Merge pull request #1063 from omertuc/reinstallcli

cli: add `system-reinstall-bootc` binary

Author: cgwalters

Cargo.lock

@@ -1,6 +1,7 @@
 [workspace]
 members = [
     "cli",
+    "system-reinstall-bootc",
     "lib",
     "ostree-ext",
     "utils",

Cargo.toml

@@ -9,6 +9,7 @@ all:
 
 install:
 	install -D -m 0755 -t $(DESTDIR)$(prefix)/bin target/release/bootc
+	install -D -m 0755 -t $(DESTDIR)$(prefix)/bin target/release/system-reinstall-bootc
 	install -d -m 0755 $(DESTDIR)$(prefix)/lib/bootc/bound-images.d
 	install -d -m 0755 $(DESTDIR)$(prefix)/lib/bootc/kargs.d
 	ln -s /sysroot/ostree/bootc/storage $(DESTDIR)$(prefix)/lib/bootc/storage

Makefile

@@ -10,19 +10,16 @@ default-run = "bootc"
 
 # See https://github.com/coreos/cargo-vendor-filterer
 [package.metadata.vendor-filter]
-# This list of platforms is not intended to be exclusive, feel free
-# to extend it.  But missing a platform will only matter for the case where
-# a dependent crate is *only* built on that platform.
-platforms = ["x86_64-unknown-linux-gnu", "aarch64-unknown-linux-gnu", "powerpc64le-unknown-linux-gnu", "s390x-unknown-linux-gnu", "riscv64gc-unknown-linux-gnu"]
+# For now we only care about tier 1+2 Linux.  (In practice, it's unlikely there is a tier3-only Linux dependency)
+platforms = ["*-unknown-linux-gnu"]
 
 [dependencies]
 anyhow = { workspace = true }
 bootc-lib = { version = "1.0", path = "../lib" }
-clap = { workspace = true }
+bootc-utils = { path = "../utils" }
 tokio = { workspace = true, features = ["macros"] }
 log = "0.4.21"
 tracing = { workspace = true }
-tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
 
 [lints]
 workspace = true

cli/Cargo.toml

@@ -1,25 +1,14 @@
 //! The main entrypoint for bootc, which just performs global initialization, and then
 //! calls out into the library.
-
 use anyhow::Result;
 
 /// The code called after we've done process global init and created
 /// an async runtime.
 async fn async_main() -> Result<()> {
-    // Don't include timestamps and such because they're not really useful and
-    // too verbose, and plus several log targets such as journald will already
-    // include timestamps.
-    let format = tracing_subscriber::fmt::format()
-        .without_time()
-        .with_target(false)
-        .compact();
-    // Log to stderr by default
-    tracing_subscriber::fmt()
-        .with_env_filter(tracing_subscriber::EnvFilter::from_default_env())
-        .event_format(format)
-        .with_writer(std::io::stderr)
-        .init();
-    tracing::trace!("starting");
+    bootc_utils::initialize_tracing();
+
+    tracing::trace!("starting bootc");
+
     // As you can see, the role of this file is mostly to just be a shim
     // to call into the code that lives in the internal shared library.
     bootc_lib::cli::run_from_iter(std::env::args()).await

cli/src/main.rs

@@ -62,6 +62,14 @@ Provides: ostree-cli(ostree-container)
 %description
 %{summary}
 
+%package reinstall
+Summary: Utility to reinstall the current system using bootc
+Requires: podman
+# The reinstall subpackage intentionally does not require bootc, as it pulls in many unnecessary dependencies
+
+%description reinstall
+This package provides a utility to simplify reinstalling the current system to a given bootc image.
+
 %prep
 %autosetup -p1 -a1
 # Default -v vendor config doesn't support non-crates.io deps (i.e. git)
@@ -71,12 +79,17 @@ cat vendor-config.toml >> .cargo/config.toml
 rm vendor-config.toml
 
 %build
+# Build the main bootc binary
 %if 0%{?fedora} || 0%{?rhel} >= 10
     %cargo_build %{?with_rhsm:-f rhsm}
 %else
     %cargo_build %{?with_rhsm:--features rhsm}
 %endif
 
+# Build the system reinstallation CLI binary
+%global cargo_args -p system-reinstall-bootc
+%cargo_build
+
 %cargo_vendor_manifest
 # https://pagure.io/fedora-rust/rust-packaging/issue/33
 sed -i -e '/https:\/\//d' cargo-vendor.txt
@@ -110,5 +123,8 @@ make install-ostree-hooks DESTDIR=%{?buildroot}
 %{_docdir}/bootc/*
 %{_mandir}/man*/bootc*
 
