From 853f58323f13101f34330eca1916b02aa78c0f12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Wed, 27 Jul 2022 19:56:30 +0200
Subject: [PATCH] rpm-ostree: Setup readonly sysroot for ostree & rw karg

- Enable read only sysroot in the ostree repo config.
- Add `rw` to the kernel arguments to keep statefull parts of the system
  (/var & /etc) writable.
- Update units tests to account for the new rw karg

(cherry-picked from a commit 0e00c90882)

Related: RHEL-2250
---
 .../payloads/payload/rpm_ostree/installation.py   | 15 ++++++++++++++-
 .../payloads/payload/test_rpm_ostree_tasks.py     |  4 ++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/pyanaconda/modules/payloads/payload/rpm_ostree/installation.py b/pyanaconda/modules/payloads/payload/rpm_ostree/installation.py
index d995a4d8353..e4a06721850 100644
--- a/pyanaconda/modules/payloads/payload/rpm_ostree/installation.py
+++ b/pyanaconda/modules/payloads/payload/rpm_ostree/installation.py
@@ -456,6 +456,8 @@ def _set_kargs(self):
         if root_data.type == "btrfs subvolume":
             set_kargs_args.append("rootflags=subvol=" + root_name)
 
+        set_kargs_args.append("rw")
+
         safe_exec_with_redirect("ostree", set_kargs_args, root=self._sysroot)
 
 
@@ -515,7 +517,18 @@ def run(self):
                  self._data.remote + ':' + ref]
             )
 
-        log.info("ostree deploy complete")
+        log.info("ostree config set sysroot.readonly true")
+
+        safe_exec_with_redirect(
+            "ostree",
+            ["config",
+             "--repo=" + self._sysroot + "/ostree/repo",
+             "set",
+             "sysroot.readonly",
+             "true"]
+        )
+
+        log.info("ostree admin deploy complete")
         self.report_progress(_("Deployment complete: {}").format(ref))
 
 
diff --git a/tests/unit_tests/pyanaconda_tests/modules/payloads/payload/test_rpm_ostree_tasks.py b/tests/unit_tests/pyanaconda_tests/modules/payloads/payload/test_rpm_ostree_tasks.py
index 862f6c1f640..ec9b9926015 100644
--- a/tests/unit_tests/pyanaconda_tests/modules/payloads/payload/test_rpm_ostree_tasks.py
+++ b/tests/unit_tests/pyanaconda_tests/modules/payloads/payload/test_rpm_ostree_tasks.py
@@ -625,7 +625,7 @@ def test_btrfs_run(self, devdata_mock, storage_mock, symlink_mock, rename_mock,
             exec_mock.assert_called_once_with(
                 "ostree",
                 ["admin", "instutil", "set-kargs", "BOOTLOADER-ARGS", "root=FSTAB-SPEC",
-                 "rootflags=subvol=device-name"],
+                 "rootflags=subvol=device-name", "rw"],
                 root=sysroot
             )
 
@@ -661,7 +661,7 @@ def test_nonbtrfs_run(self, devdata_mock, storage_mock, symlink_mock, rename_moc
             )
             exec_mock.assert_called_once_with(
                 "ostree",
-                ["admin", "instutil", "set-kargs", "BOOTLOADER-ARGS", "root=FSTAB-SPEC"],
+                ["admin", "instutil", "set-kargs", "BOOTLOADER-ARGS", "root=FSTAB-SPEC", "rw"],
                 root=sysroot
             )