Kernel-install integration with dnf and rpm-ostree coming to bootc images

jmarrero · January 24, 2025, 5:21pm

With the release of Fedora 41, dnf can be used on Container builds to install packages in image mode build as most of us are accustomed to in package mode Fedora. However installing, upgrading or downgrading kernels could only still be managed with rpm-ostree.

With rpm-ostree 2025.2 this changes! This release of rpm-ostree provides kernel-install integration. A image mode container with rpm-ostree 2025.2 and a couple of configuration files will allow admins and power users to use DNF to manage their Kernel.

Today you can try the official bootc rawhide image: quay.io/fedora/fedora-bootc:rawhide which has the config files added on: tier-0: add kernel-install integration config (!62) · Merge requests · fedora / bootc / Base Images · GitLab

and the latest rpm-ostree which includes these PRs:

github.com/coreos/rpm-ostree

kernel-install: integration

coreos:main ← jmarrero:override-replace-kernel

opened 05:27PM - 22 Oct 24 UTC

jmarrero

+295 -57

incorporates #5097 closes: https://github.com/coreos/rpm-ostree/issues/4726 … This will pair with: https://gitlab.com/fedora/bootc/base-images/-/merge_requests/62 which makes the integration work. This builds and works on the following Containerfile. Need to figure out how to properly deal with the commented out code still. ``` FROM $image RUN curl -O -L -k https://kojipkgs.fedoraproject.org//packages/kernel/6.12.0/0.rc1.20241005git27cc6fdf7201.22.fc42/x86_64/kernel-6.12.0-0.rc1.20241005git27cc6fdf7201.22.fc42.x86_64.rpm && \ curl -O -L -k https://kojipkgs.fedoraproject.org//packages/kernel/6.12.0/0.rc1.20241005git27cc6fdf7201.22.fc42/x86_64/kernel-core-6.12.0-0.rc1.20241005git27cc6fdf7201.22.fc42.x86_64.rpm && \ curl -O -L -k https://kojipkgs.fedoraproject.org//packages/kernel/6.12.0/0.rc1.20241005git27cc6fdf7201.22.fc42/x86_64/kernel-modules-6.12.0-0.rc1.20241005git27cc6fdf7201.22.fc42.x86_64.rpm && \ curl -O -L -k https://kojipkgs.fedoraproject.org//packages/kernel/6.12.0/0.rc1.20241005git27cc6fdf7201.22.fc42/x86_64/kernel-modules-core-6.12.0-0.rc1.20241005git27cc6fdf7201.22.fc42.x86_64.rpm && \ curl -O -L -k https://kojipkgs.fedoraproject.org//packages/kernel/6.12.0/0.rc1.20241005git27cc6fdf7201.22.fc42/x86_64/kernel-modules-extra-6.12.0-0.rc1.20241005git27cc6fdf7201.22.fc42.x86_64.rpm ADD target/debug/rpm-ostree /usr/bin/rpm-ostree RUN dnf install -y /kernel* ```

github.com/coreos/rpm-ostree

core/cliwrap: Fix is_ostree_layout() in unit tests

coreos:main ← cgwalters:unit-fix

opened 09:37PM - 22 Jan 25 UTC

cgwalters

+58 -18

The `is_ostree_layout()` function parsed the real root filesystem. But we starte…d using it in *unit tests* which creates unpredictable behavior. The unit test for the core script wrapping was failing for me, and digging in I don't see how it could have ever passed. I don't think we're actually running the Rust tests in CI...need to dig into that. - Change `is_ostree_layout` to take a cap-std root - Add a unit test for it alone - Change all users to pass the rootfs - Fix the `undo()` method to undo the kernel-install wrapping correctly With this the unit test passes again, and we shouldn't have any behavior which depends on the development root.

If we don’t find any significant issues, this should also be enabled in the bootc fedora 41 images in the next week or so.

In case members of the community want to test on your own Fedora 41 environments you can apply the rpm-ostree upgrade:

https://bodhi.fedoraproject.org/updates/FEDORA-2025-95492f42d2

and

the config changes shown in:

I also have built a custom image quay.io/jmarrero_rh/fedora-bootc:kernel-install-41 that includes the changes that you can use to test while the official Fedora-bootc:41 is updated.

Once the fedora-bootc 41 image has been updated I will remove my custom one.

