-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Merge osbuildbootc into here, use osbuild/images PR #5
Conversation
- Take the code from https://github.com/achilleas-k/images/tree/bifrost-image/cmd/osbuild-deploy-container and merge it into this repository, using the code from osbuild/images#243 as a `replace` - Also merge in osbuildbootc
|
Do we still need this PR? The Go code is already here. I'm not sure about the VM-related code - it adds more user-facing surface and complexity. Do we actually have any users who need this? |
Yes, though the use of
This is a good question. It's a tricky topic. My 90% day to day development environment does not involve root on host Linux system - I live in toolbox containers and launch unprivileged VMs (for both building disk images and testing). My host is only partially trivially reprovisionable (have some "pet" like aspects still) and on general principle I like to isolate root-privileged code. Now, for cases like podman-desktop on Mac/Windows, it's the opposite; the Linux VM is (usually) ephemeral/reprovisionable and is already in a VM; we don't want to do nested virtualization. I think where this problem becomes more real is the same problem around a flow that unifies "build" and "run"...we've had this discussion in many places. That problem is currently left on the floor for the podman-desktop flow (but there's some active discussions around reusing the podman-desktop VM code for these images). If I'm on a Linux host, it would make sense to me to still support a fully unprivileged (modulo Anyways I'm fine to close this; we're already tracking the bootc install in the other issue, I can file a distinct one for the question of running this project unprivileged. In the short term I'm OK running privileged. |
and merge it into this repository, using the code from Add support for building images from ostree containers and the Fedora CoreOS qcow2 image type images#243
as a
replace
OK this was all pretty straightforward until I hit:
So I think we're going to need to figure that stuff out right?