Rebasing from container registry

jaydoubleu · December 20, 2021, 1:47am

Hi,
I’ve built the F35 silverblue image from Overview - workstation-ostree-config - Pagure.io and encapsulated it into a image on remote registry by following guide from here (ostree native containers - coreos/rpm-ostree *with few workarounds to make it work)

Now I’m trying to rebase to it however I’m getting error below:

sudo rpm-ostree rebase --experimental ostree-unverified-registry:ghcr.io/jaydoubleu/fedora-silverblue:35
Pulling manifest: ostree-unverified-image:docker://ghcr.io/jaydoubleu/fedora-silverblue:35
Importing: ostree-unverified-image:docker://ghcr.io/jaydoubleu/fedora-silverblue:35 (digest: sha256:8fe2fb95918e79dacc0f897796191bc10c46465c429506bba7be9e235b6f2e48)
Downloading base layer: sha256:dc444873f5210b52d6c17ab7443ea44e28e2fb7855147b1ec798e251dcaaacd8 (3.9 GB)
error: remote error: write |1: broken pipe

Update. I’ve installed the rpm-ostree 2021.14.79.ga30dec3f-1.fc35

And with that version I’m getting a little bit more descriptive error:

Pulling manifest: ostree-unverified-image:docker://ghcr.io/jaydoubleu/fedora-silverblue:35
Importing: ostree-unverified-image:docker://ghcr.io/jaydoubleu/fedora-silverblue:35 (digest: sha256:8fe2fb95918e79dacc0f897796191bc10c46465c429506bba7be9e235b6f2e48)
Downloading base layer: sha256:dc444873f5210b52d6c17ab7443ea44e28e2fb7855147b1ec798e251dcaaacd8 (3.9 GB)
error: Parsing blob sha256:dc444873f5210b52d6c17ab7443ea44e28e2fb7855147b1ec798e251dcaaacd8: numeric field was not a number:  when getting size for sysroot/ostree/repo/objects/6f/37999371e8a0508366a1334570e73058cce92e6cf9e182ff1b0c3c134f693d.file

I’m able to pull that image using podman and run container from it but rpm-ostree seems to always pull from remote instead of trying to use locally stored image. Also it doesnt seem to take oci images as argument (I converted that image to oci using skopeo to see if it makes any difference)

I’m building this from within docker on github actions so I’m not sure if there is something wrong with composing part or perhaps the image is way to big for this to work ( I understand there is work in progress to fix the large imageproblem)

Github action build log Silverblue - F35 · JayDoubleu/custom-silverblue@9f04d83 · GitHub

Any help/tips would be appreciated.

jaydoubleu · December 20, 2021, 1:29pm

I’ve also tried encapsulating and pushing from normal silverblue installation with rpm-ostree ex-container encapsulate --repo=/ostree/repo fedora/35/x86_64/silverblue docker://ghcr.io/jaydoubleu/fedora-silverblue:35 and rebasing to it returns the same error so I don’t think this is related to the build/compose process in docker.

I’ve also tried to rebase from rawhide VM and replacing the rpm-ostree on the VM (where I want to rebase from) to 2021.14.82.g9095e846-1.fc36 with the same error.

walters · December 21, 2021, 3:19pm

Thanks for the report! I’ve reproduced the failure and verified it’s fixed by tar/export: Correctly set size and entry type for denormal links by cgwalters · Pull Request #195 · ostreedev/ostree-rs-ext · GitHub

Note that right now, the storage for the OS and containers is disjoint. See e.g. https://github.com/containers/image/pull/1084#issuecomment-829576636

jaydoubleu · December 21, 2021, 3:26pm

Thanks for looking at this Colin.

Do I understand correctly that once this is merged I will be able to pick rpm-ostree from git and issue will go away ( as it’s happening at the export time ) rather than having to upgrade rpm-ostree on client machine where I am trying to rebase it from ?

Also, would you be able to provide some information on running rpm-ostree from within the container ( on ostree produced image). I noticed that your demo fcos container is able of running rpm-ostree commands inside it ( therefore allowing to layer extra packages). While when I’m trying to do this on silverblue generated image it’s not allowing me due to it being ran from container.

Do I need to perform some configuration changes or this is a feature which is not yet available in rpm-ostree present in silverblue ?

podman run -it ghcr.io/jaydoubleu/fedora-silverblue:35 /bin/bash
bash-5.1# rpm -q rpm-ostree
rpm-ostree-2021.14-2.fc35.x86_64
bash-5.1# rpm-ostree install zip
error: This system was not booted via libostree; found $container=podman environment variable.
rpm-ostree is designed to manage host systems, not containers.

podman run -it quay.io/cgwalters/fcos /bin/bash
bash-5.1# rpm -q rpm-ostree
rpm-ostree-2021.14-2.fc35.x86_64
bash-5.1# rpm-ostree install zip 
Downloading metadata...
Downloading metadata...
Downloading metadata...
Downloading metadata...
Downloading metadata...
Downloading metadata...
Package                                                                                                              Repository                                    Size
Installing:                                                                                                                                                            
 unzip-6.0-53.fc35.x86_64                                                                                            fedora                             182.8\xc2\xa0kB
 zip-3.0-31.fc35.x86_64                                                                                              fedora                             263.1\xc2\xa0kB
Transaction Summary:
 Installing:        2 packages
 Reinstalling:      0 packages
 Upgrading:         0 packages
 Obsoleting:        0 packages
 Removing:          0 packages
 Downgrading:       0 packages
Downloading packages...
Running transaction test...
Installing: unzip;6.0-53.fc35;x86_64;fedora
Installing: zip;3.0-31.fc35;x86_64;fedora
Complete.

walters · December 21, 2021, 6:41pm

Right, a new build should happen in the continuous copr by today that includes that ostree-ext fix.

That’s being actively worked on, see Dockerfile: use rpm-ostree to install strace by jmarrero · Pull Request #1 · coreos/layering-examples · GitHub

Unlike the above, this requires a new rpm-ostree inside the container, and right now it requires explicitly adding microdnf into the base image too.

So this is all being actively developed - thanks for trying things out!

jaydoubleu · December 21, 2021, 11:12pm

Thanks for the tips. When I saw this feature being worked on I immediately knew it’s going to start a whole ostree cambrian explosion so I just can’t keep my hands off trying it out early

I just tried rebuilding and rebasing it again from using rpm-ostree from this build https://download.copr.fedorainfracloud.org/results/%40CoreOS/continuous/fedora-35-x86_64/03070885-rpm-ostree/ but no luck.

I’m getting the same error, I’ve replaced rpm-ostree within the build container as well as on the host where I was trying to rebase from.

I’ll try again tomorrow in case if changes weren’t included in that build.

Thanks for letting me !

Update:
So I’ve ran it again with rpm-ostree-2021.14.94.g0b1783c0-1.fc35.x86_64.rpm but still no difference and produces the same error but that’s fine. I’ll check it out again after new year

PS. the microdnf trick works like a charm