An example of a Containerfile using this feature is a simple as:


FROM quay.io/jmarrero_rh/fedora-bootc:kernel-install-41

RUN sudo dnf -y upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-2d3a101e1b

Please report any issues in https://github.com/coreos/rpm-ostree/issues

siosm · January 24, 2025, 5:40pm

FYI, we are still investigating a potential issue with this feature in kernel-install: integration by jmarrero · Pull Request #5135 · coreos/rpm-ostree · GitHub. It will be enabled in Rawhide for the Atomic Desktops once this is cleared up and we’ve merged: PR#608: common: Add kernel-install integration config - workstation-ostree-config - Pagure.io.

walters · January 24, 2025, 5:43pm

Is that the same issue discussed here kernel-install: integration by jmarrero · Pull Request #5135 · coreos/rpm-ostree · GitHub ? If so it’s fixed in Release v2025.2 · coreos/rpm-ostree · GitHub (using that at build time).

hricky · January 25, 2025, 12:13am

I tested quay.io/jmarrero_rh/fedora-bootc:kernel-install-41 with the kernel-6.12.11-200.fc41. Then I noticed that the installed version was rpm-ostree-2025.1-1.fc41.x86_64. I created an image from quay.io/jmarrero_rh/fedora-bootc:kernel-install-41 with rpm-ostree-2025.2-1.fc41.x86_64 and tested the kernel-6.12.11-200.fc41 again. At least on my side, both versions rpm-ostree-2025.1-1.fc41.x86_64 and rpm-ostree-2025.2-1.fc41.x86_64 were able to upgrade the kernel.

siosm · January 27, 2025, 10:09am

Looks like all concerns in kernel-install: integration by jmarrero · Pull Request #5135 · coreos/rpm-ostree · GitHub are resolved. Thanks!

jmarrero · January 27, 2025, 12:19pm

We are investigating: 2342078 – dnf errors relating to kernel-install when updating kernel, rpm-ostree-2025.2-1 is installed which seems to affect some package based systems at boot time. Which might delay this a bit.

walters · February 3, 2025, 2:25pm

In a nutshell if you want to test this in a bootc image, you need:

rpm-ostree v2025.4 Release v2025.4 · coreos/rpm-ostree · GitHub
layout=ostree in /usr/lib/kernel/install.conf`

For example, starting from a CentOS Stream 9 image:

FROM quay.io/centos-bootc/centos-bootc:stream9

RUN <<EORUN
set -xeuo pipefail
arch=$(arch)
dnf -y upgrade https://composes.stream.centos.org/development/CentOS-Stream-9-20250203.d.0/compose/AppStream/${arch}/os/Packages/rpm-ostree-{,libs-}2025.4-1.el9.${arch}.rpm
if ! grep -q layout=ostree /usr/lib/kernel/install.conf; then
  echo layout=ostree >> /usr/lib/kernel/install.conf
fi

# Replace the kernel here
dnf -y upgrade kernel 

ls -ald /usr/lib/modules/*

dnf clean all
bootc container lint
EORUN

hricky · February 3, 2025, 7:31pm

In addition to CentOS Stream 9, I also tested the following Containerfile for Fedora 41.

FROM quay.io/fedora/fedora-bootc:41

RUN <<EORUN
set -xeuo pipefail
# rpm-ostree-2025.4-2.fc41
dnf -y upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-4c48f77d75
if ! grep -q layout=ostree /usr/lib/kernel/install.conf; then
  echo layout=ostree >> /usr/lib/kernel/install.conf
fi

# Replace the kernel here
# kernel-6.12.12-200.fc41
dnf -y upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-d00af34217

ls -ald /usr/lib/modules/*

dnf clean all
bootc container lint
EORUN

Both images build successfully and boots in VM.

Topic		Replies	Views
F41 Change Proposal: DNF and bootc in Image Mode Fedora variants (system wide) Change Proposals fesco , f41	17	1370	October 30, 2024
Questions about bootc and rpm-ostree Ask Fedora rpm-ostree , bootc	13	702	November 5, 2024
Can I install DNF on Kinoite? Ask Fedora kinoite	4	248	November 15, 2024
Upgraded to Fedora Silverblue 41, but my system doesn't have bootc or DNF installed Ask Fedora upgrades , dnf , silverblue , f41 , bootc	2	235	November 13, 2024
What makes rpm-ostree special? Ask Fedora rpm-ostree	3	11764	May 8, 2024

Kernel-install integration with dnf and rpm-ostree coming to bootc images

Related topics