Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow --installroot on read-only bootc system #2121

Merged

Conversation

ppisar
Copy link
Contributor

@ppisar ppisar commented Aug 15, 2024

Some people use --installroot on a read-only bootc system to install a system into a chroot subtree. However, current bootc check did not take into account --installroot and rejected the operation.

This patch augments the check for a writable installroot being different from /.

The comparison for / is there to deal with bootc systems with a writeable /. Currently it's uncerain whether systems like that exist.

Resolves: #2108

@pep8speaks
Copy link

pep8speaks commented Aug 15, 2024

Hello @ppisar! Thanks for updating this PR. We checked the lines you've touched for PEP 8 issues, and found:

There are currently no PEP 8 issues detected in this Pull Request. Cheers! 🍻

Comment last updated at 2024-08-22 07:46:47 UTC

@travier
Copy link

travier commented Aug 20, 2024

Checking for os.path.realpath(self.conf.installroot) == "/" should be sufficient. The _is_bootc_host function already checks for the writable case (in #2110).

@jan-kolarik
Copy link
Member

Checking for os.path.realpath(self.conf.installroot) == "/" should be sufficient. The _is_bootc_host function already checks for the writable case (in #2110).

But in this case, I believe the check is happening with a custom installroot on an otherwise read-only system. The _is_bootc_host function only checks the permissions of /usr.

@jan-kolarik jan-kolarik self-assigned this Aug 22, 2024
@ppisar
Copy link
Contributor Author

ppisar commented Aug 22, 2024

The reason why I added a check for self.conf.installroot writability is that dnf --instalroot /usr/myroot on read-only bootc system would not fail with the new "Error: system is configured to be read-only" message.

However, even my currently proposed code does not cover this case because the check happens too late, before confirming a transaction but after DNF attempting to update repositories and computing the transaction; DNF still reports:

# dnf --installroot /usr/foo install bash
error: cannot open Packages database in /usr/foo/usr/share/rpm
Error: Error: rpmdb open failed

@travier, you are right that the new or not os.access(self.conf.installroot, os.W_OK) clause is useless here.

Even if we moved the check before updating the repositories, it wouldn't catch all cases: E.g. "dnf --installroot /opt/foo" wouldn't work because /opt is not made writable by "bootc usr-overlay".

I guess we need to admit that we cannot cover all cases and if the user is smart enough to use --installroot option, he's also smart enough to diagnose why DNF cannot write. (Why librpm does report "read-only filesystem" properly is another issue.)

I will remove the clause and keep it as dnf.util._is_bootc_host() and os.path.realpath(self.conf.installroot) == "/" to unblock the use case of --installroot.

Some people use --installroot on a read-only bootc system to install
a system into a chroot subtree. However, current bootc check did not
take into account --installroot and rejected the operation.

This patch augments the check for the installroot being different
from /.

It's pointless to check for installroot writability here because
installroot is written before this check when updating the
repositories and computing a transaction. Moving this check sooner
would not help because some directories (/opt, /) are kept read-only
even on writable bootc.

Resolves: rpm-software-management#2108
@ppisar ppisar force-pushed the bootc_installroot branch from ea79cd8 to da2dfa7 Compare August 22, 2024 07:46
@jan-kolarik
Copy link
Member

The reason why I added a check for self.conf.installroot writability is that dnf --instalroot /usr/myroot on read-only bootc system would not fail with the new "Error: system is configured to be read-only" message.

However, even my currently proposed code does not cover this case because the check happens too late, before confirming a transaction but after DNF attempting to update repositories and computing the transaction; DNF still reports:

# dnf --installroot /usr/foo install bash
error: cannot open Packages database in /usr/foo/usr/share/rpm
Error: Error: rpmdb open failed

@travier, you are right that the new or not os.access(self.conf.installroot, os.W_OK) clause is useless here.

Even if we moved the check before updating the repositories, it wouldn't catch all cases: E.g. "dnf --installroot /opt/foo" wouldn't work because /opt is not made writable by "bootc usr-overlay".

I guess we need to admit that we cannot cover all cases and if the user is smart enough to use --installroot option, he's also smart enough to diagnose why DNF cannot write. (Why librpm does report "read-only filesystem" properly is another issue.)

I will remove the clause and keep it as dnf.util._is_bootc_host() and os.path.realpath(self.conf.installroot) == "/" to unblock the use case of --installroot.

OK, thanks for the explanation.

@jan-kolarik jan-kolarik merged commit a1aa8d0 into rpm-software-management:master Aug 22, 2024
5 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

dnf always fails when used with ostree based systems instead of warning.
4 participants