+%files reinstall
+%{_bindir}/system-reinstall-bootc
+
 %changelog
 %autochangelog

contrib/packaging/bootc.spec

@@ -0,0 +1,31 @@
+[package]
+name = "system-reinstall-bootc"
+version = "0.1.9"
+edition = "2021"
+license = "MIT OR Apache-2.0"
+repository = "https://github.com/containers/bootc"
+readme = "README.md"
+publish = false
+# For now don't bump this above what is currently shipped in RHEL9.
+rust-version = "1.75.0"
+
+# See https://github.com/coreos/cargo-vendor-filterer
+[package.metadata.vendor-filter]
+# For now we only care about tier 1+2 Linux.  (In practice, it's unlikely there is a tier3-only Linux dependency)
+platforms = ["*-unknown-linux-gnu"]
+
+[dependencies]
+anyhow = { workspace = true }
+bootc-utils = { path = "../utils" }
+clap = { workspace = true, features = ["derive"] }
+dialoguer = "0.11.0"
+log = "0.4.21"
+rustix = { workspace = true }
+serde = { workspace = true, features = ["derive"] }
+serde_json = { workspace = true }
+serde_yaml = "0.9.22"
+tracing = { workspace = true }
+uzers = "0.12.1"
+
+[lints]
+workspace = true

system-reinstall-bootc/Cargo.toml

@@ -0,0 +1,2 @@
+# The bootc container image to install
+bootc_image: quay.io/fedora/fedora-bootc:41

system-reinstall-bootc/sample_config.yaml

@@ -0,0 +1,7 @@
+use clap::Parser;
+
+#[derive(Parser)]
+pub(crate) struct Cli {
+    /// The bootc container image to install, e.g. quay.io/fedora/fedora-bootc:41
+    pub(crate) bootc_image: String,
+}

system-reinstall-bootc/src/config/cli.rs

@@ -0,0 +1,52 @@
+use anyhow::{ensure, Context, Result};
+use clap::Parser;
+use serde::{Deserialize, Serialize};
+
+mod cli;
+
+#[derive(Debug, Deserialize, Serialize)]
+#[serde(deny_unknown_fields)]
+pub(crate) struct ReinstallConfig {
+    /// The bootc image to install on the system.
+    pub(crate) bootc_image: String,
+
+    /// The raw CLI arguments that were used to invoke the program. None if the config was loaded
+    /// from a file.
+    #[serde(skip_deserializing)]
+    cli_flags: Option<Vec<String>>,
+}
+
+impl ReinstallConfig {
+    pub fn parse_from_cli(cli: cli::Cli) -> Self {
+        Self {
+            bootc_image: cli.bootc_image,
+            cli_flags: Some(std::env::args().collect::<Vec<String>>()),
+        }
+    }
+
+    pub fn load() -> Result<Self> {
+        Ok(match std::env::var("BOOTC_REINSTALL_CONFIG") {
+            Ok(config_path) => {
+                ensure_no_cli_args()?;
+
+                serde_yaml::from_slice(
+                    &std::fs::read(&config_path)
+                        .context("reading BOOTC_REINSTALL_CONFIG file {config_path}")?,
+                )
+                .context("parsing BOOTC_REINSTALL_CONFIG file {config_path}")?
+            }
+            Err(_) => ReinstallConfig::parse_from_cli(cli::Cli::parse()),
+        })
+    }
+}
+
+fn ensure_no_cli_args() -> Result<()> {
+    let num_args = std::env::args().len();
+
+    ensure!(
+        num_args == 1,
+        "BOOTC_REINSTALL_CONFIG is set, but there are {num_args} CLI arguments. BOOTC_REINSTALL_CONFIG is meant to be used with no arguments."
+    );
+
+    Ok(())
+}

system-reinstall-bootc/src/config/mod.rs

@@ -0,0 +1,47 @@
+//! The main entrypoint for the bootc system reinstallation CLI
+
+use anyhow::{ensure, Context, Result};
+use bootc_utils::CommandRunExt;
+use rustix::process::getuid;
+
+mod config;
+mod podman;
+mod prompt;
+pub(crate) mod users;
+
+const ROOT_KEY_MOUNT_POINT: &str = "/bootc_authorized_ssh_keys/root";
+
+fn run() -> Result<()> {
+    bootc_utils::initialize_tracing();
+    tracing::trace!("starting {}", env!("CARGO_PKG_NAME"));
+
+    // Rootless podman is not supported by bootc
+    ensure!(getuid().is_root(), "Must run as the root user");
+
+    let config = config::ReinstallConfig::load().context("loading config")?;
+
+    let mut reinstall_podman_command =
+        podman::command(&config.bootc_image, &prompt::get_root_key()?);
+
+    println!();
+
+    println!("Going to run command {:?}", reinstall_podman_command);
+
+    prompt::temporary_developer_protection_prompt()?;
+
+    reinstall_podman_command
+        .run_with_cmd_context()
+        .context("running reinstall command")?;
+
+    Ok(())
+}
+
+fn main() {
+    // In order to print the error in a custom format (with :#) our
+    // main simply invokes a run() where all the work is done.
+    // This code just captures any errors.
+    if let Err(e) = run() {
+        tracing::error!("{:#}", e);
+        std::process::exit(1);
+    }
+}