install: Add discoverable-partitions config option#2123
Open
cgwalters wants to merge 3 commits intobootc-dev:mainfrom
Open
install: Add discoverable-partitions config option#2123cgwalters wants to merge 3 commits intobootc-dev:mainfrom
cgwalters wants to merge 3 commits intobootc-dev:mainfrom
Conversation
The upgrade test image (localhost/bootc-upgrade) was previously a simple one-layer addition on top of localhost/bootc that did not go through the sealing pipeline. This meant sealed composefs builds could not properly test upgrades, since the upgrade image lacked a signed UKI with the correct composefs digest. Rework Dockerfile.upgrade into a multi-stage build that mirrors the main Dockerfile sealing flow: when boot_type=uki, it computes the composefs digest of the upgrade rootfs, generates and optionally signs a UKI via seal-uki, and finalizes it with finalize-uki. For non-UKI builds, the extra stages are effectively no-ops and the image remains a simple derived layer. Update _build-upgrade-image in the Justfile to pass the required build arguments (boot_type, seal_state, filesystem) and build secrets (secureboot keys). Extra container capabilities (CAP_ALL, fuse device) are only added for UKI builds that need composefs support. Assisted-by: OpenCode (claude-opus-4) Signed-off-by: Colin Walters <walters@verbum.org>
The goal is ensuring we have upgrade coverage also for sealed UKIs; most of the other update code paths (because tmt doesn't make it easy to have a registry) do on-machine synthetic updates. Assisted-by: OpenCode (claude-opus-4) Signed-off-by: Colin Walters <walters@verbum.org>
github-actions
bot
added
area/install
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces support for the Discoverable Partitions Specification (DPS) for root partition discovery. It adds a new discoverable-partitions configuration option that, when enabled, omits the root= kernel argument, allowing systemd-gpt-auto-generator to locate the root partition via its DPS type GUID. This feature is enabled by default for systemd-boot and can be configured for GRUB builds that include the Boot Loader Interface (BLI) module. Feedback was provided regarding the use of println! for logging within library code, suggesting a transition to the tracing crate for better consistency with the rest of the codebase.
Right now we default to DPS for composefs + systemd-boot. In Fedora 43+, GRUB has the `bli` module and supports this, so it *can* be used there. Make this configurable (mainly intended for base image builders) so that those with new enough GRUB can flip it on by default. We had a hacky thing here that removed the auto-injected `root=` arg if we detected composefs + sdboot; that can now instead flip on this flag, and then we ensure we don't inject it at all. Assisted-by: OpenCode (Claude Opus 4) Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
force-pushed
the
topic/bli-detection
branch
from
f4cddb4 to
cb07c2e
Compare
Contributor
|
looks like the CI failures here are the merge conflict. |
jmarrero
approved these changes
Apr 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Right now we default to DPS for composefs + systemd-boot.
In Fedora 43+, GRUB has the
blimodule and supports this, so it can be used there.Make this configurable (mainly intended for base image builders) so that those with new enough GRUB can flip it on by default.
We had a hacky thing here that removed the auto-injected
root=arg if we detected composefs + sdboot; that can now instead flip on this flag, and then we ensure we don't inject it at all.Assisted-by: OpenCode (Claude Opus 4)