[pull] main from bootc-dev:main#130
Merged
Merged
Conversation
Add a method in BLSConfig and Grub Menuconfig to get the boot artifact name, i.e. get the name of the UKI or the name of the directory containing the Kernel + Initrd. The names are stripped of all our custom prefixes and suffixes, so basically they return the verity digest part of the name. This is useful for GC-ing Kernel + Initrd that are shared among multiple deployments since we can't rely on the composefs= parameter in the options as the cmdline verity digest might be different than the verity digest of the shared Kernel + Initrd. Tests written by Claude Code (Opus) Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Instead of looking in the ".origin" files and trying to match the boot_digest to digests in other origin files, we now simply re-compute the sha256sum for vmlinuz + initrd for all boot entries present. This fixes the bug that arises after mutiple upgrades where the original deployment that created the boot entry has been garbage collected, so we end up linking to another deployment that does have the same boot digest, but the verity digest doesn't match the verity digest used for the name of the directory where we store the kernel + initrd pair. Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
This fixes a bug where a shared Type1 entry would get GCd even when it's in use due to the original image that created it being deleted. Combined with the fact that we were comparing the fsverity digest in the options field of the BLS config (which will be different than the name of the directory containing the vmlinuz + initrd pair). Now, we compare against the directory name when GC-ing boot binaries Fixes: #2102 Also, remove `allow(dead_code)` from BLS and Grub Menuconfig parsers as now we use `boot_artifact_name` method Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Add a test to make sure we do not GC shared Type1 entries when they're still referenced Remove openh264 from repos to speed up installs Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Skip in TMT test to avoid duplicate with downstream Signed-off-by: Xiaofeng Wang <henrywangxf@me.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )