
package github.com/cgwalters/osbuildbootc/cmd/osbuild-deploy-container
        image.go:8:2: use of internal package github.com/osbuild/images/internal/users not allowed
package github.com/cgwalters/osbuildbootc/cmd/osbuild-deploy-container
        image.go:9:2: use of internal package github.com/osbuild/images/internal/workload not allowed
make: *** [Makefile:20: bin] Error 1

So I think we're going to need to figure that stuff out right?

@achilleas-k
Copy link
Member

achilleas-k commented Nov 13, 2023
edited
Loading

package github.com/cgwalters/osbuildbootc/cmd/osbuild-deploy-container
image.go:7:2: use of internal package github.com/osbuild/images/internal/common not allowed
package github.com/cgwalters/osbuildbootc/cmd/osbuild-deploy-container
main.go:12:2: use of internal package github.com/osbuild/images/internal/dnfjson not allowed
package github.com/cgwalters/osbuildbootc/cmd/osbuild-deploy-container
image.go:8:2: use of internal package github.com/osbuild/images/internal/users not allowed
package github.com/cgwalters/osbuildbootc/cmd/osbuild-deploy-container
image.go:9:2: use of internal package github.com/osbuild/images/internal/workload not allowed

  • dnfjson should be public and we're going to move it into pkg as part of this PR so it can also be used by osbuild-composer.
  • The things from common are trivial: one is just a ToPtr() function for making pointers from literals and the other is basically the equivalent of uname -m for getting the machine architecture.
  • workload should also be public. It's meant for configuring workload-specific customizations and would be useful to have in general (but maybe not for this). It's not really doing anything in this code (it's empty), I just needed a workload, any workload, to make the pipelines happy.
  • users I'll have to think about. We can drop it for now if we don't care about creating users while creating the image and think about it. I think it will end up being part of the public API though.

@achilleas-k achilleas-k mentioned this pull request Nov 24, 2023
Merged
2 tasks
@ondrejbudai
Copy link
Member

Do we still need this PR? The Go code is already here. I'm not sure about the VM-related code - it adds more user-facing surface and complexity. Do we actually have any users who need this?

@cgwalters
Copy link
Contributor Author

cgwalters commented Dec 19, 2023
edited
Loading

Do we still need this PR? The Go code is already here.

Yes, though the use of bootc install is not; osbuildbootc is attempting to serve as a reference for that still.

I'm not sure about the VM-related code - it adds more user-facing surface and complexity. Do we actually have any users who need this?

This is a good question. It's a tricky topic. My 90% day to day development environment does not involve root on host Linux system - I live in toolbox containers and launch unprivileged VMs (for both building disk images and testing). My host is only partially trivially reprovisionable (have some "pet" like aspects still) and on general principle I like to isolate root-privileged code.

Now, for cases like podman-desktop on Mac/Windows, it's the opposite; the Linux VM is (usually) ephemeral/reprovisionable and is already in a VM; we don't want to do nested virtualization.

I think where this problem becomes more real is the same problem around a flow that unifies "build" and "run"...we've had this discussion in many places. That problem is currently left on the floor for the podman-desktop flow (but there's some active discussions around reusing the podman-desktop VM code for these images).

If I'm on a Linux host, it would make sense to me to still support a fully unprivileged (modulo /dev/kvm) workflow...I don't think it'd be too much code; perhaps arguably we could use krunvm instead of the hacky bits we have in osbuildbootc with supermin...I need to play with that.

Anyways I'm fine to close this; we're already tracking the bootc install in the other issue, I can file a distinct one for the question of running this project unprivileged. In the short term I'm OK running privileged.

@cgwalters cgwalters closed this Dec 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cgwalters @achilleas-k @ondrejbudai