Commits on Jul 25, 2023

1. prepare-root: Introduce ostree/prepare-root.conf …

   Using the repository configuration for configuration of this
   program was always a bit hacky.
   
   But actually with composefs, we really must validate
   the target root *before* we parse anything in it.
   
   Let's add a config file for `ostree-prepare-root` that can live
   in the initramfs, which will already have been verified.
   
   In the future we'll also add configuration for composefs here.
   
   We expect OS builders to drop this in `/usr/lib/ostree/prepare-root.conf`,
   but system local configuration can live in `/etc`.

   

   cgwalters committed Jul 25, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 22b8e4f
   • Browse repository at this point

   Copy the full SHA

   22b8e4f View commit details

   Browse the repository at this point in the history

2. prepare-root: Default sysroot.readonly=true if composefs …

   Not because it's logically required or anything, but because
   it's just a good idea.

   

   cgwalters committed Jul 25, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 83d37d6
   • Browse repository at this point

   Copy the full SHA

   83d37d6 View commit details

   Browse the repository at this point in the history

3. prepare-root: Don't parse target root when composefs enabled …

   We shouldn't load anything from the target root filesystem *before*
   verifying its integrity if composefs is enabled.
   
   In effect, we want to force composefs users to migrate to
   `/usr/lib/ostree/prepare-root.conf` which lives in the initramfs.
   (But because we enable sysroot.readonly=true if composefs is enabled
    too, they don't actually need to)

   

   cgwalters committed Jul 25, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 3465626
   • Browse repository at this point

   Copy the full SHA

   3465626 View commit details

   Browse the repository at this point in the history