From 9eebda09177bfbfe01d3bb033528cbae92194e11 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 22 Jan 2026 10:40:34 -0500 Subject: [PATCH 1/2] docs: Move composefs tracking from issue #1190 to docs The composefs backend implementation has largely landed. Consolidate tracking of known issues into the docs, categorized by severity: - Deployment blockers: GC, SELinux enforcing=0, OCI registry install - Important: Sealed image build UX, kargs.d support - Long-term: Unified storage, UKI/systemd-boot improvements This allows closing the original tracking issue #1190. Assisted-by: OpenCode (Claude Sonnet 4) Signed-off-by: Colin Walters --- docs/src/experimental-composefs.md | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/docs/src/experimental-composefs.md b/docs/src/experimental-composefs.md index 7e3dd8dba..642047eff 100644 --- a/docs/src/experimental-composefs.md +++ b/docs/src/experimental-composefs.md @@ -3,8 +3,6 @@ Experimental features are subject to change or removal. Please do provide feedback on them. -Tracking issue: - ## Overview The composefs backend is an experimental alternative storage backend that uses [composefs-rs](https://github.com/containers/composefs-rs) instead of ostree for storing and managing bootc system deployments. @@ -140,21 +138,24 @@ To use sealed images, the container image must have a UKI and systemd-boot insta There is a `--composefs-backend` option for `bootc install` to explicitly select a composefs backend apart from sealed images; this is not as heavily tested yet. -## Current Limitations +## Known Issues + +The composefs backend is experimental; on-disk formats are subject to change. + +### Deployment blockers + +- [Garbage collection](https://github.com/containers/composefs-rs/pull/200): Old deployments are not cleaned up +- [SELinux enforcement](https://github.com/bootc-dev/bootc/issues/1826): Currently requires `enforcing=0` +- [OCI registry install](https://github.com/bootc-dev/bootc/issues/1703): Installing from registry can fail due to config mismatch + +### Important -- **Experimental**: The on-disk formats are subject to change -- **UX refinement**: The user experience for building and managing sealed images is still being improved -- **SELinux**: Currently uses `enforcing=0` in the kernel command line (see [#1826](https://github.com/bootc-dev/bootc/issues/1826)) -- **kargs.d**: Custom kernel arguments from `/usr/lib/bootc/kargs.d` are not yet automatically included in sealed UKIs +- [Sealed image build UX](https://github.com/bootc-dev/bootc/issues/1498): Streamlined tooling for building sealed images +- **kargs.d**: Custom kernel arguments from `/usr/lib/bootc/kargs.d` not yet included in sealed UKIs -## Related Issues +### Long-term -- [#1190](https://github.com/bootc-dev/bootc/issues/1190) - composefs-native backend (main tracker) -- [#1498](https://github.com/bootc-dev/bootc/issues/1498) - Sealed image build UX + implementation -- [#1703](https://github.com/bootc-dev/bootc/issues/1703) - OCI config mismatch issues -- [#1826](https://github.com/bootc-dev/bootc/issues/1826) - SELinux enforcement with composefs -- [#20](https://github.com/bootc-dev/bootc/issues/20) - Unified storage (long-term goal) -- [#806](https://github.com/bootc-dev/bootc/issues/806) - UKI/systemd-boot tracker +- [Unified storage](https://github.com/bootc-dev/bootc/issues/20) ## Additional Resources From fd5da70ddfea81d4d2f7f35529a5b1b3cec6ac66 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 22 Jan 2026 13:00:17 -0500 Subject: [PATCH 2/2] docs/composefs: Keep vmlinuz kernel+initramfs setup for now We need some work in e.g. bcvk among others to have this work. Closes: https://github.com/bootc-dev/bootc/issues/1940 Signed-off-by: Colin Walters --- docs/src/experimental-composefs.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/src/experimental-composefs.md b/docs/src/experimental-composefs.md index 642047eff..2d450ccc5 100644 --- a/docs/src/experimental-composefs.md +++ b/docs/src/experimental-composefs.md @@ -82,8 +82,6 @@ EORUN # Final image: copy the sealed UKI into place FROM rootfs COPY --from=sealed-uki /out/*.efi /boot/EFI/Linux/ -# Remove raw kernel/initramfs (now embedded in UKI) -RUN rm -f /usr/lib/modules/*/vmlinuz /usr/lib/modules/*/initramfs.img ``` This pattern works because: