Skip to content

cmd-build-with-buildah: retain overrides/ API functionality #4256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 15, 2025
Merged

cmd-build-with-buildah: retain overrides/ API functionality #4256

merged 5 commits into from
Aug 15, 2025

Conversation

@jlebon
Copy link
Member

@jlebon jlebon commented Aug 13, 2025

build-rootfs in f-c-c learned a new overrides/ API that matches how it works in cosa. Use that API to proxy through the cosa workdir overrides/ dir.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Aug 13, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request correctly implements the overrides/ API functionality for cmd-build-with-buildah, aligning it with existing behavior in cosa. The change is straightforward and well-implemented. I have one suggestion to improve the robustness of the check for RPMs before creating a repository, which also improves consistency with other parts of the codebase.

@jlebon
cmd-build-with-buildah: retain overrides/ API functionality
8549db6 
`build-rootfs` in f-c-c learned a new `overrides/` API that matches
how it works in cosa. Use that API to proxy through the cosa workdir
`overrides/` dir.
@jlebon jlebon force-pushed the pr/bind-mount-overrides branch from 46898b5 to 8549db6 Compare August 13, 2025 13:25
jlebon added 4 commits August 13, 2025 15:36
@jlebon
cmd-build-with-buildah: in --direct case, tag in containers-storage
b7433b7 
Right now, it's an anonymous image, which is awkward. Just add a proper
tag for it so it can more easily be used as is.

I initially tried to just add another `-t` so buildah would output both
a containers-storage tag and an OCI archive, but buildah gets confused
by the first `-t` referring to an OCI archive:

    WARN[0001] don't know how to add tags to images stored in "oci-archive" transport

Will file an issue at some point.

While we're here, also echo the buildah command being run.
@jlebon
cmd-build-with-buildah: add --skip-prune
cf030a3 
This is used by the pipeline for some reason. We could probably rip it
out of there, but the dev case I think has value, so just add it.
@jlebon
cmd-import: fix under-indentation
cfb51ae 
My Python LSP is complaining about this.
@jlebon
cmd-sign: no-op for now when asked to sign ostree on OCI imported builds
fd727f2 
This is known to not work but let's just no-op for now here instead of
having to add conditional logic in the pipeline.
@dustymabe
Copy link
Member

dustymabe commented Aug 14, 2025

I have local overrides from the recent Ignition PoC I was doing:

[coreos-assembler]$ find overrides/rootfs
overrides/rootfs
overrides/rootfs/usr
overrides/rootfs/usr/lib
overrides/rootfs/usr/lib/systemd
overrides/rootfs/usr/lib/systemd/system
overrides/rootfs/usr/lib/systemd/system/ignition-delete-config.service
overrides/rootfs/usr/lib/dracut
overrides/rootfs/usr/lib/dracut/modules.d
overrides/rootfs/usr/lib/dracut/modules.d/30ignition
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-diskful-subsequent.target
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-fetch.service
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-complete.target
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-generator
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-files.service
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-kargs.service
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-luks.conf
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-cex
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/module-setup.sh
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-diskful.target
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-remount-sysroot.service
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-disks.service
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-subsequent.target
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-mount.service
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/99-xx-ignition-systemd-cryptsetup.rules
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-kargs-helper.sh
overrides/rootfs/usr/lib/dracut/modules.d/30ignition/ignition-fetch-offline.service
overrides/rootfs/usr/libexec
overrides/rootfs/usr/libexec/ignition-rmcfg
overrides/rootfs/usr/libexec/ignition-apply
overrides/rootfs/usr/bin
overrides/rootfs/usr/bin/ignition-validate

Which seems to hit an error when building:

dracut[I]: *** Creating initramfs image file '/tmp/initramfs.img' done ***
Executing: 01-var.sh
rootfs: /target-rootfs/rootfs
Found unhandled xattrs in files: 146
  "security.selinux\0"
Checks passed: 12
Checks skipped: 1
Injecting rootfs override
Traceback (most recent call last):
  File "/run/src/build-rootfs", line 431, in <module>
    sys.exit(main())
             ~~~~^^
  File "/run/src/build-rootfs", line 55, in main
    inject_rootfs_override(target_rootfs)
    ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
  File "/run/src/build-rootfs", line 358, in inject_rootfs_override
    shutil.copytree(rootfs_override, rootfs, symlinks=True, dirs_exist_ok=True)
    ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.13/shutil.py", line 593, in copytree
    return _copytree(entries=entries, src=src, dst=dst, symlinks=symlinks,
                     ignore=ignore, copy_function=copy_function,
                     ignore_dangling_symlinks=ignore_dangling_symlinks,
                     dirs_exist_ok=dirs_exist_ok)
  File "/usr/lib64/python3.13/shutil.py", line 547, in _copytree
    raise Error(errors)
shutil.Error: [('/run/src/overrides/rootfs/usr/libexec/ignition-rmcfg', '/target-rootfs/usr/libexec/ignition-rmcfg', "[Errno 17] File exists: '../lib/dracut/modules.d/30ignition/ignition' -> '/target-rootfs/usr/libexec/ignition-rmcfg'"), ('/run/src/overrides/rootfs/usr/libexec/ignition-apply', '/target-rootfs/usr/libexec/ignition-apply', "[Errno 17] File exists: '../lib/dracut/modules.d/30ignition/ignition' -> '/target-rootfs/usr/libexec/ignition-apply'")]
Error: building at STEP "RUN --mount=type=cache,rw,id=coreos-build-cache,target=/cache --mount=type=secret,id=yumrepos,target=/etc/yum.repos.d/secret.repo --mount=type=secret,id=contentsets --mount=type=bind,target=/run/src /run/src/build-rootfs "${MANIFEST}" "${VERSION}" /target-rootfs": while running runtime: exit status 1
failed to execute cmd-build: exit status 1

@dustymabe
Copy link
Member

dustymabe commented Aug 15, 2025

I ran with the updates from

and everything worked great!

@jlebon jlebon merged commit 476dfc1 into coreos:main Aug 15, 2025
5 of 6 checks passed
@jlebon jlebon deleted the pr/bind-mount-overrides branch August 15, 2025 13:04
@jlebon jlebon mentioned this pull request Aug 14, 2025
Closed
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dustymabe dustymabe dustymabe approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jlebon @dustymabe